Develop Secure Applications

The following controllers support IEC-62443-4-2 SL 1 security certification.
IEC 62443-4-2 SL 1-certified Controllers
Controller
Firmware Revision
ControlLogix®
 5590 controllers
38 or later
IMPORTANT:
If enabled, the following features cause the controller to be excluded from IEC-62443-4-2 SL 1 security certification:
  • OPC UA
  • Redundancy
  • Trusted slots
  • Secure socket objects
  • Remote deployment of save/restore images
To help meet these requirements, you must use this publication and the Configure System Security Features User Manual, publication SECURE-UM001. The Configure System Security Features User Manual describes how to configure and use
Rockwell Automation®
 products to improve the security of your industrial automation system.
The controller accepts all values appropriate for a tag data type, and it is the responsibility of the user program to specify valid ranges and perform validity to check for those ranges. The controller verifies incoming messages for syntax, length, and format.
Security Additional Resources
Resource
Description
Security Design Guide Reference Manual, publication SECURE-RM001
Provides guidance on how to conduct vulnerability assessments, implement
Rockwell Automation®
 products in a secure system, harden the control system, manage user access, and dispose of equipment.
Logix 5000 Controllers Security Programming Manual, publication 1756-PM016
Describes how to configure security for the
Studio 5000 Logix Designer®
 application, and explains how to configure source protection for your logic and projects.
CIP Security Application Technique, publication SECURE-AT001
Describes how to plan an implement a
Rockwell Automation®
 system that supports the
CIP Security
 protocol.
Converged Plantwide Ethernet (CPwE) Design and Implementation Guide, publication ENET-TD001
Defines manufacturing-focused reference architectures to help accelerate the successful deployment of standard networking technologies and convergence of manufacturing and enterprise/business networks.
Controller Security Features
Requirements for Identification and Authorization
Requirements for Use Control
Requirements for System Integrity
Requirements for Data Confidentiality
Requirements for Restricted Data Flow
Requirements for Timely Response to Events
Requirements for Resource Availability
Configure User-definable Major Faults
CIP Bridging Control
License-based Source and Execution Protection
Change Detection
Component Tracking
Controller Logging
Controller Ethernet Port
Disable CIP Security Ports via FactoryTalk Linx
Disable CIP Security Ports via a CIP Generic MSG Instruction
Disable the Controller USB Port
Disable the Controller Memory Card
Controller 4-character Status Display
Controller Webpage Default Settings
Disable Controller Webpages via Controller Properties
Manage Controller Webpages Via CIP Generic MSG Instructions
Privacy Aspects
Provide Feedback
Have questions or feedback about this documentation? Please submit your feedback here.
Normal