Security is a process, not a static state. It is typically not possible to achieve security objectives through the use of a single countermeasure or technique. It involves the continuous application of fit-for-purpose, cost-effective mechanisms throughout the system lifecycle. A defense-in-depth strategy is essential to mitigate threats effectively.

To ensure adequate security, it is necessary to model and understand the communication infrastructure and assess potential threats to these assets. The IEC 62443 series of standards, particularly its foundational requirements (FRs) – such as Identification and Authentication Control, Use Control, System Integrity, Data Confidentiality, Restricted Data Flow, Timely Response to Events, and Resource Availability – provide a structured and comprehensive framework for capturing relevant security considerations across different system dimensions.

All information and recommendations provided in this Deployment Guideline address one or more of these foundational requirements and aim to harden the device within the broader network context.