SR 1.1 - Identification and authentication of human users |
Basic user access control |
|
|
SR 1.1 - RE (1) Identification and unique authentication |
Access control policy |
|
|
SR 1.1 - RE (2) Multiple factor authentication for untrusted networks |
Multi-factor user access control |
|
|
SR 1.2 - RE (1) identification and unique authentication |
Access control policy, Role-based access |
|
|
SR 1.3 - Account Management |
Access control policy, Role-based access, Account management |
|
|
SR 1.3 RE (1) Unified Account Management |
Single Sign On |
|
|
SR 1.4 - identification management |
Access control policy, Role-based access, Account management |
|
|
SR 1.5 - Authentication management |
Access control policy, Basic user access control, Multi-factor user access control |
|
|
SR 1.5 RE (1) Security hardware to identify credentials through software processes |
Hardware Security Keys |
|
|
SR 1.6 - Wireless Access Management |
WI-FI control, Network communications control, Physical security in the installation of devices, Account management |
|
|
SR 1.6 RE (1) Unique identifier and authenticator |
Access control policy |
|
|
SR 1.7 - Strength of password-based authentication |
Detection of use of default passwords, Account management |
|
|
SR 1.7 RE (1) Password generation and lifetime restrictions for human users |
Access control policy |
|
|
SR 1.7 RE (2) Restrictions on password lifetime for all users |
Access control policy |
|
|
SR 1.8 - Public Key Infrastructure Certificates |
PKI infrastructure, Certificate use policy |
|
|
SR 1.9 - Strong authentication based on public key |
Multi-factor user access control, Certificate use policy |
|
|
SR 1.9 RE (1) Security hardware to authenticate public keys |
PKI infrastructure |
|
|
SR 1.10 - Authenticator Feedback |
User access control with hidden display, Access control policy |
|
|
SR 1.11 - Failed login attempts |
Industrial DPI for anomaly detection, Account management, Inspect endpoint logs, Industrial network event log (forensic analysis) |
|
|
SR 1.12 - System usage notifications |
Account management, Inspect endpoint logs, Industrial network event log (forensic analysis) |
|
|
SR 1.13 - Access through non-secure networks |
Network event correlation analysis, Multi-factor user access control, Network communications control, Industrial network event log (forensic analysis), Network communication visualization |
|
|
SR 1.13 RE (1) Explicit access approval request |
Access control policy |
|
|
SR 1.1 - RE (3) Multiple authentication factor for all networks |
Role-based access |
|
|
SR 2.1 - Authorization application |
Detection of use of default passwords, Account management |
|
|
SR 2.1 RE (1) Authorization application for all users |
Use control policy |
|
|
SR 2.1 RE (2) Mapping permissions to roles |
Role-based access, Use control policy |
|
|
SR 2.1 RE (3) Anular supervisor |
Use control policy |
|
|
SR 2.1 RE (4) Double Approval |
Use control policy |
|
|
SR 2.2 - Wireless usage control |
WI-FI control, Network communications control, Network integrity control, Network communication visualization |
|
|
SR 2.2 RE (1) Identify and report unauthorized wireless devices |
Security log |
|
|
SR 2.3 - Usage control for portable and mobile devices |
Role-based access, Network event correlation analysis, Network communications control, Equipment use control, Use control policy, Network communication visualization |
|
|
SR 2.3 RE (1) Application of the security status of portable and mobile devices |
Reporting of events and communication to responsible parties |
|
|
SR 2.4 - Mobile code |
Role-based access, Software usage control, Use control policy, Upgrade testing support |
|
|
SR 2.4 RE (1) Mobile code integrity check |
Verification of integrity of software and hardware code |
|
|
SR 2.5 - Session Lock |
Account management, Use control policy |
|
|
SR 2.6 - Remote session termination |
Account management, Use control policy |
|
|
SR 2.7 - Control of concurrent sessions |
Account management, Use control policy |
|
|
SR 2.8 - Auditable events |
Whitelist in prevention mode, Activity log policy, Industrial network event log (forensic analysis), Security log, Incident response support |
|
|
SR 2.8 RE (1) Audit tracks of systems with centralized management |
SIEM integration |
|
|
SR 2.9 - Audit storage capacity |
Equipment protection diagnostics, Centralized management of security policies, Incident response support |
|
|
SR 2.9 RE (1) Warn when capacity threshold has been reached in audit logs |
Activity log policy |
|
|
SR 2.10 - Respond to failures in the audit process |
Network event correlation analysis, SIEM integration, Activity log policy |
|
|
SR 2.11 - Timestamps |
Equipment protection diagnostics, Industrial network event log (forensic analysis), Security log, Reporting of events and communication to responsible parties |
|
|
SR 2.11 RE (1) Internal time synchronization |
Activity log policy |
|
|
SR 2.11 RE (2) Protection in the integrity of the time source |
Activity log policy |
|
|
SR 2.12 - No repudiation |
Network event correlation analysis, Equipment protection diagnostics, Centralized management of security policies, Inspect endpoint logs, Industrial network event log (forensic analysis) |
|
|
SR 2.12 RE (1) Non-repudiation for all users |
Activity log policy |
|
|
SR 3.1 - Integrity in communications |
Network event correlation analysis, WI-FI control, Network communications control, Advanced detection of anomalies in the IP layer, Network communication visualization |
|
|
SR 3.1 RE (1) Use cryptography to protect integrity |
Network integrity control |
|
|
SR 3.2 - Protection against malicious code |
Reliable updates, Host-based firewall, Whitelist in prevention mode, Notify only protection mode, Upgrade testing support, Verify PLC integrity |
|
|
SR 3.2 RE (1) Protection against malicious code at entry and exit points |
Advanced antimalware |
|
|
SR 3.2 RE (2) Centralized management for protection against malicious code |
