Provider capabilities ROCKWELL AUTOMATION
| Name | Description |
|---|---|
| Awareness and Training | Awareness plan for employees, managers, suppliers and customers. Training plan for technical staff. Training plan for key personnel. Maturity level tests or assessments on employee awareness and training. Indicators of evolution and continuous improvement of knowledge and training (internal and of the supply chain). |
| Network communications control | Control of users and devices in access to the network allowing monitoring their actions and gathering detailed information on their communications. Establishing VPNs or other control mechanisms, such as bandwidth limitation |
| Network integrity control | Network integrity control that detects new / unknown devices and monitors communications between known / unknown devices |
| Secure network design | Provide specifications for secure network design, segmentation, addressing, and communication protocols |
| Communications plan | Escalation process, media management process, internal communication process, communication process with third parties (customers, partners, suppliers, shareholders, investors, etc.) |
| Configuration control | Design and maintenance of configuration standards. Configuration change management. Configuration status evaluation |
| Device control | Ability to control devices automatically (CD, DVD, USB, etc.). Allow blocking or adjusting filters and extended permissions, as well as setting the permissions of a local / remote user to access the given device\'s hardware and software installed on it. |
| Hardware and software inventory | Obtain data from both Hardware and Software equipment in order to form a dynamic inventory. Manage an inventory of hardware and software either automated or manual. |
| Physical security in the installation of devices | Provide technical recommendations in the places where the devices are going to be installed in terms of temperature, humidity, electromagnetic interference (EMI), radiation, vibrations, gases and any other agent that may affect their correct concurrent operation and message notification capacity in authentication. |
| Separation of environments | I go to production. Security tests in different environments. Segmentation of the environments at the network level, Data disaggregated in the testing environment and in the development environment. |
| Reliable updates | Capability of security updates that do not impact the availability of the protected system through compatibility checks performed prior to database / component and process control system software / configuration updates. |
| Backup Policy | Policy that defines the type of copies and their periodicity, their labeling, as well as the media on which they must be made and the locations of the backup centers where the backup copies are stored. This policy will also define periodic restoration tests |
| Backup system | Backup and restore system to implement backup policy |
| Upgrade testing support | Easy testing of updates (operating system, antivirus, firmware and application software) before their implementation in the network or systems, which guarantees the total integrity of the process |
| Verification of integrity of software and hardware code | Verification of the software and hardware of the device to verify that its integrity has not been compromised, comparing the current state with the reference data collected during the compatibility test |