Renew security certificate

Renew the security certificate before it expires.

Securely store the system key

See Protect the System Key for details.

Apply PME updates

Install software updates that apply to your system when they become available. Check the PME Exchange Community (requires login) or the Schneider Electric Exchange - EcoStruxure Power Monitoring Expert (Portal) for available updates, or contact your service provider.

Verify update file integrity and authenticity

See Verify install file integrity and authenticity for details.

Apply OS and SQL Server updates

warning

potential compromise of System availability, integrity, and confidentiality

Apply the latest updates and hotfixes to your Operating System and software.

Failure to follow these instructions can result in death, serious injury, equipment damage, or permanent loss of data.

Critical and routine Windows and SQL Server updates can be applied to the operating systems hosting the PME server and clients without prior approval by Schneider Electric.

Consider implementing best practices, such as:

  • Establish a reliable process for finding and applying the latest security updates.
  • Use systematic procedures governed by corporate policy.
  • Use automated scanners for detecting missing patches, misconfigurations, use of default accounts, and so on.

warning

unintended equipment operation

Before installing the update, verify that the system is not performing critical control actions that may affect human or equipment safety.
Verify correct system operation after the update.

Failure to follow these instructions can result in death, serious injury, or equipment damage.

 

warning

inaccurate data results

Before installing the update, verify that the system data results are not used for critical decision making that may affect human or equipment safety.
Verify correct system data results after the update.

Failure to follow these instructions can result in death, serious injury, equipment damage, or permanent loss of data.

 

Review user accounts on a regular basis

Review PME user accounts on a regular basis. Update passwords and user permissions, and remove unused accounts as required.

RECOMMENDATION: Use Windows users instead of standard users in your PME system to improve cybersecurity. Windows offers the advanced user management function of limiting the number of invalid login attempts. This function is required for IEC 62443 compliance, the global standard for industrial automation control system security.

NOTE: To only use Windows users, replace any existing standard users in the system with Windows users. Disallow logins for standard users in Web Applications, this disables the supervisor user. See Login Options for more information.

Keep network security up-to-date

Keep security related networking tools and equipment up-to-date and working as expected.

NOTE: Network security equipment, such as firewalls, are complex devices and must be maintained by trained individuals.

Keep computer hardware secure

See Plan your site security for more information.

Perform security audits

Perform comprehensive system security audits on a regular basis. Regularly scan and verify security.

Consider implementing best practices, such as:

  • Check the OS and PME system logs.
  • Check performance monitor profiles