Xona Datasheet 62443
Xona Datasheet 62443
Xona Datasheet 62443
The ISA/IEC 62443 set of security requirements is an expansive yet flexible framework to
address and mitigate current and future security vulnerabilities in industrial automation and
control systems (IACSs). The standards are applicable to all critical infrastructure industry
sectors and cover a wide range of topics from terminology, concepts, and models to security
technologies for IACS, and much more.
XONA™ provides security capabilities to meet the requirements of the 62443 standards
pertaining to access control, identification and authentication control, use control, data
confidentiality, and least privilege. XONA utilizes protocol and system isolation, encrypted
display, multi-factor authentication, session logging, and recording of user access to support
this compliance, thus securing against cybersecurity risks.
4.3.3.5 Element: Access Control: Account Administration – XONA ensures, on an ongoing basis, that only appropriate
entities have accounts that allow access and that these accounts provide appropriate access privileges.
4.3.3.7 Element: Access Control: Authorization – XONA grants access privileges to resources upon successful authentication
of the user and identification of his or her associated access account. The privileges granted are determined by the account
configuration set up during the account administration step in the business process.
4.3.3.7.3 Control access to XONA’s access accounts are role based to manage access to appropriate
✓ information or systems via role-
based access accounts
information or systems for that user’s role. Safety implications are
considered when defining roles.
5 FR 1 – Identification and authentication control (IAC) – XONA provides the capability to identify and authenticate all
human users. This capability enforces such identification and authentication on all interfaces which provide human user access
to the control system to support segregation of duties and least privilege in accordance with applicable security policies and
procedures
5.3.3 RE (2) Multifactor XONA provides the capability to employ multifactor authentication for
✓ authentication for untrusted
networks
human user access to the control system via an untrusted network (see
5.15, SR 1.13 – Access via untrusted networks).
5.4 SR 1.2 – Software process and device identification and authentication – XONA provides the capability to identify
and authenticate all software processes and devices. This capability enforces such identification and authentication on all
interfaces which provide access to the control system to support least privilege in accordance with applicable security policies
and procedures.
5.5 SR 1.3 – Account management – XONA provides the capability to support the management of all accounts by authorized
users, including adding, activating, modifying, disabling, and removing accounts.
5.8 SR 1.6 – Wireless access management – XONA provides the capability to identify and authenticate all users (humans,
software processes or devices) engaged in wireless communication.
5.10 SR 1.8 – Public key infrastructure certificates – XONA provides the capability to operate a PKI according to commonly
accepted best practices or obtain public key certificates from an existing PKI.
5.11 SR 1.9 – Strength of public key authentication – Utilizing public key authentication, XONA provides the capability to:
a) validate certificates by checking the validity of the signature of a given certificate;
b) validate certificates by constructing a certification path to an accepted CA or in the case of self-signed certificates by
deploying leaf certificates to all hosts which communicate with the subject to which the certificate is issued;
c) validate certificates by checking a given certificate’s revocation status;
d) establish user (human, software process or device) control of the corresponding private key; and
e) map the authenticated identity to a user (human, software process or device).
XONA provides the capability to protect the relevant private keys via
✓ 5.11.3 RE (1) Hardware security
for public key authentication
hardware mechanisms according to commonly accepted security
industry practices and recommendations.
5.12 SR 1.10 – Authenticator feedback – XONA provides the capability to obscure feedback of authentication information
during the authentication process.
5.14 SR 1.12 – System use notification – XONA provides the capability to display a system use notification message before
authenticating. The system use notification message shall be configurable by authorized personnel.
6.3 SR 2.1 – Authorization enforcement – On all interfaces, XONA provides the capability to enforce authorizations assigned
to all human users for controlling use of the control system to support segregation of duties and least privilege.
