User Manual

ManualsBrandsSiemens ManualsBuilding automationDesigo CC MP 5.0 BACnet Server, BACnet Protocol Implementation Conformance Statement (PICS), Basic Documentation

Cybersecurity Concepts – How to Secure the System

Hardening Guidelines

72 | 85

A6V11646120_enUS_b_40

3.13.2 D2: Stand-alone Desktop Application

Applicability

Location of the physical server

On the desktop of one of the users in a controlled

office environment (not in a publicly accessible

area).

Physical/virtual server exclusivity

Non-exclusive: a computer also used for regular

office tasks.

Topic

Required Hardening

Physical server protective measures

Unplug and theft protection.

Server protective measures (Software)

Disable interfaces with memory access (FireWire,

USB 3.1).

Encrypt the hard disk.

Continuously maintained and strong antivirus

protection.

Continuously maintained desktop firewalls.

Firewalls rules not on auto allowance, UPS needed.

Server OS version and set up

Secure Windows OS installation.

Set up and maintain Windows OS security.

Keep Windows OS continuously updated by security

patches.

Enforce strong password policy.

Restrict access to users and to Desigo CC

applications.

Client OS version and set up

n/a

Client protective measures (Software)

n/a

Connection for clients inside the customer network

n/a

Connection for clients outside the customer network

(Remote access)

n/a

Remote access

Through remote desktop

Printers connectivity

Yes

IT skills of users

Low

IT skills of system administrators

Medium

IT skills of network administrators

Medium

IT skills of the installer (BT or VAP)

Medium

Field devices connectivity

Directly, through VLAN or customer networks:

customer is responsible for securing it. The

assumption is that the customer’s IT secures field

device connectivity.