IEC 62443-4-2 compliance list
Introduction
PLCnext Control AXC F 1152, AXC F 2152 and AXC F 3152 from firmware version 2024.0.x LTS, the SPLC 1000 from firmware version 01.01.0000, the RFC 4072S from firmware version 2024.0 LTS and the BPC 9102S from firmware version 2024.0.4 LTS are certified according to IEC 62443-4-1 and IEC 62443-4-2 Full ML3 Process Profile.
Note: The AXC F XT SPLC 3000 (SPLC 3000, item no. 1160157) is developed in compliance with the IEC 62443-4-1 process and meets the requirements of IEC 62443-4-2, as detailed in the security and safety hardening guidelines.
Officially, the SPLC 3000 will be included in the forthcoming IACS Components PLCnext Control certificate for firmware 2025.0 LTS.
You can find the Functional Safety Certificate here: Functional Safety certificates
Note: If you are using older firmware versions with security certification, you must update to firmware version 2024.0.x LTS.
An update to the current LTS version is also essential, as many security vulnerabilities (CVEs) in Linux components are fixed in every LTS version.
An update to the current LTS version is also essential, as many security vulnerabilities (CVEs) in Linux components are fixed in every LTS version.
For more information on the certified controller, refer to the topics AXC F 1152, AXC F 2152, AXC F 3152, SPLC 1000, RFC 4072S and BPC 9102S.
They support an IEC 62443-4-2 SL2 feature set like described below. In addition a subset of SL3 features is already supported.
FR1 – Identification and authentication control (IAC)
| No. | Description | Security Level | Fulfillment | Links |
| CR 1.1 | Human user identification and authentication | SL1 | PLCnext Technology provides that each user can be identified and authenticated by the PLCnext Technology User Manager in the WBM. |
|
| CR 1.1 RE1 |
Unique identification and authentication | SL2 | PLCnext Technology provides that each user can be uniquely identified and authenticated by the PLCnext Technology User Manager in the WBM. |
|
| CR 1.2 | Software process and device identification and authentication | SL2 | PLCnext Technology provides that each non human user access can be identified and authenticated by the PLCnext Technology User Manager in the WBM. |
|
| CR 1.2 RE1 |
Unique identification and authentication | SL3 | PLCnext Technology provides that each non human user access can be uniquely identified and authenticated by the PLCnext Technology User Manager in the WBM. Via the Trust Store unique identification and authentication can be configured. |
|
| CR 1.3 | Account management | SL1 | PLCnext Technology provides that users can be managed via the User Manager in the WBM, via LDAP. |
|
| CR 1.4 | Identifier management | SL1 | PLCnext Technology provides that users can be managed via the User Manager in the WBM, via LDAP, or via the Linux Configuration files. |
|
| CR 1.5 | Authenticator management | SL1 | PLCnext Technology provides that the initial authenticator content is defined by the PLCnext Technology User Manager in the WBM. |
|
| CR 1.7 | Strength of password-based authentication | SL1 | PLCnext Technology provides that each user is assigned to configurable password complexity rulesets. The rulesets can be configured according to password guidelines. |
|
| CR 1.7 RE1 |
Password generation and lifetime restrictions for human users | SL3 | PLCnext Technology provides that each user is assigned to configurable password complexity rulesets. The rulesets can be configured according to password guidelines including expiration rules. |
|
| CR 1.8 | Public key infrastructure certificates | SL2 | PLCnext Technology provides an Identity Store and a Trust Store in the WBM. |
|
| CR 1.9 | Strength of public key authentication | SL2 | PLCnext Technology provides an Identity Store and a Trust Store in the WBM. |
|
| CR 1.9 RE1 |
Hardware security for public key-based authentication | SL3 | The device identity is protected via TPM. Other identities are stored on the internal SD card and need to be protected by the system environment. |
|
| CR 1.10 | Authenticator feedback | SL1 | Each component of the PLCnext Technology Runtime with authentication function provides the possibility to hide the feedback of authenticator information during the authentication process. |
|
| CR 1.11 | Unsuccessful login attempts | SL1 | PLCnext Technology defines rules how to handle authentication errors including unsuccessful login attempts. |
|
| CR 1.12 | System use notification | SL1 | PLCnext Technology provides that a system usage message is displayed before authentication. The message is configurable by authorized personnel in the user authentication. |
|