6.5 SR 2.3 – Use control for portable and mobile devices – XONA provides the capability to automatically enforce
configurable usage restrictions that include:
a) preventing the use of portable and mobile devices;
b) requiring context specific authorization; and
c) restricting code and data transfer to/from portable and mobile devices.
6.5.3 RE (1) Enforcement of XONA provides the capability to verify that portable or mobile devices
✓ security status of portable and
mobile devices
attempting to connect to a zone comply with the security requirements
of that zone.
6.7 SR 2.5 – Session lock – XONA provides the capability to prevent further access by initiating a session lock after a
configurable time period of inactivity or by manual initiation. The session lock shall remain in effect until the human user who
owns the session or another authorized human user re-establishes access using appropriate identification and authentication
procedures.
6.8 SR 2.6 – Remote session termination – XONA provides the capability to terminate a remote session either automatically
after a configurable time period of inactivity or manually by the user who initiated the session.
6.10 SR 2.8 – Auditable events – XONA provides the capability to generate audit records relevant to security for the following
categories: access control, request errors, operating system events, control system events, backup and restore events,
configuration changes, potential reconnaissance activity and audit log events. Individual audit records include the timestamp,
source (originating device, software process or human user account), category, type, event ID and event result.
6.14 SR 2.12 – Non-repudiation – XONA provides the capability to determine whether a given human user took a particular
action.
8.3.3 RE (1) Protection of XONA provides the capability to protect the confidentiality of
✓ confidentiality at rest or in transit
via untrusted networks
information at rest and remote access sessions traversing an untrusted
network.
9.3 SR 5.1 – Network segmentation – XONA provides the capability to logically segment control system networks from non-
control system networks and to logically segment critical control system networks from other control system networks.
10.3 SR 6.1 – Audit log accessibility – XONA provides the capability for authorized humans and/or tools to access audit logs
on a read-only basis.
ANSI/ISA-62443-4-2-2018
The XONA platform supports technical security requirements for IACS components in the following
ways:
4.4 CCSC 3 Least privilege – When required and appropriate, XONA provides the capability for the system to enforce the
concept of least privilege. XONA provides the granularity of permissions and flexibility of mapping those permissions to roles
sufficient to support it. Individual accountability is available when required.
5.3 CR 1.1 – Human user identification and authentication – XONA provides the capability to identify and authenticate
all human users according to ISA‑62443‑3‑3 [11] SR 1.1 on all interfaces capable of human user access. This capability
enforces such identification and authentication on all interfaces that provide human user access to the component to support
segregation of duties and least privilege in accordance with applicable security policies and procedures. This capability can be
provided locally or by integration into a system level identification and authentication system.
5.4 CR 1.2 – Software process and device identification and authentication – XONA provides the capability to identify
itself and authenticate to any other component (software application, embedded devices, host devices and network devices),
according to ISA‑62443‑3‑3 [11] SR1.2. All entities are identified and authenticated for all access to the control system.
Authentication of the identity of such entities is accomplished by using methods such as passwords, tokens, or location
(physical or logical). This requirement is applied to both local and remote access to the control system
5.10 CR 1.8 – Public key infrastructure certificates – When public key infrastructure (PKI) is utilized, XONA provides or
integrates into a system that provides the capability to interact and operate in accordance with ISA‑62443‑3‑3 [11] SR1.8.
5.11 CR 1.9 – Strength of public key-based authentication – For components that utilize public-key-based authentication,
XONA provides directly or integrates into a system that provides the capability within the same IACS environment to:
a) validate certificates by checking the validity of the signature of a given certificate;
b) validate the certificate chain or, in the case of self-signed certificates, by deploying leaf certificates to all hosts that
communicate with the subject to which the certificate is issued;
c) validate certificates by checking a given certificate’s revocation status;
d) establish user (human, software process or device) control of the corresponding private key;
e) map the authenticated identity to a user (human, software process or device); and
f) ensure that the algorithms and keys used for the public key authentication comply with 8.5 CR 4.3 – Use of cryptography.
