IEC TR 62541-2:2020 is available as IEC TR 62541-2:2020 RLV which contains the International Standard and its Redline version, showing all changes of the technical content compared to the previous edition.IEC 62541-2:2020 describes the OPC Unified Architecture (OPC UA) security model. It describes the security threats of the physical, hardware, and software environments in which OPC UA is expected to run. It describes how OPC UA relies upon other standards for security. It provides definition of common security terms that are used in this and other parts of the OPC UA specification. It gives an overview of the security features that are specified in other parts of the OPC UA specification. It references services, mappings, and Profiles that are specified normatively in other parts of the OPC UA Specification. It provides suggestions or best practice guidelines on implementing security. Any seeming ambiguity between this part and one of the other normative parts does not remove or reduce the requirement specified in the other normative part.

PDF Catalog

PDF Pages	PDF Title
2	undefined
4	CONTENTS
7	FOREWORD
9	1 Scope 2 Normative references
10	3 Terms, definitions, and abbreviated terms 3.1 Terms and definitions
15	3.2 Abbreviated terms 4 OPC UA security architecture 4.1 OPC UA security environment
16	4.2 Security objectives 4.2.1 Overview Figure 1 – OPC UA network example
17	4.2.2 Authentication 4.2.3 Authorization 4.2.4 Confidentiality 4.2.5 Integrity 4.2.6 Non-Repudiation 4.2.7 Auditability 4.2.8 Availability 4.3 Security threats to OPC UA systems 4.3.1 Overview
18	4.3.2 Denial of Service
19	4.3.3 Eavesdropping 4.3.4 Message spoofing 4.3.5 Message alteration 4.3.6 Message replay
20	4.3.7 Malformed Messages 4.3.8 Server profiling 4.3.9 Session hijacking 4.3.10 Rogue Server 4.3.11 Rogue Publisher
21	4.3.12 Compromising user credentials 4.3.13 Repudiation 4.4 OPC UA relationship to site security
22	4.5 OPC UA security architecture 4.5.1 Overview Figure 2 – OPC UA security architecture – Client / Server
23	4.5.2 Client / Server Figure 3 – OPC UA security architecture – Publisher-Subscriber
24	4.5.3 Publish-Subscribe
25	4.6 SecurityPolicies
26	4.7 Security Profiles 4.8 Security Mode Settings 4.9 User Authentication 4.10 Application Authentication
27	4.11 User Authorization 4.12 Roles 4.13 OPC UA security related Services Figure 4 – Role overview
28	4.14 Auditing 4.14.1 General
29	4.14.2 Single Client and Server Figure 5 – Simple Servers
30	4.14.3 Aggregating Server 4.14.4 Aggregation through a non-auditing Server Figure 6 – Aggregating Servers
31	4.14.5 Aggregating Server with service distribution Figure 7 – Aggregation with a non-auditing Server
32	5 Security reconciliation 5.1 Reconciliation of threats with OPC UA security mechanisms 5.1.1 Overview Figure 8 – Aggregate Server with service distribution
33	5.1.2 Denial of Service Table 1 – Security Reconciliation Threats Summary
34	5.1.3 Eavesdropping 5.1.4 Message spoofing
35	5.1.5 Message alteration 5.1.6 Message replay 5.1.7 Malformed Messages 5.1.8 Server profiling 5.1.9 Session hijacking
36	5.1.10 Rogue Server or Publisher 5.1.11 Compromising user credentials 5.1.12 Repudiation 5.2 Reconciliation of objectives with OPC UA security mechanisms 5.2.1 Overview 5.2.2 Application Authentication
37	5.2.3 User Authentication 5.2.4 Authorization 5.2.5 Confidentiality 5.2.6 Integrity 5.2.7 Auditability
38	5.2.8 Availability 6 Implementation and deployment considerations 6.1 Overview 6.2 Appropriate timeouts 6.3 Strict Message processing
39	6.4 Random number generation 6.5 Special and reserved packets 6.6 Rate limiting and flow control 6.7 Administrative access
40	6.8 Cryptographic Keys 6.9 Alarm related guidance 6.10 Program access
41	6.11 Audit event management 6.12 OAuth2, JWT and User roles 6.13 HTTPs, SSL/TLS & Websockets 6.14 Reverse Connect
42	7 Unsecured Services 7.1 Overview 7.2 Multicast Discovery 7.3 Global Discovery Server Security 7.3.1 Overview 7.3.2 Rogue GDS
43	7.3.3 Threats against a GDS 7.3.4 Certificate management threats
44	8 Certificate management 8.1.1 Overview 8.1.2 Self-signed certificate management Figure 9 – Manual Certificate handling
45	8.1.3 CA Signed Certificate management Figure 10 – CA Certificate handling
46	8.1.4 GDS Certificate Management
47	Figure 11 – Certificate handling
49	Bibliography

Published By	Publication Date	Number of Pages
BSI	2020	52


PDF Format	Searchable	Printable	Preview Now

Status	Withdrawn
Pages	52
Publication Date	2020-12-01
Withdrawn Date	2021-07-30
ISBN	978 0 580 51131 8
Standard Number	PD IEC TR 62541-2:2020
Title	OPC unified architecture – Security Model
Identical National Standard Of	IEC/TR 62541-2 Ed.3.0
Descriptors	Bus networks, Data transmission, Process control, Data processing, Interfaces (data processing), Computer networks, Objects (programming language), Information exchange, Computer software, Automatic control systems, Communication networks, Cryptography, Industrial, Data security
Publisher	BSI
Committee	GEL/65/3
ICS Codes	25.040.40 - Industrial process measurement and control

BSI PD IEC TR 62541-2:2020

PDF Catalog

Related products