Protected environment assumptions
- Cybersecurity governance – Available and up-to-date guidance on governing the use of information and technology assets in your company.
- Perimeter security – Installed devices, and devices that are not in service, are in an access-controlled or monitored location.
- Emergency power – The control system provides the capability to switch to and from an emergency power supply without affecting the existing security state or a documented degraded mode.
- Firmware upgrades – Meter upgrades are implemented consistently to the current version of firmware.
- Controls against malware – Detection, prevention, and recovery controls to help protect against malware are implemented and combined with appropriate user awareness.
- Physical network segmentation – The control system provides the capability to:
- Physically segment control system networks from non-control system networks.
- Physically segment critical control system networks from non-critical control system networks.
- Logical isolation of critical networks – The control system provides the capability to logically and physically isolate critical control system networks from non-critical control system networks. For example, using VLANs.
- Independence from non-control system networks – The control system provides network services to control system networks, critical or non-critical, without a connection to non-control system networks.
- Encrypt protocol transmissions over all external connections using an encrypted tunnel, TLS wrapper or a similar solution.
- Zone boundary protection – The control system provides the capability to:
- Manage connections through managed interfaces consisting of appropriate boundary protection devices, such as: proxies, gateways, routers, firewalls and encrypted tunnels.
- Use an effective architecture. For example, firewalls protecting application gateways residing in a DMZ.
- Control system boundary protections at any designated alternate processing sites should provide the same levels of protection as that of the primary site. For example, data centers.
- No public internet connectivity – Access from the control system to the internet is not recommended. If a remote site connection is needed, for example, encrypt protocol transmissions.
- Resource availability and redundancy – Ability to break the connections between different network segments or use duplicate devices in response to an incident.
- Manage communication loads – The control system provides the capability to manage communication loads to mitigate the effects of information flooding types of Denial of Service (DoS) events.
- Control system backup – Available and up-to-date backups for recovery from a control system failure.
Last updated: June 03, 2025
© 2021 Schneider Electric. All Rights Reserved. Safety Precautions | Home