Industrial Internet Security Framework v 1.0

Security Framework 11: Security Configuration and Management It is possible to have both strong authentication and strong privacy. For example, there exist authentication schemes that limit the disclosure of identity. They provide anonymous cryptographic identity attestation through anonymous credentials and group signatures.1 11.8 SECURITY MODEL CHANGE CONTROL A number of lifecycle transitions occur over the lifetime of an endpoint. For example, implementing the entity enrollment and credential management phases for an endpoint. Similarly, the security model must change for each endpoint depending on its lifecycle state. Commissioning provides the endpoint with temporary identity and a policy that locks it down to communicate only with a provisioning server. Ideally, the component builder, the system builder or both should commission the endpoint. Provisioning replaces the identity in the trust root with the organization’s identity, credentials are issued, and new policy is set to put the endpoint into normal use. Figure 11-7: Endpoint Security Lifecycle Endpoint provisioning configures the desired security controls, including deploying the identity material into the roots of trust, setting initial policy settings, and starting the business processes for which the endpoint is designed. In some cases, the endpoint may require the provisioning to 1 See [ISO-20008] and [ISO-20009] IIC:PUB:G4:V1.0:PB:20160926 - 118 -

Industrial Internet Security Framework v 1.0 | Page 118