42 Safety notesInstallation and Operating Instructions CGLine+ Web-Controller 40071860236 (E) February 2019 www.eaton.com2 Safety notesCAUTIONn The CGLine web interface must be operated in an undam-aged and functional state.n When carrying out maintenance work to the device thedevice must be switched off.n When carrying out device maintenance, observe nationalsafety and accident prevention regulations and the safetynotes in the operating instructions below designated with.3 Conformity to standardsCompliant with: EN 60950-1. Developed, manufactured andtested according to DIN EN ISO 9001.CYBERSECURITYThis chapter provides guidelines to securely deploy theCGLine+ Web-Controller and minimize the cybersecurity riskto the installer system.n Asset identification and inventory: Ensure that the CGLine+Web-Controller is labelled and inventoried using the Partnum¬ber and Mac address printed on the product label,and also the IP address configured during the installation ofthe material and actual firmware version.n Restrict Physical access: Ensure that physical access to theCGLine+ Web-Controller is restricted only to authorizeduser(s). CGLine+ Web-Controller supports the physicalaccess ports RJ-45, USB that can be used to tamper thedevice. Access to these ports should be restricted to autho-rized personnel only. Secure the facility and equipmentrooms or closets with access control mechanisms such aslocks, entry card readers, guards, man traps, CCTV, etc. asappropriate. Monitor and log the access at all times. Beforeconnecting any portable device through a USB port or SDcard slot, scan the device to prevent unauthorized access.n Restrict Logical access: Access to ‘Admin’ & ‘Service’ useraccounts should be restricted to authorized personnel onlyas system configuration can be tampered by abusing theseaccounts. Ensure password length, complexity and expira-tion requirements are appropriately set, particularly for alladministrative accounts (e.g., minimum 10 characters, mixof upper- and lower-case and special characters, and expireevery 90 days, or otherwise in accordance with your organi-zation’s policies).n Restrict Network Access: Ideally, CGLine+ Web-Controllershould be installed on a segregated network. However,when the CGLine+ Web-Controller is connected to a widernetwork, make sure that the IP address and MAC addressare filtered at the router side, or using a firewall. In additionto this, open only the ports used by the CGLine+ Web-Controller (SMTP as configured, 587 for SMTPS, 443 forHTTPS, and 5000 for OPC communication).n Logging and event management: Make sure you log all rel-evant system and application events, including all admin-istrative and maintenance activities. Logs should be pro-tected from tampering and other risks to their integrity (forexample, by restricting permissions to access and modifylogs, transmitting logs to a security information and eventmanagement system, etc.). Ensure that logs are retained fora reasonable and appropriate length of time. Review thelogs regularly. The frequency of review should be reason-able, taking into account the sensitivity and criticality ofthe CGline+ Web-Controller and any data it processes. Thedetails how to export the logs are defined in chapter 7.14.n Secure maintenance: In case the firmware of the deviceneeds to be updated, you will be contacted by your Eatonlocal support.n Business continuity / cybersecurity disaster recovery: Eatonrecommends incorporating CGLine+ Web-Controller intothe organization’s business continuity and disaster recoveryplans. Organizations should establish a Business ContinuityPlan and a Disaster Recovery Plan and should periodicallyreview and, where possible, exercise these plans. As part ofthe plan, important device data should be backed up andsecurely stored, including the current configuration anddocumentation of the current permissions / access controls,if not backed up as part of the configuration. The CGLine+PC can be used to save the configuration of a CGLine+Web-Controller using the “save file” button in the mainpage.n Decommissioning: It is a best practice to purge data beforedisposing of any device containing data. Guidelines fordecommissioning are provided in NIST SP 800-88. To ensuredata is unrecoverable, CGLine+ Web-Controller must besecurely destroyed. Method of destruction include disinte-gration, Incineration, Pulverization, or Melting of the elec-tronic inside the CGLine+ Web-Controller.