ABB COM600 series 5.0 Cyber Security Deployment Manualline

Also see for COM600 series 5.0: Technical reference manual Technical reference manual

ABB COM600 series 5.0 Cyber Security Deployment Manualline Manual pdf 14 page image

a password for COM600 user account. See Appendix 1 for details on how to launchGateway Management Tool.Administrator user accountThe default Administrator user account available from Windows operating system isdisabled in COM600 device. This account is not required for COM600 functioning andcan be left disabled. If this account is enabled for other reasons, it is recommended toassign a password that meets all complexity requirements as defined by the passwordsecurity policy.User groups3.1.4.COM600 user accounts can be classified into four user groups based on the actions thatthey can be allowed to perform. These four user groups include COM600-Viewer,COM600-Operator, COM600-Engineer and COM600-Administrator. These usergroups are available in COM600 by default. When creating a new user account inCOM600, assign it to any of these COM600 user groups.Based on the user group assigned for a particular user account, a customized user interfaceis provided by COM600 WebHMI that limits/allows a specific function/operation.The user accounts can be grouped and managed either using COM600 WebHMI or usingtypical Windows User Account Management.Refer to User Management section in COM600 Operator’s Manual for detailed inform-ation on access permissions to various COM600 interfaces available for these user groups.The table below shows a summary of access permissions for these user groups.Access permission summaryUser Group nameOnly allowed to view.COM600-ViewerAuthorized to make control operations.COM600-OperatorAuthorized to make parameter setting changes,but limited from control operations.COM600-EngineerFull access.COM600-AdministratorLocal security policy3.1.5.Security related settings in Windows operating system can be managed through securitypolicies. These operating system wide security policies provide a comprehensive set ofconfiguration that can be performed to allow/disallow a particular behavior by a specificuser/user group. Security policies defined within COM600 can be viewed/edited throughLocal Security Policy Editor.141MRS758267COM600 series 5.0Cyber Security Deployment Guideline