Security recommendations checklist
This list is a summary of all requirements from the security recommendations section. Note that this list is meant to be a means of assistance and can be printed, for example.
Actions against system-wide threats
| Implementers of security shall... | |
|---|---|
| ...ensure that workloads are only taken from trustworthy sources and/or analyzed for security threats. | |
| ...ensure that workloads do not accept executables or scripts as configurations. |
Actions against node-related threats
| Implementers of security shall... | |
|---|---|
| ...ensure that at least one user with node admin permissions logs in on the node to deactivate the local user. | |
| ...ensure that each node has unique credentials. | |
| ...use state of the art measures such as training and workplace security to prevent credentials from leaking. | |
| ...ensure the integrity and security of their local workload repository, if used. | |
| ...ensure the integrity and security of their external backup server, if used. | |
| ...take adequate measures to ensure that unencrypted communication to the Nerve node's local user interface or API does not compromise system security. | |
| ...ensure that the network configuration of workloads aligns with the security concept of the system. | |
| ...ensure that the DNA files do not contain credentials. | |
| ...ensure the integrity of the DNS service in the network to which the WAN interface of the node is connected. | |
| ...ensure that resource constraint configuration is done correctly to avoid overcommitment of resources. | |
| ...ensure that the Management System is legitimate before performing Node image updates. |
| Implementers of security should... | |
|---|---|
| ...use the Nerve DNA feature with hashes and signature for deployment of applications. | |
| ...monitor resource consumption periodically, including audit log partition or create an alert to ensure system availability. | |
| ...use Node DNA to define the configuration of the node. | |
| ...use the production mode to prevent access to the node. | |
| ...test workloads for resource leaking. |
Actions against Management System-related threats
| Implementers of security shall... | |
|---|---|
| ...use state of the art measures such as training and workplace security to prevent credentials from leaking. Consider using organization-wide credential management by connecting the Nerve Management System through LDAP. Otherwise, it's recommended to activate multi-factor authentication for Management System users. | |
| ...use state of the art measures such as training and workplace security to prevent the node secure ID from leaking. | |
| ...ensure the identity of the onboarded node in their onboarding process, e.g. by adding a manual verification of the serial number to the procedure. | |
| ...follow the guidelines when running an on-premise Management System. |
Secure installation
| Implementers of security shall... | |
|---|---|
| ...ensure physical protection against physical access to the device to avoid an unauthorized user accessing sensible data on the disk. | |
| ...ensure that physical access to the network cables is limited in order to protect the network within the machine. Whenever possible, select a secure connection to devices. | |
| ...ensure that no Nerve interface is directly exposed to the internet. | |
| ...ensure that an authorized user logs in during the installation process. | |
| ...ensure that a password is set on the BIOS and disable other boot sources before installation. | |
| ...verify the digital signature of the installer before installation. |
Node configuration
| Implementers of security shall... | |
|---|---|
| ...ensure that only personal with sufficient training is allowed to access the node. | |
| ...configure only those networks on a Nerve node which are needed for operation. | |
| ...place the node behind a firewall allowing access only to the Management System over HTTPS. If workloads provide access to additional ports, the workloads should be hardened to prevent unauthorized access and the firewall configuration should be adapted. | |
| ...activate the feature to require local acknowledgement for remote access where possible. |
Workload configuration
| Implementers of security shall... | |
|---|---|
| ...ensure that only personnel with sufficient know-how of security shall configure Nerve workloads. | |
| ...ensure that security implications of the Docker Compose YAML and virtual machine XML configurations are suitable for the given system. | |
| ...make use of the option to reserve and limit resources for Nerve workloads. | |
| ...configure remote access routes only in line with their security concept. | |
| ...allow remote access configuration only for users with sufficient know-how of the security concept. |
Secure operation
| Implementers of applications on Nerve shall... | |
|---|---|
| ...follow a secure life-cycle process for their applications running on Nerve. |
| Implementers of security shall... | |
|---|---|
| ...ensure that there is a process to read and act upon the security information provided by the Nerve team through the given contact address. | |
| ...create a process to verify that the version and configurations of Nerve software correspond to the desired state. | |
| ...create a process to periodically review audit logs for unexpected or unauthorized access. |
| Implementers of security should... | |
|---|---|
| ...create, deploy and sell their systems based on Nerve in a way that frequent security updates are acceptable. |
Account management
| Implementers of security shall... | |
|---|---|
| ...assign roles to users based on the concept of minimum privilege. | |
| ...assign the right to create, configure or modify workloads only to users with sufficient need and expertise. | |
| ...assign the right to create, configure or modify remote connections only to users with sufficient need and expertise. | |
| ...follow best practices for account management, e.g. review all user accounts and their permissions periodically and remove the ones which are not needed anymore. | |
| ...ensure that only those people with sufficient need and security know-how shall be able to obtain the local node credentials. |
Secure disposal
| Implementers of security shall... | |
|---|---|
| ...ensure that a process exists to securely delete or destroy all data on decommissioned systems. |
Self-hosted Management System
| The hosting environment shall... | |
|---|---|
| ...ensure that the hosting VM uses a precision time source (NTP). | |
| ...ensure that the hosting VM protects the data at rest. | |
| ...implement and enforce a process to limit access to the hosting virtual machine to authorized users only. | |
| ...implement a process to regularly patch the OS of the hosting virtual machine. | |
| ...ensure that the Management System is protected against unauthorized network access. | |
| ...have a process to check the integrity and authenticity of Docker images delivered by TTTech for the Management System. | |
| ...have a process to generate and update unique and strong passwords as needed by the Management System. | |
| ...review and verify the configuration provided to the Management System. | |
| ...implement and operate a monitoring and alerting system according to TTTech recommendation. | |
| ...implement and operate a backup and recovery system for the data of the Management System in accordance with IEC62443-4-2. | |
| ...implement a process for protection and periodic rotation of the certificate used by the Management system to protect HTTPS communication. |