tragically1969
Member
Has anybody come up against this requirement, or set of guidelines should i say ?
NIST SP 800-82 Rev2 Guide to Industrial Control Systems (ICS) Security Document
We have a system which is monitoring only but has a few PLC's and remote I/O modules dotted around, they have security scanned the LAN and now we are being asked to do things like filter Modbus clients to authorised IP's, shutdown certain services, only use HTTPS etc., trouble is the remote I/O modules and other lower end devices such as power meters have no capabilities to do this sort of thing, the PLC does but they are applying this "guideline" to the letter for all devices.
Just interested if anybody has any experience of dealing with this.
NIST SP 800-82 Rev2 Guide to Industrial Control Systems (ICS) Security Document
We have a system which is monitoring only but has a few PLC's and remote I/O modules dotted around, they have security scanned the LAN and now we are being asked to do things like filter Modbus clients to authorised IP's, shutdown certain services, only use HTTPS etc., trouble is the remote I/O modules and other lower end devices such as power meters have no capabilities to do this sort of thing, the PLC does but they are applying this "guideline" to the letter for all devices.
Just interested if anybody has any experience of dealing with this.