Security recommendations checklist
This list is a summary of all requirements from the security recommendations section. Note that the this list is meant to be a means of assistance and can be printed, for example.
Actions against system-wide threats
| Implementers of security shall... | |
|---|---|
| ...ensure that workloads are only taken from trustworthy sources and/or analyzed for security threats. | |
| ...ensure that workloads do not accept executables or scripts as configurations. |
Actions against node-related threats
| Implementers of security shall... | |
|---|---|
| ...ensure that at least one user with node admin permissions logs in on the node to deactivate the local user. | |
| ...ensure that each node has unique credentials. | |
| ...use state of the art measures such as training and workplace security to prevent credentials from leaking. | |
| ...ensure the integrity and security of their local workload repository, if used. | |
| ...ensure the integrity and security of their external backup server, if used. | |
| ...take adequate measures to ensure that unencrypted communication to the Nerve node's local user interface or API does not compromise system security. | |
| ...ensure that the network configuration of workloads aligns with the security concept of the system. | |
| ...ensure that the DNA files do not contain credentials. | |
| ...ensure the integrity of the DNS service in the network to which the WAN interface of the node is connected. | |
| ...ensure that resource constraint configuration is done correctly to avoid overcommitment of resources. |
| Implementers of security should... | |
|---|---|
| ...use the Nerve DNA feature with hashes for deployment of applications. | |
| ...monitor resource consumption periodically or create an alert to ensure system availability. | |
| ...test workloads for resource leaking. |
Actions against Management System-related threats
| Implementers of security shall... | |
|---|---|
| ...use state of the art measures such as training and workplace security to prevent credentials from leaking. Consider using organization-wide credential management by connecting the Nerve Management System through LDAP. | |
| ...use state of the art measures such as training and workplace security to prevent the node secure ID from leaking. | |
| ...ensure the identity of the onboarded node in their onboarding process, e.g. by adding a manual verification of the serial number to the procedure. | |
| ...follow the guidelines when running an on-premise Management System. |
Secure installation
| Implementers of security shall... | |
|---|---|
| ...ensure physical protection against physical access to the device to avoid an unauthorized user accessing sensible data on the disk. | |
| ...ensure that physical access to the network cables is limited in order to protect the network within the machine. Whenever possible, select a secure connection to devices. | |
| ...ensure that no Nerve interface is directly exposed to the internet. |
Node configuration
| Implementers of security shall... | |
|---|---|
| ...ensure that only personal with sufficient training is allowed to access the node. | |
| ...configure only those networks on a Nerve node which are needed for operation. | |
| ...place the node behind a firewall allowing access only to the Management System over HTTPS. If workloads provide access to additional ports, the workloads should be hardened to prevent unauthorized access and the firewall configuration should be adapted. | |
| ...activate the feature to require local acknowledgement for remote access where possible. |
Workload configuration
| Implementers of security shall... | |
|---|---|
| ...ensure that only personnel with sufficient know-how of security shall configure Nerve workloads. | |
| ...ensure that security implications of the Docker Compose YAML and virtual machine XML configurations are suitable for the given system. | |
| ...make use of the option to reserve and limit resources for Nerve workloads. | |
| ...configure remote access routes only in line with their security concept. | |
| ...allow remote access configuration only for users with sufficient know-how of the security concept. |
Secure operation
| Implementers of applications on Nerve shall... | |
|---|---|
| ...follow a secure life-cycle process for their applications running on Nerve. |
| Implementers of security shall... | |
|---|---|
| ...ensure that there is a process to read and act upon the security information provided by the Nerve team through the given contact address. | |
| ...create a process to verify that the version and configurations of Nerve software correspond to the desired state. | |
| ...create a process to periodically review audit logs for unexpected or unauthorized access. |
| Implementers of security should... | |
|---|---|
| ...create, deploy and sell their systems based on Nerve in a way that frequent security updates are acceptable. |
Account management
| Implementers of security shall... | |
|---|---|
| ...assign roles to users based on the concept of minimum privilege. | |
| ...assign the right to create, configure or modify workloads only to users with sufficient need and expertise. | |
| ...assign the right to create, configure or modify remote connections only to users with sufficient need and expertise. | |
| ...follow best practices for account management, e.g. review all user accounts and their permissions periodically and remove the ones which are not needed anymore. | |
| ...ensure that only those people with sufficient need and security know-how shall be able to obtain the local node credentials. |
Secure disposal
| Implementers of security shall... | |
|---|---|
| ...ensure that a process exists to securely delete or destroy all data on decommissioned systems. |
Self-hosted Management System
| The hosting environment shall... | |
|---|---|
| ...ensure that the hosting VM uses a precision time source (NTP). | |
| ...ensure that the hosting VM protects the data at rest. | |
| ...implement and enforce a process to limit access to the hosting virtual machine to authorized users only. | |
| ...implement a process to regularly patch the OS of the hosting virtual machine. | |
| ...ensure that the Management System is protected against unauthorized network access. | |
| ...have a process to check the integrity and authenticity of Docker images delivered by TTTech for the Management System. | |
| ...have a process to generate and update unique and strong passwords as needed by the Management System. | |
| ...review and verify the configuration provided to the Management System. | |
| ...implement and operate a monitoring and alerting system according to TTTech recommendation. | |
| ...implement and operate a backup and recovery system for the data of the Management System in accordance with IEC62443-4-2. | |
| ...implement a process for protection and periodic rotation of the certificate used by the Management system to protect HTTPS communication. |