Centralized management of security policies |
|
|
SR 3.3 - Verification of security functionalities |
Reliable updates, Certification of the main ICS providers, Cybersecurity assessment |
|
|
SR 3.3 RE (1) Automatic mechanisms to verify security functionalities |
Centralized management of security policies |
|
|
SR 3.3 RE (2) Verification of safety functionalities during normal operation |
Use control policy |
|
|
SR 3.4 - Software and information integrity |
Reliable updates, White list in discovery mode, Access control policy, File integrity monitoring, Verification of integrity of software and hardware code |
|
|
SR 3.4 RE (1) Automatic notifications on integrity violations |
Centralized management of security policies |
|
|
SR 3.5 - Validation of entries |
Network event correlation analysis, Host-based firewall, Industrial DPI for anomaly detection, Whitelist in prevention mode, Advanced process control rules |
|
|
SR 3.6 - Deterministic Outputs |
Software usage control, Industrial DPI for anomaly detection, Advanced process control rules |
|
|
SR 3.7 - Error handling |
Industrial DPI for anomaly detection, Detect attacks on industrial networks (signature-based) , Centralized management of security policies, Inspect endpoint logs, Activity log policy |
|
|
SR 3.8 - Session integrity |
Network communications control, Industrial DPI for anomaly detection, Detect attacks on industrial networks (signature-based) , Industrial network event log (forensic analysis) |
|
|
SR 3.8 RE (1) Invalidate session IDs once the session was terminated |
Activity log policy |
|
|
SR 3.8 RE (2) Generation of unique session IDs |
Activity log policy |
|
|
SR 3.8 RE (3) Randomness of session IDs |
Activity log policy |
|
|
SR 3.9 - Protection of audit information |
Network event correlation analysis, Centralized management of security policies, Activity log policy, Incident response support |
|
|
SR 3.9 RE (1) Audit records in single write media |
Role-based access, SIEM integration |
|
|
SR 4.1 - Confidentiality of information |
Account management, Access control policy, Data Protection |
|
|
SR 4.1 RE (1) Protection of the confidentiality of information hosted or in transit through unreliable networks |
Use control policy |
|
|
SR 4.1 RE (2) Protection of confidentiality across zone boundaries |
Use control policy |
|
|
SR 4.2 - Persistence of information |
Use control policy |
|
|
SR 4.2 RE (1) Purge shared memory resources |
Data Protection |
|
|
SR 4.3 - Use of cryptography |
Multi-factor user access control, Network communications control, Use control policy |
|
|
SR 5.1 - Network Segmentation |
WI-FI control, Network communications control, Network integrity control, Industrial network event log (forensic analysis), Network communication visualization |
|
|
SR 5.1 RE (1) Physical network segmentation |
Secure network design |
|
|
SR 5.1 RE (2) Independence of networks without control systems |
Secure network design |
|
|
SR 5.1 RE (3) Logical and physical isolation of critical networks |
Secure network design |
|
|
SR 5.2 - Zone boundary protection |
WI-FI control, Network communications control, Network integrity control, Industrial network event log (forensic analysis), Network communication visualization |
|
|
SR 5.2 RE (1) Deny by default, allow by exception |
Secure network design |
|
|
SR 5.2 RE (2) Island mode |
Secure network design |
|
|
SR 5.2 RE (3) Closure on failure |
Secure network design |
|
|
SR 5.3 - Restriction on person-to-person communications for general purposes |
WI-FI control, Network communications control, Industrial DPI for anomaly detection, Industrial network event log (forensic analysis), Network communication visualization |
|
|
SR 5.3 RE (1) Prohibit all general purpose person-to-person communications |
Secure network design |
|
|
SR 5.4 - Application Partitioning |
WI-FI control, Network communications control, Secure network design |
|
|
SR 6.1 - Audit accessibility to logs |
Equipment protection diagnostics, Industrial network event log (forensic analysis), Security log, Reporting of events and communication to responsible parties |
|
|
SR 6.1 RE (1) Scheduled access to audit logs |
SIEM integration |
|
|
SR 6.2 - Continuous monitoring |
Industrial DPI for anomaly detection, Detect attacks on industrial networks (signature-based) , White list in discovery mode, Industrial network event log (forensic analysis), File integrity monitoring, Network communication visualization |
|
|
SR 7.1 - Denial of Service Protection |
Network event correlation analysis, Industrial network event log (forensic analysis), Reporting of events and communication to responsible parties |
|
|
SR 7.1 RE (1) Manage communication load |
Network communications control |
|
|
SR 7.1 RE (2) Limit the effects of a denial of service to other systems or networks |
Use control policy |
|
|
SR 7.2 - Resource Management |
Network communications control, Equipment use control, Device control, Monitor USB access, Use control policy, Advanced process control rules, Verify PLC integrity |
|
|
SR 7.3 - System backup control |
Backup system |
|
|
SR 7.3 RE (1) Backup verification |
Backup Policy |
|
|
SR 7.3 RE (2) Backup automation |
Backup Policy |
|
|
SR 7.4 - Restoration and reconstitution of the control system |
Backup Policy, Backup system |
|
|
SR 7.5 - Emergency power |
Physical security in the installation of devices, Redundancy system |
|
|
SR 7.6 - Network settings and security configurations |
Network event correlation analysis, Network communications control, Network integrity control, Equipment use control, Network communication visualization |
|
|
SR 7.6 RE (1) Machine readable current security settings reports |
Activity log policy |
|
|
SR 7.7 - Less functionalities |
WI-FI control, Network communications control, Equipment use control, Software usage control, Device control, Whitelist in prevention mode |
|
|
SR 7.8 - Inventory of control system components |
Hardware and software inventory |
|
|