Industrial Internet Security Framework v 1.0 | Page 60

Security Framework 8: Protecting Endpoints 8 PROTECTING ENDPOINTS Endpoints cover the entire spectrum of IIoT edge devices including simple sensors, Programmable Logic Controllers (PLC) and massive cloud servers with significant computing capabilities. An endpoint may be part of a control network, a concentrator between multiple communications streams, or routing traffic between other endpoints inside of the cloud infrastructure. The endpoints may be on dedicated hardware or shared or virtualized hardware. Endpoint security should consider at least these security functions as described in section 7.3. Figure 8-1: Functional Breakdown for Endpoint Protection The checkmarks in Table 8-1 show the implementations for security functions that mitigate the vulnerabilities and threats to the endpoint. Security Objectives Functions and Techniques Availability Integrity Confidentiality Description                          Endpoint Physical Security Establish Roots of Trust Endpoint Identity Endpoint Access Control Endpoint Integrity Protection Data Protection Endpoint Monitoring & Analysis Endpoint Configuration & Management Cryptography Techniques for Endpoints Isolation Techniques for Endpoints Section 8.3 8.4 8.5 8.6 8.7 8.8 8.9 8.10 8.11 8.12 Table 8-1: Endpoint Objectives, Functions and Techniques (Chapter 8 Outline) IIC:PUB:G4:V1.0:PB:20160926 - 60 -