Dear customer,
ETM provided a new version from the Security-Concept WinCC OA.
Target of this document:
Maintaining the control over production and the processes in the application has the highest priority in automation. Even measures to prevent security threats must not affect this. The "Security Concept WinCC OA" should ensure that only authenticated users execute authorized (permitted) operations on authenticated devices based on utilization features assigned to them. This utilization should take place only via unique and planned access routes. This is to ensure safe production or coordination without hazards for human beings, environment, product, goods to be coordinated and the business of the organization during a task.
The new document is available in the Download section from ETM Portal or you can download if directly from following links:
All security documents
Latest English version
To receive updates on new guidelines you can subscribe to this topic.
Best Regards
Daniel Frankendorfer
Senior Consultant
Security Guideline for WinCC OA
Search
Re: New Security-Concept WinCC OA available (3.12)
Dear customer,
This concept is only valid for WinCC OA 3.12 and future versions until canceled.
For older versions of WinCC OA see the corresponding security concepts
The main adoption of the security concept for WinCC OA 3.12 compared to the concepts which are still valid for older WinCC OA versions are:
1) List of used products
2) Update of references chapter
3) More details in chapter Strategy of this security concept
4) New examples of Demo-facility (highly secure large system, secure small system)
5) Specific enhancements in Hardening chapter
6) Rework chapter Patch Management and Virus Scanner settings
7) Merging chapters of Glossary and Definitions
8) Update almost all images in this document
9) A lot of more detailed descriptions
Please be aware that this list may not be complete and shall give you only a hint to the major adoptions. We recommend to analyze the document carefully and implement the measures to secure your applications and installations.
Please consider the disclaimers and security notes at the beginning of the document.
Best Regards
Daniel Frankendorfer
Senior Consultant
This concept is only valid for WinCC OA 3.12 and future versions until canceled.
For older versions of WinCC OA see the corresponding security concepts
The main adoption of the security concept for WinCC OA 3.12 compared to the concepts which are still valid for older WinCC OA versions are:
1) List of used products
2) Update of references chapter
3) More details in chapter Strategy of this security concept
4) New examples of Demo-facility (highly secure large system, secure small system)
5) Specific enhancements in Hardening chapter
6) Rework chapter Patch Management and Virus Scanner settings
7) Merging chapters of Glossary and Definitions
8) Update almost all images in this document
9) A lot of more detailed descriptions
Please be aware that this list may not be complete and shall give you only a hint to the major adoptions. We recommend to analyze the document carefully and implement the measures to secure your applications and installations.
Please consider the disclaimers and security notes at the beginning of the document.
Best Regards
Daniel Frankendorfer
Senior Consultant
New Security-Concept WinCC OA (Version 3.14)
Dear customer,
ETM provided a new version of our Security-Concept for WinCC OA.
Target of this document:
Maintaining the control over production and the processes in the application has the highest priority in automation. Even measures to prevent security threats must not affect this. The "Security Concept WinCC OA" should ensure that only authenticated users execute authorized (permitted) operations on authenticated devices based on utilization features assigned to them. This utilization should take place only via unique and planned access routes. This is to ensure safe production or coordination without hazards for human beings, environment, product, goods to be coordinated and the business of the organization during a task.
The new document is available in the Download section from ETM Portal in section: Downloads\\Safety & Security\\Security.
This concept is only valid for WinCC OA 3.14 and future versions until canceled. For older versions of WinCC OA see the corresponding security concepts.
The main adaption of the security concept for WinCC OA 3.14 compared to the concepts which are still valid for older WinCC OA versions are:
1. List of used products
2. Update of references chapter
3. More details in chapter Strategy of this security concept
4. New examples of Demo-facility (highly secure large system, secure small system)
5. Specific enhancements in Hardening chapter
6. Rework chapter Patch Management and Virus Scanner settings
7. Better description to use mxProxy to divide security cells
8. Some recommendations for new ULC UX and mobile clients
9. Merging chapters of Glossary and Definitions
10. Update almost all images in this document
11. A lot of more detailed descriptions
Please be aware that this list may not be complete and shall give you only a hint to the major changes. We recommend to read that document carefully and to implement the measures to secure your applications and installations.
