Security Information for Industrial Edge App - Manual - SIMATIC S7 Connector - Industrial Edge - Industrial Edge App

SIMATIC S7 Connector

Product
SIMATIC S7 Connector
Product Version
v2.2.1
Edition
08/2024
Language
en-US (original)

Security information (assumption/constraint) for Industrial Edge Apps are as follows:

  • Only authorized internal operators will have access to Industrial Edge Device with-in secure network using VPN connection.
  • Perimeter firewall configuration responsibility lies with end customer.
  • Security guidelines for usage of USB sticks within shop floor are applied.
  • Creating users with appropriate access rights needs to be done during commissioning and it is the responsibility of the operator.
  • Customer is responsible for configuring the application as per the installation/user manual, based on system requirements and technical capabilities of app documented so that the Automation System performance is not impacted.
  • The system is installed in an environment that ensures physical access is limited to authorized maintenance personnel only. Managing unauthorized attachment of removable devices is the responsibility of the operator.
  • The platform including hardware, firmware and operating system is securely configured and maintained by the operator.
  • The operator is capable of protecting the environment from malware infection.
  • Centralized IT security components (Active Directory, Centralized IT Logging Server) are provided and well secured by the operator and can be trusted.
  • The operator personnel accessing the system is well trained in the usage of the system and general information security aspects like password handling, removable media, etc. are in place.
  • Operator is responsible for the Confidentiality, Integrity, and Availability (CIA) of data stored outside the Industrial Edge Device.
  • Operator is responsible for configuring the PLCs with appropriate read/write access levels (Legitimization) and configure Industrial Edge Apps with appropriate passwords for data collection from PLC's.
  • Customer takes care about time sync of Industrial Edge Management and Industrial Edge Device.
  • For S7+ browsing, from PLC firmware V2.9 and greater the onus lies on the user while trusting the PLC server certificate.