Password Policy Settings For Central Account Management Enabled Ied; Pcm600 Access To Central Account Management Enabled Ied - ABB RELION 670 SERIES Manual
Cyber security deployment guideline
Hide thumbs
Also See for RELION 670 SERIES:
- Technical manual (1432 pages) ,
- Technical reference manual (1232 pages) ,
- Applications manual (944 pages)
Table of Contents
Advertisement
Section 5
Central Account Management
5.6
5.7
68
Password policy settings for Central Account
Management enabled IED
The password policy is set in the Central Account Management server (SDM600).
Refer to SDM600 user manual.
PCM600 access to Central Account Management
enabled IED
During normal access, e.g. parameter writing, of the IED from PCM600, the user
interaction will be very similar as to a non Central Account Management enabled
IED. The following steps are included in the process:
•
When a login is needed the login dialog is presented to the user
•
When the user name and password is entered the user credentials are sent to
the IED
•
The IED forwards these credentials to the Central Account Management server
to authenticate the user and get the user roles back. If a user has multiple roles,
then the privilege he gets is the union of all the roles.
•
If the IED fails in accessing the Central Account Management server, the
local replica of the users are used to authenticate the user and get the user
roles back
•
The IED check the Rights for the Roles and secure that only authorized things
according to the Rights are allowed
If communication with the Central Account Management server is
lost, the current password will not expire until the communication
with the server is reestablished.
When the user tries to communicate with an IED using PCM600,
then PCM600 will validate the "Certificate" presented by the IED
and if there are new warnings/errors found during certificate
validation, PCM600 will display a Security Warning to the user. In
this situation, user needs to take appropriate action on the security
warning to continue communicating with the IED.
If the user tries to authenticate towards a Central Account
Management enabled IED using PCM600, with credentials that will
expire in the near future, a new warning will be shown to the user
and an option to change the password will be provided.
1MRK 511 399-UEN B
GUID-ABB0D1DF-FF41-4411-95EC-7D4B93FF4E0B v1
GUID-D7C470F9-465E-494F-8345-D0B311C4F3CD v1
670 series 2.2 IEC
Cyber security deployment guideline
Advertisement
Table of Contents
