ABB COM600 series 5.0 Cyber Security Deployment Manualline

Also see for COM600 series 5.0: Technical reference manual Technical reference manual

ABB COM600 series 5.0 Cyber Security Deployment Manualline Manual pdf 28 page image

COM600, selectively exclude folders containing COM600 application relatedexecutable files. Some of these folders are,• C:\Program Files(x86)\3S CODESYS\GatewayPLC• C:\Program Files(x86)\3S CODESYS\CODESYS OPC Server 3• C:\Program Files(x86)\ABB Oy\Vtrin• C:\Program Files(x86)\ABB Oy\RTDB\bin• C:\Program Files(x86)\ABB Oy\CSCommon\bin• C:\Program Files(x86)\COM610 GW SW\GAT• C:\Program Files\COM610 GW SWNever exclude Windows operating system related directoriesfrom virus scan.Quarantine policy enforced should exclude any COM600 related executable files fromany automatic delete or cleanup action. These files should be handled manually by aqualified security personnel.Secure Patch Management3.5.Windows Operating System updates3.5.1.Microsoft releases updates periodically to patch found issues and/or vulnerabilities invarious software components included in Windows operating system. These updates arecategorized as:• Critical updates – Updates to fix specific, non-security related issues.• Security updates – Updates to fix security vulnerability.• Critical – Updates to fix a vulnerability which could allow further degradation ofsystem and does that without any user action.• Important – Updates to fix a vulnerability which could allow confidentiality/integrityof user data being compromised.• Low – Updates to fix a vulnerability whose exploitation can be extremely difficult,or whose impact can be minimal.• Moderate – Updates to fix a vulnerability whose exploitation can be mitigatedthrough a configuration change.Available updates from Microsoft should be tracked periodically and checked for com-patibility prior to installation. The compatibility of latest updates from Microsoft withCOM600 specific functionality is tested and verified monthly by ABB. The test resultscan be found from COM600 product page, which includes a COM600 Patch Compatib-ility Report specifying the details. While these reports may not cover engineeringworkstation from where SAB600 application may be used, it is recommended to installall relevant updates to these workstations. For any incompatible updates found, ABBrecommends to create/revise a dated mitigation plan until compatibility issues can beaddressed.281MRS758267COM600 series 5.0Cyber Security Deployment Guideline