Security information (assumption/constraint) for Industrial Edge Apps are as follows:
- Only authorized internal operators will have access to Industrial Edge Device with-in secure network using VPN connection.
- Perimeter firewall configuration responsibility lies with end customer.
- Security guidelines for usage of USB sticks within shop floor are applied.
- Creating users with appropriate access rights needs to be done during commissioning and it is the responsibility of the operator.
- Customer is responsible for configuring the application as per the installation/user manual, based on system requirements and technical capabilities of app documented so that the Automation System performance is not impacted.
- The system is installed in an environment that ensures physical access is limited to authorized maintenance personnel only. Managing unauthorized attachment of removable devices is the responsibility of the operator.
- The platform including hardware, firmware and operating system is securely configured and maintained by the operator.
- The operator is capable of protecting the environment from malware infection.
- Centralized IT security components (Active Directory, Centralized IT Logging Server) are provided and well secured by the operator and can be trusted.
- The operator personnel accessing the system is well trained in the usage of the system and general information security aspects like password handling, removable media, etc. are in place.
- Operator is responsible for the Confidentiality, Integrity, and Availability (CIA) of data stored outside the Industrial Edge Device.
- Operator is responsible for configuring the PLCs with appropriate read/write access levels (Legitimization) and configure Industrial Edge Apps with appropriate passwords for data collection from PLC's.
- Customer takes care about time sync of Industrial Edge Management and Industrial Edge Device.
- For S7+ browsing, from PLC firmware V2.9 and greater the onus lies on the user while trusting the PLC server certificate.