IEC 62443-4-2 product compliance
This chapter provides a mapping between the requirements from IEC62443-4-2 and the Nerve features.
Management System
The security compliance differs between Management System hosted by TTTech and Management System self-managed by a customer. When the the Management System is self-managed additional security measures are required as described in Management System guidelines.
FR 1 – Identification and authentication control (IAC)
| Requirement | Description | Compliance | Links |
|---|---|---|---|
| CR1.1 | Human user identification and authentication | OK | User management Authentication |
| CR1.1. RE(1) | Unique identification and authentication | OK | Adding a new user |
| CR1.2 | Software process and device identification and authentication | OK | Adding a node |
| CR1.3 | Account management | OK | User management |
| CR1.4 | Identifier management | OK | User management LDAP |
| CR1.5 | Authenticator management | OK | User management LDAP |
| CR1.7 | Strength of password-based authentication | Partial | Password policy is not yet configurable LDAP |
| CR1.10 | Authenticator feedback | OK | Feedback is only "Invalid credentials" |
| CR1.11 | Unsuccessful login attempts | OK | Logging in For configuration see options Configuration |
| CR1.12 | System use notification | OK | Notifications |
| CR1.13 | Access via untrusted networks | NA | Protected by firewall Network |
FR2 – Use control (UC)
| Requirement | Description | Compliance | Links |
|---|---|---|---|
| CR2.1 | Authorization enforcement | OK | Roles |
| CR2.1 RE(1) | Authorization enforcement for all users | OK | Roles |
| CR2.1 RE(2) | Permission mapping to roles | OK | Roles |
| CR2.4, SAR, EDR, HDR | Mobile code | OK | Javascript code Docker-Image |
| CR2.4 RE(1) SAR, EDR, HDR | Mobile code authenticity check | OK | Javascript code Docker-Image |
| CR2.5 | Session lock | OK | Logging in |
| CR2.6 | Remote session termination | Partial | Remote-termination See configuration options Configuration |
| CR2.8 | Auditable events | OK | Audit-logs |
| CR2.9 | Audit storage capacity | OK | Operations |
| CR2.10 | Response to audit processing failures | OK | Operations |
| CR2.11 | Timestamps | OK | Audit-logs |
| CR2.11 RE(1) | Time synchronization | OK | Time |
| CR2.12 | Non-repudiation | OK | Audit-logs |
| CR2.13 EDR | Use of physical diagnostic and test interfaces | NA | Cloud based system |
FR3 – System integrity (SI)
| Requirement | Description | Compliance | Link |
|---|---|---|---|
| CR3.1 | Communication integrity | OK | The communication with the Management System occurs only over HTTPS (TLS 1.2 or TLS1.3). Operations |
| CR3.1 RE(1) | Communication authentication | OK | The communication with the management system is authenticated and encrypted. |
| CR3.2 SAR | Protection from malicious code | OK | Operations |
| CR3.3 | Security functionality verification | Partial | Security-verification |
| CR3.4 | Software and information integrity | Partial | TTTech verifies the signature of the Docker images. |
| CR3.4 RE(1) | Authenticity of software and information | Partial | The signature of the Docker images is checked at boot and during update. Update |
| CR3.5 | Input validation | OK | TTTech ensures through software testing that input validation is effective. |
| CR3.7 | Error handling | OK | TTTech ensures through software testing that input validation is effective and does not leak information. |
| CR3.8 | Session integrity | OK | TTTech ensures through software testing that session integrity is guaranteed. |
| CR3.9 | Protection of audit information | OK | The protection is ensured through enforcement of the OpenSearch permissions and by limiting access to the hosting VM. |
| CR3.10 EDR, HDR | Support for updates | NA (MS is SAR only) | The Update is performed as part of hosting activities. |
| CR3.10 RE(1) EDR, HDR | Update authenticity and integrity | NA (MS is SAR only) | The Update is performed as part of hosting activities. |
| CR3.11 EDR.HDR | Physical tamper resistance and detection | NA | Cloud based system |
| CR3.12 EDR, HDR | Provisioning product supplier roots of trust | NA | Cloud based system |
| CR3.14 EDR, HDR | Integrity of the boot process | NA | Cloud based system |
| CR3.14 (1) EDR, HDR | Authenticity of the boot process | NA | Cloud based system |
All requirements applicable only to EDR and HDR devices are not relevant for the management system.
