{"id":451686,"date":"2024-10-20T09:19:35","date_gmt":"2024-10-20T09:19:35","guid":{"rendered":"https:\/\/pdfstandards.shop\/product\/uncategorized\/bsi-24-30484357-dc-2024\/"},"modified":"2024-10-26T17:22:40","modified_gmt":"2024-10-26T17:22:40","slug":"bsi-24-30484357-dc-2024","status":"publish","type":"product","link":"https:\/\/pdfstandards.shop\/product\/publishers\/bsi\/bsi-24-30484357-dc-2024\/","title":{"rendered":"BSI 24\/30484357 DC 2024"},"content":{"rendered":"

PDF Catalog<\/h4>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
PDF Pages<\/th>\nPDF Title<\/th>\n<\/tr>\n
11<\/td>\n1 Scope
2 Normative References <\/td>\n<\/tr>\n
12<\/td>\n3 Terms, definitions, and abbreviations
3.1 Terms and definitions <\/td>\n<\/tr>\n
17<\/td>\n3.2 Abbreviations
3.3 Conventions for security model figures
4 OPC UA security architecture
4.1 OPC UA security environment <\/td>\n<\/tr>\n
18<\/td>\n4.2 Security objectives
4.2.1 Overview
4.2.2 Authentication <\/td>\n<\/tr>\n
19<\/td>\n4.2.3 Authorization
4.2.4 Confidentiality
4.2.5 Integrity
4.2.6 Non- Repudiation
4.2.7 Auditability
4.2.8 Availability
4.3 Security threats to OPC UA systems
4.3.1 Overview
4.3.2 Denial of Service
4.3.2.1 Overview <\/td>\n<\/tr>\n
20<\/td>\n4.3.2.2 Message flooding
4.3.2.3 Resource Exhaustion
4.3.2.4 Application Crashes
4.3.3 Eavesdropping <\/td>\n<\/tr>\n
21<\/td>\n4.3.4 Message spoofing
4.3.5 Message alteration
4.3.6 Message replay
4.3.7 Malformed Messages
4.3.8 Server profiling <\/td>\n<\/tr>\n
22<\/td>\n4.3.9 Session hijacking
4.3.10 Rogue Server
4.3.11 Rogue Publisher
4.3.12 Compromising user credentials
4.3.13 Repudiation
4.4 OPC UA relationship to site security <\/td>\n<\/tr>\n
23<\/td>\n4.5 OPC UA security architecture
4.5.1 Overview <\/td>\n<\/tr>\n
24<\/td>\n4.5.2 Client \/ Server <\/td>\n<\/tr>\n
25<\/td>\n4.5.3 Publish-Subscribe
4.5.3.1 Overview
4.5.3.2 Broker-less <\/td>\n<\/tr>\n
26<\/td>\n4.5.3.3 Broker
4.6 SecurityPolicies
4.7 Security Profiles <\/td>\n<\/tr>\n
27<\/td>\n4.8 Security Mode Settings
4.9 User Authentication
4.10 Application Authentication
4.11 User Authorization <\/td>\n<\/tr>\n
28<\/td>\n4.12 Roles
4.13 OPC UA security related Services <\/td>\n<\/tr>\n
29<\/td>\n4.14 Auditing
4.14.1 General <\/td>\n<\/tr>\n
30<\/td>\n4.14.2 Single Client and Server
4.14.3 Aggregating Server <\/td>\n<\/tr>\n
31<\/td>\n4.14.4 Aggregation through a non-auditing Server <\/td>\n<\/tr>\n
32<\/td>\n4.14.5 Aggregating Server with service distribution <\/td>\n<\/tr>\n
33<\/td>\n5 Security reconciliation
5.1 Reconciliation of threats with OPC UA security mechanisms
5.1.1 Overview
5.1.2 Denial of Service
5.1.2.1 Overview
5.1.2.2 Message flooding <\/td>\n<\/tr>\n
34<\/td>\n5.1.2.3 Resource exhaustion
5.1.2.4 Application Crashes
5.1.3 Eavesdropping
5.1.4 Message spoofing <\/td>\n<\/tr>\n
35<\/td>\n5.1.5 Message alteration
5.1.6 Message replay
5.1.7 Malformed Messages
5.1.8 Server profiling
5.1.9 Session hijacking
5.1.10 Rogue Server or Publisher <\/td>\n<\/tr>\n
36<\/td>\n5.1.11 Compromising user credentials
5.1.12 Repudiation
5.2 Reconciliation of objectives with OPC UA security mechanisms
5.2.1 Overview
5.2.2 Application Authentication
5.2.3 User Authentication
5.2.4 Authorization <\/td>\n<\/tr>\n
37<\/td>\n5.2.5 Confidentiality
5.2.6 Integrity
5.2.7 Auditability
5.2.8 Availability <\/td>\n<\/tr>\n
38<\/td>\n6 Implementation and deployment considerations
6.1 Overview
6.2 Appropriate timeouts:
6.3 Strict Message processing
6.4 Random number generation <\/td>\n<\/tr>\n
39<\/td>\n6.5 Special and reserved packets
6.6 Rate limiting and flow control
6.7 Administrative access
6.8 Cryptographic Keys
6.9 Alarm related guidance <\/td>\n<\/tr>\n
40<\/td>\n6.10 Program access
6.11 Audit event management
6.12 OAuth2, JWT and User roles
6.13 HTTPs, TLS & Websockets <\/td>\n<\/tr>\n
41<\/td>\n6.14 Reverse Connect
6.15 Passwords
6.16 Additional Security considerations
7 Unsecured Services
7.1 Overview
7.2 Multi Cast Discovery <\/td>\n<\/tr>\n
42<\/td>\n7.3 Global Discovery Server Security
7.3.1 Overview
7.3.2 Rogue GDS
7.3.3 Threats against a GDS <\/td>\n<\/tr>\n
43<\/td>\n7.3.4 Certificate management threats
8 Certificate management
8.1 Overview
8.2 Self signed certificate management <\/td>\n<\/tr>\n
44<\/td>\n8.3 CA Signed Certificate management <\/td>\n<\/tr>\n
45<\/td>\n8.4 GDS Certificate Management
8.4.1 Overview
8.4.2 Developers Certificate management <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":"

BS EN IEC 62541-2 OPC Unified Architecture – Part 2: Security Model<\/b><\/p>\n\n\n\n\n
Published By<\/td>\nPublication Date<\/td>\nNumber of Pages<\/td>\n<\/tr>\n
BSI<\/b><\/a><\/td>\n2024<\/td>\n47<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"featured_media":451695,"template":"","meta":{"rank_math_lock_modified_date":false,"ep_exclude_from_search":false},"product_cat":[385,2641],"product_tag":[],"class_list":{"0":"post-451686","1":"product","2":"type-product","3":"status-publish","4":"has-post-thumbnail","6":"product_cat-25-040-40","7":"product_cat-bsi","9":"first","10":"instock","11":"sold-individually","12":"shipping-taxable","13":"purchasable","14":"product-type-simple"},"_links":{"self":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product\/451686","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product"}],"about":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/types\/product"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media\/451695"}],"wp:attachment":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media?parent=451686"}],"wp:term":[{"taxonomy":"product_cat","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_cat?post=451686"},{"taxonomy":"product_tag","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_tag?post=451686"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}