Requirements for System Integrity

The

FactoryTalk® AssetCentre

server centrally tracks and manages configuration changes and restricts who can make changes based on

FactoryTalk® Security

settings. This server functionality assists with diagnostics and troubleshooting and reduces maintenance time for production assets.

Configure the Device Monitor - Change Detect operation for the controller.

For more information, see Configure System Security Features User Manual, SECURE-UM001 .

Use

ControlFLASH Plus®

software to update controller firmware.

Digitally signed firmware files have a .DMK (Device Management Kit) extension.

ControlFLASH™

software authenticates the origin of a DMK file and validates the file before downloading in the device.

You can generate a signature on an Add-On Instruction. This signature seals (encrypts) the Add-On Instruction to help prevent modification.

To meet IEC-62443-4-2 SL 1 security requirements, you must use a certified version of the controller firmware. We recommend that you use the latest minor revision of your firmware.

The controller is designed such that:

For more information, see Controller Firmware and Logix Designer Application Compatibility.

CIP™

Bridging Control can be used to isolate secure and unsecure communication.

For more information, see CIP Bridging Control.

If your application requires a major fault in addition to those already monitored by the controller, define a predetermined state with a major fault so that outputs are off.

For more information, see Configure User-definable Major Faults.

Safety-enabled controllers use a safety signature to verify the integrity of a safety application. The safety signature must be applied on a SIL 2/PLd or SIL 3/PLe safety-enabled controller to perform automated background integrity checks on the safety application. We recommend that you record and store the safety signature in a separate location to verify its integrity during audits or when tampering is suspected.