Manualshelf

User Manual

ManualsBrandsSiemens ManualsBuilding automationDesigo CC MP 5.0 BACnet Server, BACnet Protocol Implementation Conformance Statement (PICS), Basic Documentation
41424344454647484950
Cyber Security Concepts -
How to Secure the System
4
41
Siemens
Application Note
Smart Infrastructure
4.1 User Management
User Account Management
NOTE:
Desigo CC users can be configured to use local passwords or to use Windows
authentication (for example, Active Directory).
Use Windows authentication wherever possible to enhance security, control, and
management of passwords.
Use only Desigo CC accounts, do not use Windows accounts.
General security guidelines for Desigo CC user account management (Windows
OS):
Use nominative accounts (do not use generic -group accounts- that are
used by multiple persons)
Rename the default administrator account
Use strong passwords (e.g.: 12 character including characters with upper
case, lower case, special characters, and numbers)
Change passwords on a regular basis, especially passwords for
administrator accounts and the password of the service account (root)
If accounts are created by default or from a template, use different
passwords for each installation
Do not use the same password for the default administrator account and
the service account
Make sure there is a process in place to disable and then remove (above
desired logs' retention time) old/unused user accounts
Auto-logon features skip the identification of a user and should therefore
only be used either in controlled environments, where the effective user
can be determined differently, or for users that are only authorized to see
non-confidential data
User Authorization Configuration
User access rights in Desigo CC are determined by four main factors:
The system must know the user (authentication)
The user must be assigned a user group
The user group has the appropriate application rights
The user group must have the appropriate scope rights
If all of these conditions are met, the user can log on to Desigo CC, and read/write
objects and execute tasks, depending on the assigned rights.
For detailed information on how to configure user authorization (users, user
groups, application rights, scope rights), see sections Configuring User Administra-
tion and Configuring Scopes in the Desigo CC Online Help.