iec62443-4-2-FR-5
Req ID |
Requirement name |
Supported by CIP |
Need application support |
Need HW solution |
Status if supported by CIP |
|---|---|---|---|---|---|
CR-5.1 |
Network segmentation |
FALSE |
TRUE |
FALSE |
N.A. |
NDR-5.2 |
Zone boundary protection |
FALSE |
TRUE |
FALSE |
N.A. |
NDR-5.2 RE(1) |
Deny all, permit by exception |
FALSE |
TRUE |
FALSE |
N.A. |
NDR-5.2 RE(2) |
Island mode |
FALSE |
TRUE |
FALSE |
N.A. |
NDR-5.2 RE(3) |
Fail close |
TRUE |
FALSE |
TRUE |
N.A. |
NDR-5.3 |
General purpose, person- to-person communication restrictions |
FALSE |
TRUE |
FALSE |
N.A. |
CR-5.4 |
Application partitioning |
FALSE |
FALSE |
FALSE |
N.A. |
Tests reference and CIP recommendation
Req ID |
Status if supported by CIP |
IEC-62443-4-2 tests reference |
CIP recommendation |
|---|---|---|---|
CR-5.1 |
N.A. |
None |
CIP does not support this requirement.CIP users should meet this requirement by using common networking protocols that are supported by switches and routers to implement network segmentation |
NDR-5.2 |
N.A. |
None |
This is a product specific requirement, it should be met by CIP users by using CIP provided packages. |
NDR-5.2 RE(1) |
N.A. |
None |
Same as NDR-5.2 |
NDR-5.2 RE(2) |
N.A. |
None |
Same as NDR-5.2 |
NDR-5.2 RE(3) |
N.A. |
None |
Same as NDR-5.2 |
NDR-5.3 |
N.A. |
None |
This is a product specific requirement and has to be met by CIP users.This can be done by blocking specific ports that are used by applications to communicate general purpose messages between person to person |
CR-5.4 |
N.A. |
None |
No component level requirement |