CIP Documents
This repository is where keeps all documents at one place for all working groups of the CIP projects to meet secure development process definced at IEC 62443-4-1 which require to maintain documents and their versions.
Management policy
This repository will be maintained by a few security members to meet secure development process, thus branches in this repository will be protected by restricting members enabling to push and merge.
License
The license of all documentation in this repository follows the intellectual property policy in the CIP Charter. See section 14-e in the CIP Charter.
Guide
This section will give brief descriptions about each document to make navigating this repository easier. Non-document files will not be explained here.
cip-project
cip-documents
developer
event
process
security
testing
user
Developer
Name |
Description |
---|---|
Presentation on security increases in Debian over time. |
Event
Name |
Description |
---|---|
Presentation CIP Software Update WG. |
|
Presentation CIP Security WG. |
|
Threat modelling - Key methodologies and applications from OSS CIP(CIP) perspective |
Presentation of CIP Security WG on Threat modeling in CIP. |
Process
Name |
Description |
---|---|
The primary objective of this document is to explain about how file integrity for CIP deliverables is achieved. |
|
The primary objective of this document is to show the roles in CIP with their responsibilities and accountabilities. It is also shwon which roles should be consulted and/or informed for certain actions and which qualifications, if any, are needed to fulfill a role. |
|
This document is based on IEC-62443-4-1 (Edition 1.0 2018-01) secure development process requirements.The Objective is to adhere IEC-62443-4-1 secure development process requirements in CIP development as much as possible. |
Security
Name |
Description |
---|---|
This document explains how CIP Project and its upstream projects are following security coding guidelines. |
|
This document explains how CIP Project executes SCA with some explanation on how to use some SCA software. |
|
The primary objective of this document is to document current development environment security, development flow and how security is maintained. |
|
The primary objective of this document is to provide guidelines to CIP users for meeting IEC-62443-4-2 security requirements. The document explains about each IEC-62443-4-2 requirements whether it has already been met by CIP. In addition this document also explains about iec security layer added in CIP to meet IEC-62443-4-2 security requirements. |
|
This document contains items identified during IEC-62443-4-1 and IEC-62443-4-2 Gap Assessment for user security manual. |
|
The primary objective of this document is to explain about how various OWASP. top 10 vulnerabilities are handled in CIP. |
|
The primary objective of this document is to explain about how various private keys used in CIP development are maintained and kept secure and confidential. |
|
This document is intended to capture CIP security requirements based on IEC-62443-4-2 standard. |
|
The primary objective of this document is to create Threat Model for CIP reference platform. |
Testing
Name |
Description |
---|---|
Overview of the CIP 62443-4-2 test cases. |
|
The primary objective of this document is to identify suitable penetration testing tool and document the process how this can be re-used by CIP end users for their specific use cases. |
User
Name |
Description |
---|---|
This document is a user perspective overview and technical guide for CIP. |
Note
This project is under active development.
Welcome to CIP_Documentation’s documentation!
- Introduction
- CIP Project coding standards
- CIP Upstream projects coding standards
- Tools to assist security code review
Static analysis tools for CIP packages - Coverity Scan
- Gitlab SAST
- Next Step
- CIP Security Hardening
- [CIP-Security] [CR2.10] Response to audit processing failure
- Table of contents
- Revision History
- 1. Objective
- 2. Common Approach for Response to audit processing failure
- 2.1. Alert the allocated audit log storage volume is nearly full
- 2.2. Take the actions to response to audit log processing failure
- 3. CIP Features for Response to Audit Processing Failure
- 3.1. auditd
- 3.2. The log daemon not support the space left, error detection or max log file features
- Reference
CIP Development Environment Security - Table of contents
CIP Security Partitions - Table of contents
- Additional notes
IEC 62443-4-2 App & HW Guidelines - Table of contents
OWASP Top 10 Vulnerabilities Monitoring - Table of contents
CIP Private Key Management - Table of contents
CIP Security Requirements - Table of contents
CIP Threat Modeling - Table of contents
- Revision History
- 1. Objective
- 2. Assumptions
- 3. Scope
- 4. Security Requirements
- 5. Threat Modeling Strategy
- 6. Data Flow Diagrams(DFD)
- 7. Potential Threats To the System and Mitigation
- 8. Validation of Threats and Mitigation
- 9. CIP Core Packages for mitigation
- 11. Updating CIP Threat Model
- 12. Further Guidelines for End Product owners
- 13. Acronyms
- 14. CIP Core CVE scanner
- 15. CIP Kernel CVE scanner
- 16. References
- 17. Pending Work and known issues
User Security Manual - Table of contents