Recommended Actions for Cybersecurity
Your device is designed to be used in a protected environment that uses a defense-in-depth strategy.
To help secure your device, you must take specific actions at every stage of the project life-cycle.
The following table lists the recommended actions for you to take to help secure your device in a protected environment, organized by life-cycle stage:
| Life cycle stage | Recommended action | Defense-in-depth role |
|---|---|---|
|
Plan |
Use available resources to increase your cybersecurity knowledge and awareness. |
|
|
Review the system defense-in-depth assumptions. Follow the recommendations in this guide. |
Understand the security measures expected to be provided by the external environment in which the device is to be used. These include, but are not limited to:
|
|
|
Review the device security features. Refer to Security Capabilities in DOCA0172•• Panel Server User Guide. |
Understand how the device security features can be used in a protected environment. |
|
|
Review the security risks and compensation controls. Refer to Security Capabilities in DOCA0172•• Panel Server User Guide. |
Understand known security risks and the compensation controls to help minimize the risks. |
|
|
Install and configure |
Check the state of the anti-tamper label before installation of the device. |
Tamper-evident label prevents modification of the device before installation. |
|
Help reduce unauthorized physical access. |
||
|
Change the default password at first login. Refer to User Management in DOCA0172•• Panel Server User Guide. |
Help reduce unauthorized access. Default account settings are often the source of unauthorized access by malicious users. |
|
|
Change the Panel Server user password and Wi-Fi access point password. Refer to User Management and Wi-Fi Access Point in DOCA0172•• Panel Server User Guide. |
Create strong passwords following the guidelines. Default account settings and weak passwords are often the source of unauthorized access by malicious users. |
|
|
Disable unnecessary and unused communication protocols and ports, for example, Wi-Fi, Wi-Fi access point, IEEE.802.15.4. |
||
|
Operate |
Use strong passwords to encrypt configuration backup files. Unprotected files and weak passwords can be the source of unauthorized access by malicious users |
|
|
Limit access to known and required domains, according to your needs. |
||
|
Report suspicious activity, a cybersecurity incident, or a vulnerability to Schneider Electric Cybersecurity Support Portal web page. |
||
|
Maintain |
Maintain firmware up to date. Refer to Firmware Update in DOCA0172•• Panel Server User Guide. |
Update to the latest firmware version to benefit from the latest security patches. |
|
Monitor the audit log for unexpected behaviors. Refer to Diagnostics Logs in DOCA0172•• Panel Server User Guide. |
Monitor the audit logs for unexpected activity and to help identify the cause of cybersecurity breaches that could lead to a cybersecurity incident. |
|
|
Tamper-evident label prevents modification of the device. |
||
|
Check the connected devices for the presence of unknown devices. |
Locate and remove unknown devices to help protect the system against cybersecurity breaches. |
|
|
Keep your network security up to date. |
Helps reduce your attack surface, decreasing the likelihood of a vulnerability. |
|
|
Perform security audits |
Help verify the security status of your system. |
|
|
Decommission |
Reset the device to factory settings. Refer to Security Recommendations for Decommissioning in DOCA0172•• Panel Server User Guide. |
Help prevent the potential disclosure of data. |