| CR 1.14 | Strength of symmetric key authentication | SL2 | Symmetric keys are used only internally for TLS and OPC UA® secure communication. |
FR2 – Use control (UC)
| No. | Description | Security Level | Fulfillment | Links |
| CR 2.1 | Authorization enforcement | SL1 | PLCnext Technology provides that users can be managed via the User Manager in the WBM, via LDAP, or via the Linux Configuration files. |
|
| CR 2.1 RE1 |
Authorization enforcement for all users (humans, software processes and devices) | SL2 | PLCnext Technology provides that users can be managed via the User Manager in the WBM, via LDAP, or via the Linux Configuration files. User are assigned to roles which have a predefined set of permissions. |
|
| CR 2.1 RE2 |
Permission mapping to roles | SL2 | PLCnext Technology provides that users can be managed via the User Manager in the WBM, via LDAP, or via the Linux Configuration files. User are assigned to roles which have a predefined set of permissions. User Manager assigns roles and permissions to the session representing the user. |
|
| CR 2.5 | Session lock | SL1 | PLCnext Technology provides that there is an implemented time limit of 20 minutes. |
|
| CR 2.6 | Remote session termination | SL2 | PLCnext Technology provides that there is an implemented default timeout of 20 minutes. The duration can be set in the WBM. |
|
| CR 2.7 | Concurrent session control | SL3 | PLCnext Technology provides that the User Manager provides configurable total number of sessions. |
|
| CR 2.8 | Auditable events | SL1 | PLCnext Technology provides a security logging to log all auditable events. |
|
| CR 2.9 | Audit storage capacity | SL1 | PLCnext Technology provides a security logging ensuring the audit storage capacity. |
|
| CR 2.10 | Response to audit processing failures | SL1 | PLCnext Technology provides that there is an external logging system for checking and reporting local errors. |
|
| CR 2.11 | Timestamps | SL1 | PLCnext Technology provides that Timestamp is available and can be set via PLCnext Engineer. |
|
| CR 2.11 RE1 |
Time synchronization | SL2 | PLCnext Technology provides that you can set the system time using the PLCnext Engineer software. |
|
| CR 2.12 | Non-repudiation | SL1 | PLCnext Technology provides a security logging to log all auditable actions and events. |
|
FR3 – System integrity (SI)
| No. | Description | Security Level | Fulfillment | Links |
| CR 3.1 | Communication integrity | SL1 | PLCnext Technology uses TLS for the communication channels (HTTPS, OPC UA, ...). TLS ensures the integrity and authenticity of the communication. |
|
| CR 3.1 RE1 |
Communication authentication | SL2 | PLCnext Technology uses TLS for the communication channels (HTTPS, OPC UA, ...). TLS ensures the integrity and authenticity of the communication. |
|
| CR 3.3 | Security functionality verification | SL1 | PLCnext Technology provides various security measures and different verification interfaces that can be used to check the security settings by the system integrator or asset owner during production according to the needs of the system design. Security logging and central security logging are major interfaces that can be enhanced by additional checks. |
|
| CR 3.4 | Software and information integrity | SL1 | PLCnext Technology provides integrity of data in transition by using TLS. The User Management controls the access permission to the data in rest. Physical access to the controller must be protected by a lockable cabinet. External SD card must be disabled or encrypted. |
|
| CR 3.4 RE1 |
Authenticity of software and information | SL2 | PLCnext Technology provides a User Management which grants authenticity for data access. Physical access is protect by the cabinet. External SD card must be disabled or encrypted. Only Users with valid credentials and permissions can access the device and change data. User actions are logged and wrong access attempts to the device are logged also. |
|
| CR 3.5 | Input validation | SL1 | PLCnext Technology provides input validation on interfaces. |
|
| CR 3.6 | Deterministic output | SL1 | Deterministic outputs are configured in PLCnext Engineer using the so-called (substitution) behavior, which defines the default value for each output module in case of failure. |
|
| CR 3.7 | Error handling | SL1 | PLCnext Technology does not provide any information that could be exploited by adversaries to attack the device. Special permissions are required to read error messages. Unauthenticated users do not receive critical information. |
|
| CR 3.8 | Session integrity | SL2 | PLCnext Technology authorization is performed by the User Manager, which creates secure sessions. |
|
