Industrial Internet Security Framework v 1.0 | Page 54

Security Framework

7: IISF Functional Viewpoint

Figure 7-6: Functional Breakdown for Security Configuration and Management

Security configuration management includes following functions:
•

•

•

•

•
•
•

Secure Operational Management is responsible for managing the secure and controlled
changes to all aspects of the operational system, except for security controls for which it
is performed separately by Security Management.
Security Management is responsible for ensuring and executing the secure and controlled
changes to the security policy and functions throughout the system. It should remain
separate from Secure Operational Management.
Endpoint Identity Management generates, updates and revokes machine (and user)
principals and cryptographic materials (keys, certificates, etc.) used in the identification
of the endpoint.
Endpoint Configuration & Management is responsible for configuring and managing
secure and controlled changes to the endpoint including both endpoint operational and
security function. This function may be performed by a local agent on the endpoint or
through a shared trusted central facility.
Communications Configuration & Management configures and manages the security
controls specifically for communications and the network.
Security Model Change Control is the process by which changes to the security model and
security policy are managed in the configuration and management process.
Configuration & Management Data Protection is the function that is responsible for
protecting all data (at rest, in use and in motion) related to the configuration &
management of the system.

IIC:PUB:G4:V1.0:PB:20160926

- 54 -