5.12 CR 1.10 – Authenticator feedback – XONA’s authentication capability provides the capability to obscure feedback of
authenticator information during the authentication process.
5.13 CR 1.11 – Unsuccessful login attempts – XONA’s authentication capability provides the capability to:
a) enforce a limit of a configurable number of consecutive invalid access attempts by any user (human, software process or
device) during a configurable time period; and
5.14 CR 1.12 – System use notification – For local human user access/HMI, XONA provides the capability to display a system
use notification message before authenticating. The system use notification message is configurable by authorized personnel.
5.15 CR 1.13 – Access via untrusted networks – The access via untrusted networks requirements are component-specific
and can be located as requirements for each specific component type in Clauses 12 through 15.
6 FR 2 – Use control
6.1 Purpose and SL-C(UC) descriptions – XONA enforces the assigned privileges of an authenticated user (human, software
process or device) to perform the requested action on the component and monitor the use of these privileges.
6.5 CR 2.3 – Use control for portable and mobile devices – There is no component level requirement associated with
ISA‑62443‑3‑3 SR 2.3.
✓ 6.7.1 Requirement
configurable time period of inactivity or by manual initiation by the user
(human, software process or device); and
b) for the session lock to remain in effect until the human user who
owns the session, or another authorized human user, re-establishes
access using appropriate identification and authentication procedures.
✓ 6.8.1 Requirement
terminate a remote session either automatically after a configurable
time period of inactivity, manually by a local authority, or manually by
the user (human, software process or device) who initiated the session.
✓ 6.13.1 Requirement
XONA provides the capability to create timestamps (including date and
time) for use in audit records.
✓ 6.13.3 Requirement
enhancements
✓ 6.14.1 Requirement
XONA provides the capability to determine whether a given human user
took a particular action.
✓ 6.14.3 Requirement
enhancements
✓ 10.3.1 Requirement
XONA provides the capability for authorized humans and/or tools to
access audit logs on a read-only basis.
✓ 10.3.3 Requirement
enhancements
✓ 15.2.3 Requirement
enhancements
✓ 15.3.1 Requirement
XONA provides the capability to monitor and control all methods of
access to the network device via untrusted networks.
✓ 15.3.3 Requirement
enhancements
✓ 15.7.3 Requirement
enhancements
✓ 15.8.1 Requirement
XONA provides tamper resistance and detection mechanisms to protect
against unauthorized physical access into the device
✓ 15.11.3 Requirement
enhancements
XONA uses its own roots of trust to verity the authenticity of the
✓ 15.11.3 RE (1) Authenticity of the
boot process
firmware, software, and configuration data needed for the device’s boot
process prior to it being used in the boot process.
Identify and authenticate all users (humans, software processes and devices), prior to allowing them access to the system or
assets.
SL 1 – Identify and authenticate all users (humans, software processes and devices) by mechanisms that protect against casual
or coincidental access by unauthenticated entities.
SL 2 – Identify and authenticate all users (humans, software processes and devices) by mechanisms that protect against
intentional unauthenticated access by entities using simple means with low resources, generic skills and low motivation.
SL 3 – Identify and authenticate all users (humans, software processes and devices) by mechanisms that protect against
intentional unauthenticated access by entities using sophisticated means with moderate resources, IACS specific skills and
moderate motivation.
SL 4 – Identify and authenticate all users (humans, software processes and devices) by mechanisms that protect against
intentional unauthenticated access by entities using sophisticated means with extended resources, IACS specific skills and high
motivation.
Now more than ever, industrial organizations need the ability to remotely and securely access
operational technology—anytime, anywhere, on any device. With XONA, organizations realize
operational efficiencies and reduced cyber risk through our single, simple, flexible solution
rather than multiple point-access technologies.
We’re trusted by power system manufacturers, industrial control system providers, and other
industry giants to deliver unmatched security without slowing the speed of work.