IEC 62443-4-2 product compliance
This chapter provides a mapping between the requirements from IEC62443-4-2 and the Nerve features.
Management System
The security compliance differs between Management System hosted by TTTech and Management System self-managed by a customer. When the Management System is self-managed additional security measures are required as described in Management System guidelines.
FR 1 – Identification and authentication control (IAC)
| Requirement | Description | Compliance | Links |
|---|---|---|---|
| CR1.1 | Human user identification and authentication | OK | User management Authentication |
| CR1.1. RE(1) | Unique identification and authentication | OK | Adding a new user |
| CR1.2 | Software process and device identification and authentication | OK | Adding a node |
| CR1.3 | Account management | OK | User management |
| CR1.4 | Identifier management | OK | User management LDAP |
| CR1.5 | Authenticator management | OK | User management LDAP |
| CR1.7 | Strength of password-based authentication | OK | Configuration LDAP |
| CR1.10 | Authenticator feedback | OK | Feedback is only "Invalid credentials" |
| CR1.11 | Unsuccessful login attempts | OK | Logging in Configuration |
| CR1.12 | System use notification | OK | Notifications |
| CR1.13 | Access via untrusted networks | NA | Protected by firewall Network |
FR2 – Use control (UC)
| Requirement | Description | Compliance | Links |
|---|---|---|---|
| CR2.1 | Authorization enforcement | OK | Roles |
| CR2.1 RE(1) | Authorization enforcement for all users | OK | Roles |
| CR2.1 RE(2) | Permission mapping to roles | OK | Roles |
| CR2.4, SAR, EDR, HDR | Mobile code | OK | JavaScript code Docker-Image |
| CR2.4 RE(1) SAR, EDR, HDR | Mobile code authenticity check | OK | JavaScript code Docker-Image |
| CR2.5 | Session lock | OK | Logging in |
| CR2.6 | Remote session termination | OK | Remote-termination Configuration |
| CR2.8 | Auditable events | OK | Audit-logs |
| CR2.9 | Audit storage capacity | OK | Operations |
| CR2.10 | Response to audit processing failures | OK | Operations |
| CR2.11 | Timestamps | OK | Audit-logs |
| CR2.11 RE(1) | Time synchronization | OK | Time |
| CR2.12 | Non-repudiation | OK | Audit-logs |
| CR2.13 EDR | Use of physical diagnostic and test interfaces | NA | Cloud based system |
FR3 – System integrity (SI)
| Requirement | Description | Compliance | Link |
|---|---|---|---|
| CR3.1 | Communication integrity | OK | The communication with the Management System occurs only over HTTPS (TLS 1.2 or TLS1.3). Operations |
| CR3.1 RE(1) | Communication authentication | OK | The communication with the Management System is authenticated and encrypted. |
| CR3.2 SAR | Protection from malicious code | OK | Operations |
| CR3.3 | Security functionality verification | OK | Security-verification |
| CR3.4 | Software and information integrity | OK | TTTech verifies the signature of the Docker images. Relevant configurations are protected. |
| CR3.4 RE(1) | Authenticity of software and information | OK | The signature of the Docker images is checked at boot and during update. Update |
| CR3.5 | Input validation | OK | TTTech ensures through software testing that input validation is effective. |
| CR3.7 | Error handling | OK | TTTech ensures through software testing that input validation is effective and does not leak information. |
| CR3.8 | Session integrity | OK | TTTech ensures through software testing that session integrity is guaranteed. |
| CR3.9 | Protection of audit information | OK | The protection is ensured through enforcement of the OpenSearch permissions and by limiting access to the hosting VM. |
| CR3.10 EDR, HDR | Support for updates | NA (MS is SAR only) | The Update is performed as part of hosting activities. |
| CR3.10 RE(1) EDR, HDR | Update authenticity and integrity | NA (MS is SAR only) | The Update is performed as part of hosting activities. |
| CR3.11 EDR.HDR | Physical tamper resistance and detection | NA | Cloud based system |
| CR3.12 EDR, HDR | Provisioning product supplier roots of trust | NA | Cloud based system |
| CR3.14 EDR, HDR | Integrity of the boot process | NA | Cloud based system |
| CR3.14 (1) EDR, HDR | Authenticity of the boot process | NA | Cloud based system |
All requirements applicable only to EDR and HDR devices are not relevant for the Management System.
