Recommended Actions for Cybersecurity
Your device is designed to be used in a protected environment that uses a defense in depth strategy.
To help secure your device, you must take specific actions at every stage of the project life-cycle.
The following table lists the actions we recommend you take to help secure your device in a protected environment, organized by life-cycle stage:
| Life cycle stage | Recommended action | Defense-in-depth role |
|---|---|---|
|
Plan |
Review cybersecurity awareness |
Use available resources to increase your cybersecurity knowledge and awareness. |
|
Review the system defense-in-depth assumptions. Refer to the Panel Server Cybersecurity Guide. |
Understand the security measures expected to be provided by the external environment in which the device is to be used. These include, but are not limited to:
|
|
|
Review the device security features |
Understand how the device security features can be used in a protected environment. |
|
|
Review the security risks and compensation controls |
Understand known security risks and the compensation controls to help minimize the risks. |
|
|
Install and configure |
Check the state of the anti-tamper label before installation of the device. Refer to Physical Security of the Device in the Panel Server Cybersecurity Guide. |
Tamper-evident label prevents modification of the device before installation. |
|
Follow the installation guidelines. Refer to Physical Security of the Device in the Panel Server Cybersecurity Guide. |
Help reduce unauthorized physical access. |
|
|
Help reduce unauthorized access. Default account settings are often the source of unauthorized access by malicious users. |
||
|
Change the Panel Server user password and Wi-Fi access point password |
Create strong passwords following the guidelines. Default account settings and weak passwords are often the source of unauthorized access by malicious users. |
|
|
Disable unused protocols and ports. Refer to Disable Unused Features in the Panel Server Cybersecurity Guide. |
Disable unnecessary and unused communication protocols and ports, for example, Wi-Fi, Wi-Fi access point, IEEE.802.15.4. |
|
|
Operate |
Encrypt backup configuration files. Refer to Backup Function in the Panel Server Cybersecurity Guide. |
Use strong passwords to encrypt configuration backup files. Unprotected files and weak passwords can be the source of unauthorized access by malicious users |
|
Manage access to domains. Refer to Cloud Application Security in the Panel Server Cybersecurity Guide. |
Limit access to known and required domains, according to your needs. |
|
|
Report suspicious activity, a cybersecurity incident, or a vulnerability to Schneider Electric Cybersecurity Support Portal web page. |
||
|
Maintain |
Update to the latest firmware version to benefit from the latest security patches. |
|
|
Monitor the audit logs for unexpected activity and to help identify the cause of cybersecurity breaches that could lead to a cybersecurity incident. |
||
|
Check the state of the anti-tamper label regularly. Refer to Physical Security of the Device in the Panel Server Cybersecurity Guide. |
Tamper-evident label prevents modification of the device. |
|
|
Check the connected devices for the presence of unknown devices. Refer to Connected Devices in the Panel Server Cybersecurity Guide. |
Locate and remove unknown devices to help protect the system against cybersecurity breaches. |
|
|
Keep your network security up to date. |
Helps reduce your attack surface, decreasing the likelihood of a vulnerability. |
|
|
Perform security audits |
Help verify the security status of your system. |
|
|
Decommission |
Help prevent the potential disclosure of data. |