User Manual

ManualsBrandsSiemens ManualsBuilding automationDesigo CC MP 5.0 BACnet Server, BACnet Protocol Implementation Conformance Statement (PICS), Basic Documentation

siemens.com/desigocc

Desigo CC | Cybersecurity Meets Building Management Systems

Desigo CC Cybersecurity Deployment

We publish cybersecurity hardening guidelines to support

the secure commissioning and deployment of Desigo CC

products. These guidelines describe how the system needs

to be configured in order to foster secure operation of the

Desigo CC products and solutions in the intended operating

environment. Configuration options consist of, for example,

which applications to install, which settings to activate or

deactivate, firewall configurations, and the setting of user

and system accounts and access rights. The hardening

guidelines are maintained throughout the product lifecycle.

As part of our Software Maintenance Program, we

periodically release patches, updates, and upgrades that

remove new known vulnerabilities and increase the level

of protection of Desigo CC against threats. Patches and

updates are made available as they are developed,

supported by access to technical hotline support run by

product experts. There is also the option to subscribe to

software updates to ensure that your deployed Desigo CC

is always updated to the latest version release.

Emergency Management

For our offerings, we have incident and vulnerability

handling processes in place in the event that a security

issue or vulnerability is detected in a Desigo CC product

or solution.

Incident and Vulnerability Handling Process: Our support

mechanism for customer-reported security issues is

illustrated in Figure 3. Vulnerabilities and/or incidents

are submitted to our technical support team, which is

supported by the global Siemens ProductCERT team that

operates on a 24/7 basis. The necessary steps are taken

to handle the situation and the incidents and remedies

are disclosed.

Vulnerability Management: This is our internal detection

process for fine-tuning the security of our products and

solutions. Continuous threat monitoring enables us to

detect and mitigate potential vulnerabilities in our products

and solutions. Desigo CC software components are

registered so that if any security vulnerabilities are found,

the necessary remedies can be implemented and disclosed.

Identified vulnerabilities are announced by the ProductCERT

team via the ProductCERT security advisories (https://new.

siemens.com/global/en/products/services/cert.html), to

which you can subscribe.

Remote Services

Remote access is a desirable feature today because of

the ongoing performance monitoring and convenience it

provides. Desigo CC is prepared to support services that

rely on remote data access while remaining part of the

environment’s security concept. By supporting remote

services, Desigo CC allows you to leverage access to data

about your building systems and connected equipment

so your operations can be optimized.

While remote access is possible through your standard

IT mechanisms, we use the Siemens Common Remote

Service Platform (cRSP) for more secure remote access.

Our reliable, high-performance cRSP provides worldwide

access to data and information related to your building

infrastructure. This platform ensures that the remote

services delivered by Siemens meet stringent cybersecurity

requirements. The Siemens cRSP conforms to ISO/IEC 27001

– the norm for systematic cybersecurity management on

an organizational level.

Figure 3 – Desigo CC Incident and Vulnerability Handling Process

Report Analysis Handling Disclosure