Please consider also the disclaimers and security notes at the beginning of the document.
Best Regards
Daniel Frankendorfer
Senior Consultant
ETM provided a new version of our Security-Concept for WinCC OA.
Target of this document:
Maintaining the control over production and the processes in the application has the highest priority in automation. Even measures to prevent security threats must not affect this. The "Security Concept WinCC OA" should ensure that only authenticated users execute authorized (permitted) operations on authenticated devices based on utilization features assigned to them. This utilization should take place only via unique and planned access routes. This is to ensure safe production or coordination without hazards for human beings, environment, product, goods to be coordinated and the business of the organization during a task.
The new document is available in the Download section from ETM Portal in section: Downloads\\Safety & Security\\Security.
This concept is only valid for WinCC OA 3.14 and future versions until canceled. For older versions of WinCC OA see the corresponding security concepts.
The main adaption of the security concept for WinCC OA 3.14 compared to the concepts which are still valid for older WinCC OA versions are:
1. List of used products
2. Update of references chapter
3. More details in chapter Strategy of this security concept
4. New examples of Demo-facility (highly secure large system, secure small system)
5. Specific enhancements in Hardening chapter
6. Rework chapter Patch Management and Virus Scanner settings
7. Better description to use mxProxy to divide security cells
8. Some recommendations for new ULC UX and mobile clients
9. Merging chapters of Glossary and Definitions
10. Update almost all images in this document
11. A lot of more detailed descriptions
Please be aware that this list may not be complete and shall give you only a hint to the major changes. We recommend to read that document carefully and to implement the measures to secure your applications and installations.
Please consider also the disclaimers and security notes at the beginning of the document.
Best Regards
Daniel Frankendorfer
Senior Consultant
Update Security Guideline for WinCC OA (Version 3.15)
Dear customer,
ETM provided an update for our Security Guideline with WinCC OA version 3.15.
Target of this document is to give additional information regarding the configuration and required IT infrastructure in a security relevant environment.
Please take a look, as we have refined the existing guideline and added a lot of additional recommendation, like the usage of our server side authentication feature, since the last version for 3.15 in March 2017.
The new document is available in the Download section from ETM Portal under following link: Downloads\\Safety & Security\\Security.
We recommend to read this document carefully and to implement the measures to secure your applications and installations. Please consider also the disclaimers and security notes at the beginning of the document.
Best Regards
Daniel Frankendorfer
Senior Consultant
ETM provided an update for our Security Guideline with WinCC OA version 3.15.
Target of this document is to give additional information regarding the configuration and required IT infrastructure in a security relevant environment.
Please take a look, as we have refined the existing guideline and added a lot of additional recommendation, like the usage of our server side authentication feature, since the last version for 3.15 in March 2017.
The new document is available in the Download section from ETM Portal under following link: Downloads\\Safety & Security\\Security.
We recommend to read this document carefully and to implement the measures to secure your applications and installations. Please consider also the disclaimers and security notes at the beginning of the document.
Best Regards
Daniel Frankendorfer
Senior Consultant
-
gschijndel
- Posts: 330
- Joined: Tue Jan 15, 2019 3:12 pm
Re: Security Guideline for WinCC OA
dfranken wrote: ↑Mon Dec 17, 2018 2:00 pm Dear customer,
ETM provided an update for WinCC OA - Security Guideline in version 3.16-FP1 (P004).
Target of this document is to give additional information, regarding the configuration and required IT infrastructure, in a security relevant environment.
We've refined the existing guideline, since the last version 3.16 Final in April 2018.
With this version we've focused to following chapters:
+ Implementation of basic descriptions for security like encryption.
