ILT-U-3930
Industrial Network Device Security Evaluation. IEC 62443-4-2 Competency-Oriented Proficiency Test
Determination | IEC 62443 Mapping | Evaluation Method |
| Human user identification and authentication | FR1 – CR 1.1 | Review and evaluation of authentication mechanisms implemented in web, Telnet and management interfaces. Assessment may include credential handling, login behavior, session management, authentication persistence and default credential analysis. |
| Software process and device identification | FR1 – CR 1.2 | Evaluation of device identification mechanisms, communication endpoint identification, network service exposure and protocol identification behavior during operational communications. |
| Account management | FR1 – CR 1.3 | Assessment of account configuration, credential administration, password management behavior, user-access configuration and account persistence during operational and recovery conditions. |
| Authenticator management | FR1 – CR 1.5 | Evaluation of authenticator handling mechanisms including credential storage, password protection, authentication exposure, management-interface access and authenticator persistence across reboot and recovery operations. |
| Authorization enforcement | FR2 – CR 2.1 | Assessment of access-control enforcement mechanisms, privilege restrictions, management-interface authorization behavior and operational access separation. |
| Wireless use control | FR2 – CR 2.2 | Evaluation of wireless access mechanisms, AP/STA operational configuration, wireless onboarding behavior, management exposure through wireless interfaces and wireless communication restrictions. |
| Software and information integrity | FR3 – CR 3.4 | Assessment of integrity protection mechanisms associated with configuration handling, operational parameters, firmware handling and modification resistance behavior. |
| Firmware/software integrity | FR3 – CR 3.14 | Evaluation of firmware update mechanisms, update authenticity, firmware replacement behavior, OTA update functionality and integrity-verification processes. |
| Zone boundary protection | FR5 – CR 5.2 | Assessment of communication separation, routing behavior, interface exposure, trust-boundary enforcement and traffic restriction mechanisms between wired and wireless interfaces. |
| General communication restrictions | FR5 – CR 5.3 | Evaluation of service exposure, unnecessary communication paths, protocol accessibility, port exposure and operational communication restrictions. |
| Denial-of-service protection | FR7 – CR 7.1 | Assessment of operational resilience under abnormal communication conditions including malformed traffic, connection saturation, repeated authentication attempts and communication overload conditions. |
| Resource management | FR7 – CR 7.2 | Evaluation of operational stability, session/resource exhaustion behavior, communication persistence, recovery behavior and service continuity during operational stress conditions. |
