User Manual

ManualsBrandsSiemens ManualsBuilding automationDesigo CC MP 5.0 BACnet Server, BACnet Protocol Implementation Conformance Statement (PICS), Basic Documentation

Cybersecurity Concepts – How to Secure the System

Hardening Guidelines

3

A6V11646120_enUS_b_40

77 | 85

3.13.5 D5: Client/Server Application in a Professional IT

Environment

Applicability

Location of the physical server

Unrestricted server room

Physical/virtual server exclusivity

Exclusive: Server only hosts Desigo CC

applications.

Topic

Required Hardening

Physical server protective measures

Server machine locked in cabinet.

Unplug and theft protection.

Server protective measures (Software)

Disable interfaces with memory access (FireWire,

USB 3.1).

Encrypt the hard disk.

Continuously maintained and strong antivirus

protection.

Continuously maintained desktop firewalls.

Firewalls rules not on auto allowance, UPS needed.

FEP in enclosed environment (locked cabinet).

Server OS version and set up

Patched secure Windows installation.

Set up and maintain Windows security.

Keep Windows OS continuously updated by security

patches.

Enforce strong password policy.

Restrict access to users and to Desigo CC

applications.

Secured network configuration (for example,

managed access rights to network folders).

Advanced malware protection.

Automated backup.

Client OS version and set up

Secure Windows OS installation.

Set up and maintain Windows security.

Keep Windows OS continuously updated by security

patches.

Enforce strong password policy.

Restrict access to users and to Desigo CC

applications.

Managed certificates and credentials.