Secure Patch Management; Windows Operating System Updates - ABB COM600 series 5.0 Cyber Security Deployment Manualline
Substation management unit
Hide thumbs
Also See for COM600 series 5.0:
- Technical reference manual (164 pages) ,
- Technical reference manual (108 pages)
Table of Contents
Advertisement
3.5.
3.5.1.
28
COM600 series 5.0
Cyber Security Deployment Guideline
COM600, selectively exclude folders containing COM600 application related
executable files. Some of these folders are,
•
C:\Program Files(x86)\3S CODESYS\GatewayPLC
•
C:\Program Files(x86)\3S CODESYS\CODESYS OPC Server 3
•
C:\Program Files(x86)\ABB Oy\Vtrin
•
C:\Program Files(x86)\ABB Oy\RTDB\bin
•
C:\Program Files(x86)\ABB Oy\CSCommon\bin
•
C:\Program Files(x86)\COM610 GW SW\GAT
•
C:\Program Files\COM610 GW SW
Never exclude Windows operating system related directories
from virus scan.
Quarantine policy enforced should exclude any COM600 related executable files from
any automatic delete or cleanup action. These files should be handled manually by a
qualified security personnel.
Secure Patch Management
Windows Operating System updates
Microsoft releases updates periodically to patch found issues and/or vulnerabilities in
various software components included in Windows operating system. These updates are
categorized as:
•
Critical updates – Updates to fix specific, non-security related issues.
•
Security updates – Updates to fix security vulnerability.
•
Critical – Updates to fix a vulnerability which could allow further degradation of
system and does that without any user action.
•
Important – Updates to fix a vulnerability which could allow confidentiality/integrity
of user data being compromised.
•
Low – Updates to fix a vulnerability whose exploitation can be extremely difficult,
or whose impact can be minimal.
•
Moderate – Updates to fix a vulnerability whose exploitation can be mitigated
through a configuration change.
Available updates from Microsoft should be tracked periodically and checked for com-
patibility prior to installation. The compatibility of latest updates from Microsoft with
COM600 specific functionality is tested and verified monthly by ABB. The test results
can be found from COM600 product page, which includes a COM600 Patch Compatib-
ility Report specifying the details. While these reports may not cover engineering
workstation from where SAB600 application may be used, it is recommended to install
all relevant updates to these workstations. For any incompatible updates found, ABB
recommends to create/revise a dated mitigation plan until compatibility issues can be
addressed.
1MRS758267
Advertisement
Table of Contents