| CR 3.9 | Protection of audit information | SL2 | Only the PLCnext Technology roles SecurityAdmin and SecurityAuditor have the permission to read security loggings. |
|
FR4 – Data confidentiality (DC)
| No. | Description | Security Level | Fulfillment | Links |
| CR 4.1 | Information confidentiality | SL1 | PLCnext Technology provides integrity of data in transition by using TLS. The User Management controls the access permission to the data in rest. Physical access to the controller must be protected by a lockable cabinet. External SD card must be disabled or encrypted. |
|
| CR 4.2 | Information persistence | SL2 | Reset 1 and reset 2 set back the device to factory defaults securely. |
|
| CR 4.3 | Use of cryptography | SL1 | PLCnext Technology provides TLS for the communication channels (HTTPS, OPC UA, ...). The cryptography is based on openssl and offers state-of-the-art security mechanisms. |
|
FR5 – Restricted data flow (RDF)
| No. | Description | Security Level | Fulfillment | Links |
| CR 5.1 | Network segmentation | SL1 | PLCnext Technology provides separate Ethernet interfaces. Each controller may require different configuration options for network segmentation. |
|
FR6 – Timely response to events (TRE)
| No. | Description | Security Level | Fulfillment | Links |
| CR 6.1 | Audit log accessibility | SL1 | PLCnext Technology provides a security logging to log all auditable actions and events. |
|
| CR 6.1 RE1 |
Programmatic access to audit logs | SL3 | PLCnext Technology provides a security logging to log all auditable actions and events and provides it to central logging server via syslog-ng. |
|
| CR 6.2 | Continuous monitoring | SL2 | PLCnext Technology provides a security logging to log all auditable actions and events and provides it to central logging server via syslog-ng. |
|
FR7 – Resource availability (RA)
| No. | Description | Security Level | Fulfillment | Links |
| CR 7.1 | Denial of service protection | SL1 | PLCnext Technology provides netload limiter, firewall (nf-tables) to control the communication load. |
|
| CR 7.1 RE1 |
Manage communication load from component | SL2 | PLCnext Technology provides netload limiter, firewall (nf-tables) to control the communication load. The task management is designed to manage and recover from high communication load. |
|
| CR 7.2 | Resource management | SL1 | PLCnext Technology provides netload limiter, firewall (nf-tables) to control the communication load and resource management. In addition, the task management controls execution and resource load. |
|
| CR 7.3 | Control system backup | SL1 | PLCnext Technology provides an app to start a backup during normal operations. It generates a backup file which is managed by the Device and Update Management. |
|
| CR 7.3 RE1 |
Backup integrity verification | SL2 | PLCnext Technology ’s backup data is integrity protected. Before starting a restore the data integrity is validated. |
|
| CR 7.4 | Control system recovery and reconstitution | SL1 | PLCnext Technology provides recovery after a disruption or failure. To recover a device based on the backup data, it must be set to delivery status by reset 1, configured according to the system configuration and Security Profile must be activated. The restore data is managed by the Device and Update Management. |
|
| CR 7.6 | Network and security configuration settings | SL1 | PLCnext Technology provides that the network and security configuration can be set via the WBM. |
|
| CR 7.7 | Least functionality | SL1 | PLCnext Technology provides that the Security Profile follows the principle of least functionality: only components that have been considered in the threat analysis may run. This specifies exactly what is permissible. This specifies exactly what is permissible. |
|
| CR 7.8 | Control system component inventory | SL2 | PLCnext Technology provides via OPC UA (device info) the component inventory information. |
|
Embedded device requirement (EDR)
| No. | Description | Security Level | Fulfillment | Links |
| EDR 2.4 | Mobile code | SL1 | PLCnext Technology provides integrity of data in transition by using TLS. The User Management controls the access permission to the mobile code in rest. Physical access to the controller must be protected by a lockable cabinet. External SD card must be disabled or encrypted. |
|
| EDR 2.4 RE1 |
Mobile code authenticity check | SL2 | PLCnext Technology provides integrity of data in transition by using TLS. The User Management controls the access permission to the mobile code in rest. Physical access to the controller must be protected by a lockable cabinet. External SD card must be disabled or encrypted. |
|