FR 4 – Data confidentiality (DC)
| Requirement | Description | Compliance | Link |
|---|---|---|---|
| CR4.1 | Information confidentiality | OK | The Management System can only be accessed over HTTPS. Refer to Certificates, Data is protected at rest refer to Data at rest. Integrity of backup is guaranteed, refer to Backup |
| CR4.2 | Information persistence | OK | Decommissioning |
| CR4.3 | Use of cryptography | OK | TTTech uses well-known cryptographic libraries. |
FR 5 – Restricted data flow (RDF)
| Requirement | Description | Compliance | Link |
|---|---|---|---|
| FR 5.1 | Network segmentation | NA | Cloud based system |
FR 6 – Timely response to events (TRE)
| Requirement | Description | Compliance | Link |
|---|---|---|---|
| CR6.1 | Audit log accessibility | OK | Audit-logs |
| CR6.2 | Continuous monitoring | OK | Monitoring |
FR 7 – Resource availability (RA)
| Requirement | Description | Compliance | Link |
|---|---|---|---|
| CR7.1 | Denial of service protection | OK | The Management System is protected by applying rate-limit on all API endpoints |
| CR7.1 RE(1) | Manage communication load from component | OK | The Management System is protected by applying bandwidth limit on all API endpoints and on MQTT communication. |
| CR7.2 | Resource management | OK | Resources |
| CR7.3 | Control system backup | OK | Backup |
| CR7.3 RE(1) | Backup integrity verification | OK | Backup |
| CR7.4 | Control system recovery and reconstitution | OK | Backup |
| CR7.6 | Network and security configuration settings | NA | Not relevant to the control system. |
| CR7.7 | Least functionality | OK | Only needed services are run. |
| CR7.8 | Control system component inventory | OK | Endpoints nerve/update/cloud/current-version in the MS API |
Nerve Node
The compliance to IEC62443-4-2 is related to Nerve as a platform.
FR 1 – Identification and authentication control
| Requirement | Description | Compliance | Links |
|---|---|---|---|
| CR1.1 | Human user identification and authentication | OK | Node Permissions and Users |
| CR1.1. RE(1) | Unique identification and authentication | OK | Node Permissions and Users |
| CR1.2 | Software process and device identification and authentication | OK | Node identification |
| CR1.3 | Account management | OK | Part of Management System account management. |
| CR1.4 | Identifier management | OK | Part of Management System identifier management. |
| CR1.5 | Authenticator management | OK | Part of Management System authenticator management. |
| CR1.7 | Strength of password-based authentication | OK | Management System |
| CR1.10 | Authenticator feedback | OK | Feedback is only "Invalid credentials" |
| CR1.11 | Unsuccessful login attempts | OK | Node DNA |
| CR1.12 | System use notification | OK | Node DNA |
| CR1.13 | Access via untrusted networks | NA | Protection by a firewall is recommended. Network |
FR2 – Use control
| Requirement | Description | Compliance | Links |
|---|---|---|---|
| CR2.1 | Authorization enforcement | OK | Roles |
| CR2.1 RE(1) | Authorization enforcement for all users | OK | Roles |
| CR2.1 RE(2) | Permission mapping to roles | OK | Mapping |
| CR2.4, SAR, EDR, HDR | Mobile code | OK | JavaScript code |
| CR2.4 RE(1) SAR, EDR, HDR | Mobile code authenticity check | OK | JavaScript code |
| CR2.5 | Session lock | OK | The session is renewed on user activity. The user was logged out due to inactivity. |
| CR2.6 | Remote session termination | OK | Remote-termination Configuration |
| CR2.8 | Auditable events | OK | Node audit logs |
| CR2.9 | Audit storage capacity | OK | Audit logs |
| CR2.10 | Response to audit processing failures | OK | Node Monitoring |
| CR2.11 | Timestamps | OK | Node audit logs |
| CR2.11 RE(1) | Time synchronization | OK | The Node can synchronize to an NTP server when it is configured via DHCP. |
| CR2.12 | Non-repudiation | OK | Node audit logs |
| CR2.13 EDR | Use of physical diagnostic and test interfaces | OK | The BIOS password is set as part of the delivery process. |
FR3 – System integrity
