Physical protection

The edge controller and its physical WAN and field bus connectors (terminal blocks) must be protected from unintentional or malevolent disruptions.

Considerations for physical security must include the following basic protection, possibly further strengthened depending on building purpose and exposure.

The technical room in which the edge controller is installed must be locked and access must be controlled by means of organizational access restrictions.
As a general rule, publicly accessible data transmission lines must be protected against unauthorized access.
The field bus endpoints and the serial (RS232) endpoints must be physically, organizationally, or logically protected. Only connect approved devices to these interfaces. If no devices are connected, the interface must be disabled.

For more details, see Building X - Cybersecurity guide, https://siemens.com/bt/download → ID: A6V13199528.

Physical protection - Quick Reference Guide - CXE200

Desigo Plug and Play Automation Cybersecurity and IT settings Quick Reference Guide