iec62443-4-2-FR-5
Req ID |
Re quirement name |
Supported by CIP |
Need ap plication support |
Need HW solution |
Status if supported by CIP |
|---|---|---|---|---|---|
CR-5.1 |
Network seg mentation |
FALSE |
TRUE |
FALSE |
N.A. |
NDR-5.2 |
Zone boundary p rotection |
FALSE |
TRUE |
FALSE |
N.A. |
NDR-5.2 RE(1) |
Deny all, permit by exception |
FALSE |
TRUE |
FALSE |
N.A. |
NDR-5.2 RE(2) |
Island mode |
FALSE |
TRUE |
FALSE |
N.A. |
NDR-5.2 RE(3) |
Fail close |
TRUE |
FALSE |
TRUE |
N.A. |
NDR-5.3 |
General purpose, person- to-person comm unication res trictions |
FALSE |
TRUE |
FALSE |
N.A. |
CR-5.4 |
Ap plication par titioning |
FALSE |
FALSE |
FALSE |
N.A. |
Tests reference and CIP recommendation
Req ID |
Status if supported by CIP |
IEC-62443-4-2 tests reference |
CIP recommendation |
|---|---|---|---|
CR-5.1 |
N.A. |
None |
CIP does not support this requirement.CIP users should meet this requirement by using common networking protocols that are supported by switches and routers to implement network segmentation |
NDR-5.2 |
N.A. |
None |
This is a product specific requirement, it should be met by CIP users by using CIP provided packages. |
NDR-5.2 RE(1) |
N.A. |
None |
Same as NDR-5.2 |
NDR-5.2 RE(2) |
N.A. |
None |
Same as NDR-5.2 |
NDR-5.2 RE(3) |
N.A. |
None |
Same as NDR-5.2 |
NDR-5.3 |
N.A. |
None |
This is a product specific requirement and has to be met by CIP users.This can be done by blocking specific ports that are used by applications to communicate general purpose messages between person to person |
CR-5.4 |
N.A. |
None |
No component level requirement |