MID-079: Remove Undocumented Network Functionality
Mitigation Tier: Foundational
Description
All network protocol functionality, including function codes, should be documented and available to the owners/operators of a device. The presence of undocumented functionality prevents device operators from adequately taking precautions and monitoring network behavior based on a device’s potential threat landscape. Without proper documentation, device users have no knowledge of what function codes are going over their network, leaving them exposed to potential threats and preventing them from implementing security features on their network, such as a message-level firewalls.
Documentation should include (i) describing the full set of function codes or message types that the device produces or accepts, (ii) functions that affect device management or can cause configuration changes, and (iii) authentication and encryption modes and mechanisms it is capable of. Any functions that are not meant for use in a production environment should be removed. The device operator should have full knowledge of any network-accessible function that can affect the behavior or performance of the device.
IEC 62443 4-2 Mappings
- CR 7.7 – Least functionality