Security

NIS 2

The Network- and Information Security is an EU regulation which must be converted to national regulations latest 17.10.2024 in all EU member states.

This will affect Mid-size and large companies in sectors: Energy, Traffic, Banking, Government, Finance, Healthcare, Water & Wastewater, Digital Infrastructure, Information & Communication as well as Waste Management, Chemistry, Food Industry and Research.

WinCC OA meets all the technical requirements relevant for complying with the NIS 2 directive!

The NIS 2 directive is primarily aimed at operators of essential and important services and digital service providers.

This means that WinCC OA is designed to provide the security and reliability you need to protect your network and information systems.

CRA – Cyber Resilience Act

The Cyber Resilience Act (CRA) aims to safeguard consumers and businesses buying or using products or software with a digital component. It introduces mandatory cybersecurity requirements for manufacturers and retailers of such products, with this protection extending throughout the product life cycle.

This will affect manufacturers and retailers of products with digital components.

The CRA will guarantee

  • Harmonised rules based on IEC 62443-4-2
  • A framework of cybersecurity
  • An obligation to provide duty of care for the entire life cycle of such products

For IEC 62443-4-2 we fulfil SL2 to 100%.1 While WinCC OA already had high rankings in all SL parts (up to 90% even on SL4), with V3.20 this has been further enhanced.

This makes WinCC OA already the perfect and future-proven choice for upcoming Cyber Resilience Act changes for critical infrastructure operators.

Important: Implementing the SAR 2.4 RE (1) requirement is possible on a system level but not by the WinCC OA component itself. Please read the Security Guideline for further details.

OpenSSL 3.0

Increased security for data transfer due to support of OpenSSL® 3.x.

Enhanced auditing functionality

More security relevant information can now be traced in the Auditable Events feature and forwarded to the operating system system log.

1... Re-certification in progress