User Manual

ManualsBrandsSiemens ManualsFire - GMS Management StationsOPC DA Specifications_V3.0_MK7022

siemens.com/cerberusdms

Cerberus DMS 4.0 | Cybersecurity Meets Building Management Systems

Applying Security by Design to Cerberus DMS 4.0

Cerberus DMS 4.0 is a robust, open integrated building

management platform that helps create comfortable, safe

and sustainable facilities. It enables operation and monitoring

of a building.

Our Cerberus DMS 4.0 design experts adhere to our

company-wide cybersecurity initiative as illustrated in

Figure 2. They follow the mandatory internal security policy

that provides measures for ongoing development of Cerberus

DMS 4.0 products in accordance with the appropriate security

level. Cerberus DMS 4.0 products are developed according

to ISO/IEC62443.

These measures help ensure that coding leads to secure

product architecture as well as more secure implementation

of software components. The software is designed to be

secure by default when installed. This includes that certain

features and functions are secure at the default level.

And because we continuously enhance and evolve our

products, solutions, and services, Cerberus DMS 4.0 will be

kept up to date as new security threats unfold. Below is an

example of “Security by Design” elements integrated into

Cerberus DMS 4.0:

• End-to-end encryption, from client to server

• End-to-end encryption between servers

• Encrypted communication to other devices

• Certificate-based data exchange

• Encrypted backups

• Seamless integration of certificates within customer

IT infrastructure

• Microsoft’s active directory-based authentication

• Using “least privilege” principle to limit data and

application access

• User/workstation groups/roles control access to the

system – designating appropriate tasks and responsibilities

• 4-eye principle – Second authentication

• Re-authentication

• User group management via LDAP

• Cybersecurity audit trail

• Support of antivirus and malware protection software

• Support of hardware and software firewalls

• Use of network infrastructure that supports physical

network or VLAN segmentation

• Segregation of networks into zones

• Controlled access to servers, clients, and applications

• Placing the web server in a “demilitarized zone” (DMZ)

• Use of verified third-party components

Figure 2 –Siemens Cybersecurity Initiative Highlights

Employee

know-how

Customer

security

objectives &

requirements

Specialist cybersecurity

skills & consultancy

Company-wide cybersecurity initiative Provide solid product foundation

Security design measures

aligned to IEC62443

Continuous vulnerability & threat monitoring

Established incident handling process:

Siemens ProductCERT

Secure

product

architecture

& design

Pre-

deployment

assessment

Security

testing

Deployment

& maintenance

Incident

& vulnerability

management

Product security veriﬁcation & validation

Regular manual penetration testing

Automated testing tools & methods

Product security veriﬁcation & validation

Derive customer protection goals

Focus on intended operational environment

Threat & risk assessment

Anticipate & mitigate

foreseeable cyber threats

Product hardening

Secure installation & commissioning

Software maintenance program