iec62443-4-2-FR-5 ================= .. contents:: +---------+------------------+------------------+--------------------------+------------------+----------------------------+ | Req ID | Requirement name | Supported | Need | Need HW | Status if | | | | by CIP | application | solution | supported | | | | | support | | by CIP | +=========+==================+==================+==========================+==================+============================+ | CR-5.1 | Network | FALSE | TRUE | FALSE | N.A. | | | segmentation | | | | | +---------+------------------+------------------+--------------------------+------------------+----------------------------+ | NDR-5.2 | Zone | FALSE | TRUE | FALSE | N.A. | | | boundary | | | | | | | protection | | | | | +---------+------------------+------------------+--------------------------+------------------+----------------------------+ | NDR-5.2 | Deny all, | FALSE | TRUE | FALSE | N.A. | | RE(1) | permit by | | | | | | | exception | | | | | +---------+------------------+------------------+--------------------------+------------------+----------------------------+ | NDR-5.2 | Island | FALSE | TRUE | FALSE | N.A. | | RE(2) | mode | | | | | +---------+------------------+------------------+--------------------------+------------------+----------------------------+ | NDR-5.2 | Fail | TRUE | FALSE | TRUE | N.A. | | RE(3) | close | | | | | +---------+------------------+------------------+--------------------------+------------------+----------------------------+ | NDR-5.3 | General | FALSE | TRUE | FALSE | N.A. | | | purpose, | | | | | | | person- | | | | | | | to-person | | | | | | | communication | | | | | | | restrictions | | | | | +---------+------------------+------------------+--------------------------+------------------+----------------------------+ | CR-5.4 | Application | FALSE | FALSE | FALSE | N.A. | | | partitioning | | | | | +---------+------------------+------------------+--------------------------+------------------+----------------------------+ Tests reference and CIP recommendation -------------------------------------- +-----------------+-----------------+-----------------+-----------------+ | Req ID | Status if | IEC-62443-4-2 | CIP | | | supported by | tests reference | recommendation | | | CIP | | | +=================+=================+=================+=================+ | CR-5.1 | N.A. | None | CIP does not | | | | | support this | | | | | requirement.CIP | | | | | users should | | | | | meet this | | | | | requirement by | | | | | using common | | | | | networking | | | | | protocols that | | | | | are supported | | | | | by switches and | | | | | routers to | | | | | implement | | | | | network | | | | | segmentation | +-----------------+-----------------+-----------------+-----------------+ | NDR-5.2 | N.A. | None | This is a | | | | | product | | | | | specific | | | | | requirement, it | | | | | should be met | | | | | by CIP users by | | | | | using CIP | | | | | provided | | | | | packages. | +-----------------+-----------------+-----------------+-----------------+ | NDR-5.2 RE(1) | N.A. | None | Same as NDR-5.2 | +-----------------+-----------------+-----------------+-----------------+ | NDR-5.2 RE(2) | N.A. | None | Same as NDR-5.2 | +-----------------+-----------------+-----------------+-----------------+ | NDR-5.2 RE(3) | N.A. | None | Same as NDR-5.2 | +-----------------+-----------------+-----------------+-----------------+ | NDR-5.3 | N.A. | None | This is a | | | | | product | | | | | specific | | | | | requirement and | | | | | has to be met | | | | | by CIP | | | | | users.This can | | | | | be done by | | | | | blocking | | | | | specific ports | | | | | that are used | | | | | by applications | | | | | to communicate | | | | | general purpose | | | | | messages | | | | | between person | | | | | to person | +-----------------+-----------------+-----------------+-----------------+ | CR-5.4 | N.A. | None | No component | | | | | level | | | | | requirement | +-----------------+-----------------+-----------------+-----------------+