Identity and access management¶
The identity and access management is the process of granting authorized users the right to use a service, while preventing access to non-authorized users. Identity and access management can also be referred to as rights management.
The identity and access management ensures the right for users to be able to use a service or group of services. Access management is the execution of information security policies and actions. It also protects the Confidentiality, Integrity and Availability (CIA).
Access management on the IE Hub is centrally done by Siemens.
Industrial Edge provides an integrated user management including role-based groups and mail-based 2 factor authentication for the IE Management, for Edge Devices and for apps (if the integrated proxy is used).
Passwords¶
Use only strong passwords containing upper- and lower-case letters as well as non-alpha numerical characters with a minimum length of 12 characters. The system assists you in setting strong passwords.
Industrial Edge Management administrators¶
During the setup of the Industrial Edge Management, the admin users for the IEM OS and for the Industrial Edge Management are created by the operator of the setup.
Brute force protection¶
Login attempts are limited to 5 attempts for 15 minutes. In this period, this user cannot log in and must wait.
Notes on protecting administrator accounts¶
A user with administrator rights has extensive access and manipulation options available in the system.
Therefore, customers must ensure that adequate security guards for protecting the administrator accounts are in use to prevent unauthorized changes. Therefore, secure passwords and a standard user account for normal operation shall be used. Other measures, such as the use of security policies, should be applied as needed.
Following the segregation of duties principle, only administrative tasks are done with privileged accounts whereas daily operation tasks are to be handled with non-privileged user accounts.
Requirements for Operations¶
| Requirement | Remark |
|---|---|
| Grant access to services, service groups, data or functions only if the entity is entitled to that access | Set up groups and users in the IEM and IEDs according to your organizational needs |
| Remove access when people change roles or jobs | - |
| Regular audits of the access permissions to ensure they are still correct | - |