The following security information (assumption/constraint) for Industrial Edge Apps has to be considered:
Only authorized internal operators will have access to Industrial Edge Device within a secure network using VPN connection.
Perimeter firewall configuration responsibility lies with the end customer.
Security guidelines for usage of USB sticks on the shop floor are applied.
Creating users with appropriate access rights needs to be done during commissioning and it is the responsibility of the operator.
The customer is responsible for configuring the application as per the installation/user manual, based on system requirements and technical capabilities of app documented so that the Automation System performance is not impacted.
The system is installed in an environment that ensures physical access is limited to authorized maintenance personnel only. Managing unauthorized attachment of removable devices is the responsibility of the operator.
The platform including hardware, firmware and operating system is securely configured and maintained by the operator.
The operator is capable of protecting the environment from malware infection.
Centralized IT security components (Active Directory, Centralized IT Logging Server) are provided and well secured by the operator and can be trusted.
The operator personnel accessing the system is well trained in the usage of the system and general information security aspects like password handling, removable media, etc. are in place.
The operator is responsible for the Confidentiality, Integrity, and Availability (CIA) of data stored outside the Industrial Edge Device.
The operator is responsible for configuring the NCs/PLCs with appropriate read/write access levels (Legitimization) and configure Industrial Edge Apps with appropriate passwords for data collection from NCs/PLCs.
The customer takes care of time synchronization between the Industrial Edge Management and Industrial Edge Device.