Cybersecurity Checklist

Cybersecurity configuration checklist

Action	Link
Address potential risks using compensating controls.	Potential risks and compensating controls
Set-up user access and apply least privilege.	Default security settings Using single sign-on Configuring two-factor authentication Windows Active Directory
Harden environments, change port numbers from default values, and configure server and firewalls to restrict and control traffic between IT, OT, and Internet network zones.	Default port numbers Encryption, locking USB ports, and hardening servers
Follow allowlisting design considerations and use application allowlisting and McAfee to prevent unauthorized applications from running on your systems.	Allowlisting
Configure the Service Layer, set permissions on the certificate, and update the registry configuring third-party certificates.	Configuring third-party certificates
Configure a one-time password for two-factor authentication using a YubiKey USB key device.	Configuring two-factor authentication
Configure to communicate with multiple network adapters in a segmented architecture.	Configuring projects for network segmentation

See Using Cybersecurity Admin Expert (CAE) for cybersecurity for information on configuring cybersecurity using the CAE tool.

See Decommission for recommendations and procedures about decommissioning.

See:

Product defense-in-depth for details about defense controls in your IT and control system to maximize data protection.
Cybersecurity capabilities for more details about information confidentiality.

Last updated: January 27, 2025

© 2025 Schneider Electric. All Rights Reserved. Home Safety precautions | Support | Feedback | Disclaimer