FR 4 – Data confidentiality (DC)
| Requirement | Description | Compliance | Link |
|---|---|---|---|
| CR4.1 | Information confidentiality | OK | The Management System can only be accessed over HTTPS. See Certificates, Data is protected at rest see Data at rest. Integrity of backup is guaranteed, see Backup |
| CR4.2 | Information persistence | OK | See Decommissioning |
| CR4.3 | Use of cryptography | OK | TTTech uses well-known cryptographic libraries. |
FR 5 – Restricted data flow (RDF)
| Requirement | Description | Compliance | Link |
|---|---|---|---|
| FR 5.1 | Network segmentation | NA | Cloud based system |
FR 6 – Timely response to events (TRE)
| Requirement | Description | Compliance | Link |
|---|---|---|---|
| CR6.1 | Audit log accessibility | OK | See Audit-logs |
| CR6.2 | Continuous monitoring | OK | See Monitoring |
FR 7 – Resource availability (RA)
| Requirement | Description | Compliance | Link |
|---|---|---|---|
| CR7.1 | Denial of service protection | OK | The Management System is protected by applying rate-limit on all API endpoints |
| CR7.1 RE(1) | Manage communication load from component | OK | The Management System is protected by applying bandwidth limit on all API endpoints and on MQTT communication. |
| CR7.2 | Resource management | OK | See Resources |
| CR7.3 | Control system backup | OK | See Backup |
| CR7.3 RE(1) | Backup integrity verification | OK | See Backup |
| CR7.4 | Control system recovery and reconstitution | OK | See Backup |
| CR7.6 | Network and security configuration settings | NA | Not relevant to the control system. |
| CR7.7 | Least functionality | OK | Only needed services are run. |
| CR7.8 | Control system component inventory | OK | See endpoints nerve/update/cloud/current-version in the MS API |
Nerve Node
The compliance to IEC62443-4-2 is related to Nerve as a platform.
FR 1 – Identification and authentication control
| Requirement | Description | Compliance | Links |
|---|---|---|---|
| CR1.1 | Human user identification and authentication | OK | Node Permissions and Users |
| CR1.1. RE(1) | Unique identification and authentication | Partial | SSH port not closed yet |
| CR1.2 | Software process and device identification and authentication | OK | Node identification |
| CR1.3 | Account management | OK | Part of Management System account management. |
| CR1.4 | Identifier management | OK | Part of Management System identifier management. |
| CR1.5 | Authenticator management | OK | Part of Management System authenticator management. |
| CR1.7 | Strength of password-based authentication | Partial | Refer to Management System |
| CR1.10 | Authenticator feedback | OK | Feedback is only "Invalid credentials" |
| CR1.11 | Unsuccessful login attempts | Partial | Protection is implemented, but not configurable |
| CR1.12 | System use notification | Pending | |
| CR1.13 | Access via untrusted networks | NA | Protection by a firewall is recommended. Network |
FR2 – Use control
| Requirement | Description | Compliance | Links |
|---|---|---|---|
| CR2.1 | Authorization enforcement | OK | Roles |
| CR2.1 RE(1) | Authorization enforcement for all users | OK | Roles |
| CR2.1 RE(2) | Permission mapping to roles | Pending | |
| CR2.4, SAR, EDR, HDR | Mobile code | Partial | Javascript code |
| CR2.4 RE(1) SAR, EDR, HDR | Mobile code authenticity check | Partial | Javascript code |
| CR2.5 | Session lock | OK | The session is renewed on user activity. The user was logged out due to inactivity. |
| CR2.6 | Remote session termination | Partial | Remote-termination See configuration options Configuration |
| CR2.8 | Auditable events | OK | Node audit Logs |
