Difference between revisions of "Mitigation/M0809"

From attackics
Jump to navigation Jump to search
 
Line 3: Line 3:
 
|IEC 62443 3-3 Control=SR 4.1
 
|IEC 62443 3-3 Control=SR 4.1
 
|IEC 62443 4-2 Control=CR 4.1
 
|IEC 62443 4-2 Control=CR 4.1
|Technical Description=Deploy mechanisms to protect the confidentiality of information related to operational processes, facility locations, device configurations, programs, or databases that may have information that can be used to infer organizational trade-secrets, recipes, and other intellectual property (IP). Example mitigations could include restricting read privileges, encrypting data, and obfuscating the information (e.g., facility coverterms, codenames).  In many cases this mitigation may not be feasible to implement when the information is necessary to support critical engineering, maintenance, or operational functions.
+
|Technical Description=Deploy mechanisms to protect the confidentiality of information related to operational processes, facility locations, device configurations, programs, or databases that may have information that can be used to infer organizational trade-secrets, recipes, and other intellectual property (IP).
 
|Date=2020/09/17
 
|Date=2020/09/17
 
|IEC 62443 Control=4-2 FR 4 - Data confidentiality; 4-2 CR 4.1 - Information confidentiality
 
|IEC 62443 Control=4-2 FR 4 - Data confidentiality; 4-2 CR 4.1 - Information confidentiality
 
}}
 
}}

Latest revision as of 15:28, 25 September 2020

Operational Information Confidentiality
Mitigation
ID M0809
IEC 62443-3-3:2013 SR 4.1
IEC 62443-4-2:2019 CR 4.1

Description

Deploy mechanisms to protect the confidentiality of information related to operational processes, facility locations, device configurations, programs, or databases that may have information that can be used to infer organizational trade-secrets, recipes, and other intellectual property (IP).


Techniques Addressed by Mitigation

NameUse
Theft of Operational InformationExample mitigations could include minimizing its distribution/storage or obfuscating the information (e.g., facility coverterms, codenames). In many cases this information may be necessary to support critical engineering, maintenance, or operational functions, therefore, it may not be feasible to implement.