Industrial Internet Security Framework v 1.0 | Page 114
Security Framework
11: Security Configuration and Management
There are standards and recommendations in place today for identity management. The ‘Entity
Authentication Assurance Framework’ (EAAF) in ISO/IEC 29115 1 is an authentication standard
describing the life cycle for credentials and authenticating entities. The NIST 800-57,
‘Recommendation for Key Management’ 2 applies similar approaches to the management of
credentials and identity material. Also, the ‘Functional Model Representation of the Identity
Ecosystem’ 3 is a model for identity solutions, including the various components and interactions.
If the credential management process is not correctly implemented and adhered to, then the
results of the endpoint authentication may not produce the level of trust desired.
Applying an IIoT perspective to the existing identity management recommendations yields a
variant of the lifecycle process. The treatment of identity for a human entity does not differ
greatly from existing IT models, so non-person entities are the focus here. The IIoT management
life cycle comprises three phases as shown below.
Figure 11-6: IIoT Identity Management Lifecycle
The enrollment phase ensures that the appropriate entity is to receive the appropriate identity
material. This requires participation from the component builders to establish trust during
manufacturing, procurement, delivery and commissioning. The entity may change ownership
several times during these steps, so an audit trail tracking the chain of custody should be kept,
See [ISO-29115]
See [NIST-800-57]
3
See [IDESG-IDEF]
1
2
IIC:PUB:G4:V1.0:PB:20160926
- 114 -