| Requirement | Description | Compliance | Link |
|---|---|---|---|
| CR3.1 | Communication integrity | OK | The communication with the Management System occurs over HTTPS (MQTT over secure websocket or plain HTTPS). The communication to the Local UI occurs over a dedicated physical port or over a SSH tunnel. For information about workloads, refer to Application. |
| CR3.1 RE(1) | Communication authentication | OK | The communication with the Management System is authenticated and encrypted. |
| CR3.2 EDR HDR | Protection from malicious code | OK | The filesystem for Nerve binaries is read only. |
| CR3.3 | Security functionality verification | OK | Security-verification |
| CR3.4 | Software and information integrity | OK | Docker ensures the integrity of the images. |
| CR3.4 RE(1) | Authenticity of software and information | OK | Secure Boot is activated, and dm-verity checks filesystem integrity during system boot. |
| CR3.5 | Input validation | OK | TTTech ensures through software testing that input validation is effective. |
| CR3.7 | Error handling | OK | Error messages do not leak information. |
| CR3.8 | Session integrity | OK | TTTech ensures through software testing that session integrity is guaranteed. |
| CR3.9 | Protection of audit information | OK | Separate partition for audit logs is in use. The log rotation is implemented. |
| CR3.10 EDR, HDR | Support for updates | OK | Node-update |
| CR3.10 RE(1) EDR, HDR | Update authenticity and integrity | OK | The integrity and authenticity is checked by verifying the signature of the downloaded image with the reference provided by the Management System. |
| CR3.11 EDR.HDR | Physical tamper resistance and detection | OK | When delivered by TTTech the devices include anti-tampering measures. |
| CR3.12 EDR, HDR | Provisioning product supplier roots of trust | OK | When delivered by TTTech, the keys for secure boot are installed in a secure environment. |
| CR3.14 EDR, HDR | Integrity of the boot process | OK | Secure boot and dm-verity are activated for nodes installed with a version 3.0.0 or greater and having a TPM2. |
| CR3.14 (1) EDR, HDR | Authenticity of the boot process | OK | Secure boot and dm-verity are activated for nodes installed with a version 3.0.0 or greater and having a TPM2. |
!!! note "Note" The compliance matrix covers the case for which TTTech delivers the hardware (MFN200 or Fitlet3).
FR 4 – Data confidentiality
| Requirement | Description | Compliance | Link |
|---|---|---|---|
| CR4.1 | Information confidentiality | OK | User data is stored in a partition protected by disk encryption. |
| CR4.2 | Information persistence | OK | User workloads are deleted during the offboarding process. Keys are deleted during the factory reset process. |
| CR4.3 | Use of cryptography | OK | TTTech uses well-known cryptographic libraries. |
FR 5 – Restricted data flow
| Requirement | Description | Compliance | Link |
|---|---|---|---|
| FR 5.1 | Network segmentation | OK | Network |
FR 6 – Timely response to events
| Requirement | Description | Compliance | Link |
|---|---|---|---|
| CR6.1 | Audit log accessibility | OK | Audit-logs |
| CR6.2 | Continuous monitoring | OK | Node-Monitoring, Node-Alerting |
FR 7 – Resource availability
| Requirement | Description | Compliance | Link |
|---|---|---|---|
| CR7.1 | Denial of service protection | OK | DoS |
| CR7.1 RE(1) | Manage communication load from component | OK | DoS |
| CR7.2 | Resource management | OK | The critical resources on the node are protected by cgroups. |
| CR7.3 | Control system backup | OK | Backup/Restore |
| CR7.3 RE(1) | Backup integrity verification | OK | Backup/Restore |
| CR7.4 | Control system recovery and reconstitution | OK | Backup/Restore |
| CR7.6 | Network and security configuration settings | OK | Network |
| CR7.7 | Least functionality | OK | Only needed services are run. |
| CR7.8 | Control system component inventory | OK | The REST-API provides the necessary information ( /api/setup/node/info and /api/version ) |