Manualshelf

User Manual

ManualsBrandsSiemens ManualsBuilding automationBuilding Operator Engineering Guide
10111213141516171819
Acvatix Intelligent Valve Security
14 | 19
A6V11852371_en_h
Other Considerations in Mitigating Cybersecurity
Communication between the Intelligent Valve and Siemens Digital Services is
via the Internet where connection is always outbound traffic, initiated by
Intelligent Valve on premise, utilizing HTTPS and MQTTS.
All data communication via the Internet is encrypted using Transport Layer
Security (TLS) 1.2 and utilizes TCP port 443. Utilizing TLS ensures data
transferred is highly resistant to eavesdropping and interception. No other port
is used for outbound (to the internet) data communication.
All data communication between the Cloud servers’ endpoints and Intelligent
Valve is secured by means of X509-certificate-based authentication and
authorization.
Intelligent Valve does not support HTTP proxy.
Intelligent Valve allows for remote firmware updates initiated by authorized and
authenticated user account within customer's organization for ease-of-use and
fast fixes of security issues if applicable.
Operational certificates are renewed on a regular base to maximize security.
On-premise IT/OT Network and Intelligent Valve
Ensure Intelligent Valve installation and cloud setting configuration follows the
Intelligent Valve Engineering Guide and chooses the right network
configuration option.
Administrator credentials for Intelligent Valve should not be shared.