Industrial Internet Security Framework v 1.0 | Page 118
Security Framework
11: Security Configuration and Management
It is possible to have both strong authentication and strong privacy. For example, there exist
authentication schemes that limit the disclosure of identity. They provide anonymous
cryptographic identity attestation through anonymous credentials and group signatures.1
11.8 SECURITY MODEL CHANGE CONTROL
A number of lifecycle transitions occur over the lifetime of an endpoint. For example,
implementing the entity enrollment and credential management phases for an endpoint.
Similarly, the security model must change for each endpoint depending on its lifecycle state.
Commissioning provides the endpoint with temporary identity and a policy that locks it down to
communicate only with a provisioning server. Ideally, the component builder, the system builder
or both should commission the endpoint.
Provisioning replaces the identity in the trust root with the organization’s identity, credentials
are issued, and new policy is set to put the endpoint into normal use.
Figure 11-7: Endpoint Security Lifecycle
Endpoint provisioning configures the desired security controls, including deploying the identity
material into the roots of trust, setting initial policy settings, and starting the business processes
for which the endpoint is designed. In some cases, the endpoint may require the provisioning to
1
See [ISO-20008] and [ISO-20009]
IIC:PUB:G4:V1.0:PB:20160926
- 118 -