| CR2.9 | Audit storage capacity | OK | Audit logs |
| CR2.10 | Response to audit processing failures | Pending | |
| CR2.11 | Timestamps | OK | Node audit Logs |
| CR2.11 RE(1) | Time synchronization | OK | The Node can synchronize to an NTP server when configured via DHCP. |
| CR2.12 | Non-repudiation | OK | Node audit Logs |
| CR2.13 EDR | Use of physical diagnostic and test interfaces | Pending |
FR3 – System integrity
| Requirement | Description | Compliance | Link |
|---|---|---|---|
| CR3.1 | Communication integrity | Pending | The communication with the Management System occurs over HTTPS (MQTT over secure websocket or plain HTTPS). The communication to the local UI occurs over a dedicated physical port or over a SSH tunnel. For information about workloads, refer to Application. |
| CR3.1 RE(1) | Communication authentication | OK | The communication with the management system is authenticated and encrypted. |
| CR3.2 EDR HDR | Protection from malicious code | Pending | |
| CR3.3 | Security functionality verification | Partial | Security-verification |
| CR3.4 | Software and information integrity | Partial | Docker ensures the integrity of the images. |
| CR3.4 RE(1) | Authenticity of software and information | Partial | |
| CR3.5 | Input validation | OK | TTTech ensures through software testing that input validation is effective. |
| CR3.7 | Error handling | OK | Error messages do not leak information. |
| CR3.8 | Session integrity | OK | TTTech ensures through software testing that session integrity is guaranteed. |
| CR3.9 | Protection of audit information | Pending | |
| CR3.10 EDR, HDR | Support for updates | OK | Node-update |
| CR3.10 RE(1) EDR, HDR | Update authenticity and integrity | Partial | The integrity is checked by verifying the SHA-256 of the downloaded image with the reference provided by the Management System. |
| CR3.11 EDR.HDR | Physical tamper resistance and detection | Pending | |
| CR3.12 EDR, HDR | Provisioning product supplier roots of trust | Pending | |
| CR3.14 EDR, HDR | Integrity of the boot process | Pending | |
| CR3.14 (1) EDR, HDR | Authenticity of the boot process | Pending |
FR 4 – Data confidentiality
| Requirement | Description | Compliance | Link |
|---|---|---|---|
| CR4.1 | Information confidentiality | Pending | |
| CR4.2 | Information persistence | Pending | |
| CR4.3 | Use of cryptography | OK | TTTech uses well-known cryptographic libraries. |
FR 5 – Restricted data flow
| Requirement | Description | Compliance | Link |
|---|---|---|---|
| FR 5.1 | Network segmentation | OK | See Network |
FR 6 – Timely response to events
| Requirement | Description | Compliance | Link |
|---|---|---|---|
| CR6.1 | Audit log accessibility | OK | See Audit-logs |
| CR6.2 | Continuous monitoring | OK | See Node-Monitoring, Node-Alerting |
FR 7 – Resource availability
| Requirement | Description | Compliance | Link |
|---|---|---|---|
| CR7.1 | Denial of service protection | OK | DoS |
| CR7.1 RE(1) | Manage communication load from component | OK | DoS |
| CR7.2 | Resource management | OK | The critical resources on the node are protected by cgroups. |
| CR7.3 | Control system backup | OK | Backup/Restore |
| CR7.3 RE(1) | Backup integrity verification | OK | Backup/Restore |
| CR7.4 | Control system recovery and reconstitution | OK | Backup/Restore |
| CR7.6 | Network and security configuration settings | OK | See Network |
| CR7.7 | Least functionality | Pending | Only needed services are run. |
| CR7.8 | Control system component inventory | OK | The REST-API provides the necessary information ( /api/setup/node/info and /api/version ) |