Industrial Internet Security Framework v 1.0 | Page 60
Security Framework
8: Protecting Endpoints
8 PROTECTING ENDPOINTS
Endpoints cover the entire spectrum of IIoT edge devices including simple sensors,
Programmable Logic Controllers (PLC) and massive cloud servers with significant computing
capabilities. An endpoint may be part of a control network, a concentrator between multiple
communications streams, or routing traffic between other endpoints inside of the cloud
infrastructure. The endpoints may be on dedicated hardware or shared or virtualized hardware.
Endpoint security should consider at least these security functions as described in section 7.3.
Figure 8-1: Functional Breakdown for Endpoint Protection
The checkmarks in Table 8-1 show the implementations for security functions that mitigate the
vulnerabilities and threats to the endpoint.
Security Objectives
Functions and Techniques
Availability Integrity Confidentiality Description
Endpoint Physical Security
Establish Roots of Trust
Endpoint Identity
Endpoint Access Control
Endpoint Integrity Protection
Data Protection
Endpoint Monitoring & Analysis
Endpoint Configuration & Management
Cryptography Techniques for Endpoints
Isolation Techniques for Endpoints
Section
8.3
8.4
8.5
8.6
8.7
8.8
8.9
8.10
8.11
8.12
Table 8-1: Endpoint Objectives, Functions and Techniques (Chapter 8 Outline)
IIC:PUB:G4:V1.0:PB:20160926
- 60 -