+ Extension of chapter: Hardening
+ Extension of chapter to create and deploy certificates for WinCC OA
+ WinCC OA Video
+ A lot of small extensions
The new document is available in the Download section from SIMATIC WinCC Open Architecture Portal under following link: Downloads --> Safety & Security --> SIMATIC WinCC OA Security Guideline V316
https://www.winccoa.com/downloads/detai ... on%5D=show
ETM recommends to read this document carefully and to implement the measures to secure your applications and installations. Please consider also the disclaimers and security notes at the beginning of the document.
Best Regards
Daniel Frankendorfer
Senior Consultant
Re: Security Guideline for WinCC OA
Dear customer,
ETM provided an update for WinCC OA - Security Guideline in version 3.16-FP2 (P009).
Target of this document is to give additional information, regarding the configuration and required IT infrastructure, in a security relevant environment. We've refined the existing guideline and closed gaps, since the last update from December 2018.
The updated document is available in the Download section from SIMATIC WinCC Open Architecture Portal under following link: Downloads --> Safety & Security --> SIMATIC WinCC OA Security Guideline V316:
https://www.winccoa.com/downloads/detai ... on%5D=show
ETM recommends to read this document carefully and to implement the measures to secure your applications and installations. Please consider also the disclaimers and security notes at the beginning of the referenced Security Guideline.
Best Regards
Daniel Frankendorfer
Senior Consultant
ETM provided an update for WinCC OA - Security Guideline in version 3.16-FP2 (P009).
Target of this document is to give additional information, regarding the configuration and required IT infrastructure, in a security relevant environment. We've refined the existing guideline and closed gaps, since the last update from December 2018.
The updated document is available in the Download section from SIMATIC WinCC Open Architecture Portal under following link: Downloads --> Safety & Security --> SIMATIC WinCC OA Security Guideline V316:
https://www.winccoa.com/downloads/detai ... on%5D=show
ETM recommends to read this document carefully and to implement the measures to secure your applications and installations. Please consider also the disclaimers and security notes at the beginning of the referenced Security Guideline.
Best Regards
Daniel Frankendorfer
Senior Consultant
Security Guideline for WinCC OA Version 3.17
Dear customer,
ETM provided a new version of Security Guideline SIMATIC WinCC Open Architecture 3.17.
The target of this document is to give additional information regarding the configuration and required IT infrastructure in a security-relevant environment.
The new document is available in the Download section from SIMATIC WinCC Open Architecture Portal under the following link: Downloads --> Safety & Security --> SIMATIC WinCC OA Security Guideline V3.17 or via the following link (login required).
https://www.winccoa.com/downloads/categ ... urity.html
The main adaptions from the last version of this document are the following points:
• Handling of Security Incidents
• Creation of a Certification Authority (CA)
• Refinement of Hardening chapter
• Information regarding Security by Default
• Handling of new authorization configs
• Examples of TLS architectures
• Information relevant to IEC 62443 4-2 requirements
• A lot of small modifications and refinements
ETM recommends reading this document carefully and to implement the measures to secure applications and installations. Please also consider the disclaimers and security notes at the beginning of the referenced Security Guideline.
Best Regards
Daniel Frankendorfer
Senior Consultant
ETM provided a new version of Security Guideline SIMATIC WinCC Open Architecture 3.17.
The target of this document is to give additional information regarding the configuration and required IT infrastructure in a security-relevant environment.
The new document is available in the Download section from SIMATIC WinCC Open Architecture Portal under the following link: Downloads --> Safety & Security --> SIMATIC WinCC OA Security Guideline V3.17 or via the following link (login required).
https://www.winccoa.com/downloads/categ ... urity.html
The main adaptions from the last version of this document are the following points:
• Handling of Security Incidents
• Creation of a Certification Authority (CA)
• Refinement of Hardening chapter
• Information regarding Security by Default
• Handling of new authorization configs
• Examples of TLS architectures
• Information relevant to IEC 62443 4-2 requirements
• A lot of small modifications and refinements
ETM recommends reading this document carefully and to implement the measures to secure applications and installations. Please also consider the disclaimers and security notes at the beginning of the referenced Security Guideline.
Best Regards
Daniel Frankendorfer
Senior Consultant