| EDR 2.13 | Use of physical diagnostic and test interfaces | SL2 | PLCnext Technology protects access to physical test and diagnostic interfaces through the housing. Interfaces cannot be accessed through the housing with testbed adapters. The device must be protected in a lockable cabinet. The device and SD card must be shipped in a secure manner. |
|
| EDR 3.2 | Protection from malicious code | SL1 | PLCnext Technology provides protection from malicious code by using TLS for data in transition. The User Management controls the access permission to the data in rest. |
|
| EDR 3.10 | Support for updates | SL1 | PLCnext Technology provides a WBM page to install updates. OPC UA Software Update is supported to integrate PLCnext Technology into the Device and Update Management Service. |
|
| EDR 3.10 RE1 |
Update authenticity and integrity | SL2 | PLCnext Technology provides RAUC update containers signed with an X509.3 certificate from a product vendor. Before installation, the authenticity and integrity of the update is verified. All update files provided via the download center are verifiable with a SHA 256. |
|
| EDR 3.11 | Physical tamper resistance and detection | SL2 | PLCnext Technology provides that the cabinet must be locked; application must supervise cabinet accesses. |
|
| EDR 3.12 | Provisioning product supplier roots of trust | SL2 | PLCnext Technology provides a device identifier called IdevID. This device identity is installed during production and protected by the TPM. The boot integrity check validates the further trust roots such as firmware update. |
|
| EDR 3.13 | Provisioning asset owner roots of trust | SL2 | PLCnext Technology provides the Certificate Authentication web page to install Asset Owner Roots of Trust via the Trust Store mechanism. Devices (SD cards) containing installed Asset Owner Roots of Trust must be specially protected in the field by locked cabinets in the field and must not be sent to other sites without special protection from physical access. |
|
| EDR 3.14[1] | Integrity of the boot process | SL1 | PLCnext Technology provides a partial boot integrity check for the OS and FW prior starting the PLC function. The result is shown in the WBM and a notification in the security logging is generated. |
|
| EDR 3.14 RE1[1] |
Authenticity of the boot process | SL2 | PLCnext Technology provides a partial boot integrity check for the OS and FW based on the root of trust of the device. |
|
- Check with the respective controllers how the feature is implemented.
Network device requirement (NDR)
| No. | Description | Security Level | Fulfillment | Links |
| NDR 1.13 | Access via untrusted networks | SL1 | PLCnext Technology provides separate Ethernet interfaces. Each controller may require different configuration options for network segmentation. By using the firewall, access via untrusted networks is managed. |
|
| NDR 1.13 RE1 |
Explicit access request approval | SL3 | PLCnext Technology provides separate Ethernet interfaces. Each controller may require different configuration options for network segmentation. By using the firewall, access via untrusted networks is managed. The firewall is configured to reject output and input communication requests by default. Only explicitly configured communication requests are allowed. |
|
| NDR 5.2 | Zone boundary protection | SL1 | PLCnext Technology provides separate Ethernet interfaces. Each controller may require different configuration options for network segmentation. By using the netload limiter and firewall, zone boundary protection can be established. |
|
| NDR 5.2 RE1 |
Deny all, permit by exception | SL2 | PLCnext Technology provides separate Ethernet interfaces. Each controller may require different configuration options for network segmentation. By using the firewall, access via untrusted networks is managed. The firewall is configured to reject output and input communication requests by default. Only explicitly configured communication requests are allowed. |
|
| NDR 5.2 RE2 |
Island mode | SL3 | PLCnext Technology provides separate Ethernet interfaces. Each controller may require different configuration options for network segmentation. By using the Netload Limiter and firewall, zone boundary protection can be established. The firewall can be configured for each Ethernet interface. |
|
| NDR 5.3 | General purpose, person-to-person communication restrictions | SL1 | PLCnext Technology provides firewall configurations to reject output and input communication requests by default. Only explicitly configured communication requests including dedicated ports as well as IP addresses are allowed. |
|
• Published/reviewed: 2024-12-09 • Revision 015 •