Endpoint identity and access control
Endpoint or device identity is a foundational building block in any trust model. Identity is a prerequisite for performing authentication, authorization, secured asset management, remote monitoring, management, and maintenance. Identification and Authentication Control is one of the seven foundational requirements in IEC 62443, and associates four assurance levels to it. These assurance levels correlate to the risk profiles of endpoints in a given IIoT use case:
"If no threat exists against the endpoint, clear text credential, such as identification numbers may be used. In some rare instances, it may not be required for all endpoints to support identity, but the risks should be well understood and documented. ISO/IEC 24760-1 defines three levels of trust for identities: identity, unique identity and secure identity. Industrie 4.0 provides information on what a secure identity technology consists of, and in the case of digital identity a secure identity...