User Manual

ManualsBrandsSiemens ManualsBuilding automationDesigo CC MP 5.0 BACnet Server, BACnet Protocol Implementation Conformance Statement (PICS), Basic Documentation

About This Document

Siemens Application Note

Smart Infrastructure

Document Identification

The document ID is structured as follows:

ID code Examples

ID_languageCOUNTRY_ modification index

-- = multilingual or international

011_A6V10415500_en_b_30

011_A6V10415500_de_c_30

Date Format

The date format in the document corresponds to the recommendation of

international standard ISO 8601 (format YYYY-MM-DD).

1.1 Applicable Documents

Title Document ID / Reference

Security for industrial process measurement and

control – Network and system security

IEC 62443-3

Information technology — Security techniques —

Code of practice for information security controls

ISO IEC 27002:2017

1.2 Technical terms and abbreviations

Term Explanation

AES

The Advanced Encryption Standard is a specification for the encryption of electronic

data established by the U.S. National Institute of Standards and Technology (NIST) in

2001. AES supersedes the Data Encryption Standard (DES),

[7]

which was published in

1977. The algorithm described by AES is a symmetric-key algorithm, meaning the

same key is used for both encrypting and decrypting the data.

BACnet

BACnet is a communications protocol for Building Automation and Control (BAC)

networks. BACnet was designed to allow communication of building automation and

control systems for applications such as heating, ventilating, and air-conditioning

control (HVAC), lighting control, access control, and fire detection systems and their

associated equipment. The BACnet protocol provides mechanisms for computerized

building automation devices to exchange information, regardless of the particular

building service they perform.

BIOS

‘BIOS’ is non-volatile firmware used to perform hardware initialization during the boot-

ing process (power-on startup), and to provide runtime services for operating systems

and programs

DiffieHellmann

Diffie–Hellman key exchange (DH)

is a method of securely exchanging cryptographic

keys over a public channel. DH is one of the earliest practical examples of public key

exchange implemented within the field of cryptography

DMZ

DMZ or demilitarized zone is a physical or logical subnetwork that contains and ex-

poses an organization's external-facing services to an untrusted network, usually a

larger network such as the Internet. The purpose of a DMZ is to add an additional

layer of security to an organization's local area network (LAN): an external network

node can access only what is exposed in the DMZ, while the rest of the organization's

network is firewalled. The DMZ functions as a small, isolated network positioned be-

tween the Internet and the private network and, if its design is effective, allows the

organization extra time to detect and address breaches before they would further

penetrate into the internal networks.