Requirements for System Integrity

The

FactoryTalk® AssetCentre

server centrally tracks and manages configuration changes and restricts who can make changes based on

FactoryTalk® Security

settings. This server functionality assists with diagnostics and troubleshooting and reduces maintenance time for production assets.

Configure the feature security for users to limit access to action such as triggering download of

DeviceLogix™

(applicable for I/O mode only) program, downloading firmware to the drive and configure the Device Monitor - Change Detect operation. For more information, see Configure System Security Features User Manual, publication SECURE-UM001.

Configure the routing and logging option of the

FactoryTalk®

Diagnostics. Monitor security-related events by setting up audit policies. For more information, see FactoryTalk Security System Configuration Guide, publication FTSEC-QS001.

FactoryTalk® Policy Manager

is a secure configuration tool that is one of a set of products that

Rockwell Automation®

uses to implement

CIP Security™

.

CIP Security™

helps to provide a secure data transport across an

EtherNet/IP™

network. Use

FactoryTalk® Policy Manager

software to create zones and turn on

CIP Security™

to differentiate trusted and untrusted devices.

For more information, see CIP Security with Rockwell Automation Products, publication SECURE-AT001.

Applicable for I/O mode only:

HIM and Communication option cards are connected to the drive through DPI ports and should be secured by configuring the mask parameters in the drive.

After product commissioning, HIM should be either removed or set to read-only mode. To remove HIM, see instruction on PowerFlex 20-HIM-A6 and 20-HIM-C6S HIM User Manual, publication 20HIM-UM001.

Communication option cards should also be disallowed from controlling the logic command (start, jog, change of direction, and so forth) of the drive.

The following mask parameters can be used to configure the control to logic command and to set read-only mode:

For more information, see CIP Security with Rockwell Automation Products, publication SECURE-AT001.

Applicable for

CIP™

Motion mode only:

HIM can only be used for monitoring and cannot be used to control the drive or change configuration settings. For more information, see Integrated Motion on the EtherNet/IP Network: Configuration and Startup User Manual, publication MOTION-UM003.

Actively managed physical access to the drive and its HIM.

Secure physical access to the drive and HIM by limiting physical access through locked cabinets and raising awareness of threats through training and communication to personnel.

For more information, see System Security Design Guidelines Reference Manual, publication SECURE-RM001.

Use ControlFLASH Plus® or ControlFLASH™ software to update drive firmware.

Digitally signed firmware files have a DMK (Device Management Kit) extension. ControlFLASH™ software authenticates the origin of a DMK file and validates the file before download in the device.

To meet IEC-62443-4-2 SL 1 security requirements, you must use a certified version of the

TotalFORCE®

Control drive firmware revision 13.002 or later. We recommend that you use the latest revision from Rockwell Automation official download portal Product Compatibility & Download Center at

rok.auto/pcdc

.

Applicable for I/O mode only:

There are 5 fault action options (fault, stop, zero data, hold last and send Flt Cfg) available that can be set when certain fault occurs.

Configure based on use case if the default action (fault) is not suitable.

Configure based on use case if the default action (fault) is not suitable. For more information, see PowerFlex Drives with TotalFORCE Control Built-in EtherNet/IP Adapter User Manual, publication 750COM-UM009.

Applicable for

CIP™

Motion mode only:

Configure actions for faults through

Studio 5000 Logix Designer®

. For more information, see Integrated Motion on EtherNet/IP Networks for PowerFlex 755T Products with TotalFORCE Control Application Technique, publication 750-AT007.