Security
Operating Manual PNOZ m C0
1006013-EN-02
| 13
4 Security
To secure plants, systems, machines and networks against cyberthreats it is necessary to
implement (and continuously maintain) an overall industrial security concept that is state of
the art.
Perform a risk assessment in accordance with VDI/VDE 2182 or IEC 62443-3-2 and plan
the security measures with care. If necessary, seek advice from Pilz Customer Support.
4.1 Implemented security measures
} To carry out relevant operations in the PNOZmulti Configurator, a user must authenticate
himself on the device with user name and password.
} Multiple users with different permissions can be created and configured in the PNOZmulti
Configurator.
The user data is transmitted to the device and stored there.
} In the base unit PNOZ m C0 a security device key can be stored.
The security device key includes the following functions:
– Verifiable trust anchor in the device for the plant manufacturer.
In the PNOZmulti Configurator you can verify whether a device key from device key
management matches the device key on the connected device.
– Ensure the authenticity of project data on the chip card
The base unit PNOZ m C0 accepts project data on the chip card only if it has been
generated using the identical security device key.
4.2 Required security measures
} The product is not protected from physical manipulation or from reading of memory con-
tents during physical access. Use appropriate measures to ensure that there is no phys-
ical access by unauthorised persons. You should also use security seals so that you can
detect any manipulation of the product or interfaces. Installation inside a lockable control
cabinet is recommended as a minimum measure.
} Protect the configuration and log data from unauthorised changes.
} Check the product's log for unauthorised program changes on a regular basis.
} A factory-set default password is active on the base unit along with permissions for users
who are not logged in. Change the password immediately after logging in for the first
time.
} Assign different permissions for the various user groups (e.g. diagnostics - configuration).
} The project data on the chip card is not protected when the security device key is not
used, and it can be read by unauthorised persons.
– Use the security device key to protect the project data during transfer
or
– Remove the chip card.
} Assign only safe passwords. When assigning passwords, please note:
– The password should have at least 8 characters.
– The password should contain upper and lower case characters, as well as special
characters and numbers.
To Next Page
Loading...
Need help?
General
