Skip to content

M0800 Authorization Enforcement

The device or system should restrict read, manipulate, or execute privileges to only authenticated users who require access based on approved security policies. Role-based Access Control (RBAC) schemes can help reduce the overhead of assigning permissions to the large number of devices within an ICS. For example, IEC 62351 provides examples of roles used to support common system operations within the electric power sector 1, while IEEE 1686 defines standard permissions for users of IEDs. 2

Item Value
ID M0800
Version 1.0
Created 11 September 2020
Last Modified 30 March 2023
Navigation Layer View In ATT&CK® Navigator

Techniques Addressed by Mitigation

Domain ID Name Use
ics T0800 Activate Firmware Update Mode Restrict configurations changes and firmware updating abilities to only authorized individuals.
ics T0858 Change Operating Mode All field controllers should restrict operating mode changes to only required authenticated users (e.g., engineers, field technicians), preferably through implementing a role-based access mechanism. Further, physical mechanisms (e.g., keys) can also be used to limit unauthorized operating mode changes.
ics T0868 Detect Operating Mode All field controllers should restrict the modification of programs to only certain users (e.g., engineers, field technician), preferably through implementing a role-based access mechanism.
ics T0816 Device Restart/Shutdown All field controllers should restrict the modification of programs to only certain users (e.g., engineers, field technician), preferably through implementing a role-based access mechanism.
ics T0871 Execution through API All APIs used to perform execution, especially those hosted on embedded controllers (e.g., PLCs), should provide adequate authorization enforcement of user access. Minimize user’s access to only required API calls. 3
ics T0838 Modify Alarm Settings Only authorized personnel should be able to change settings for alarms.
ics T0836 Modify Parameter All field controllers should restrict the modification of programs to only certain users (e.g., engineers, field technician), preferably through implementing a role-based access mechanism.
ics T0861 Point & Tag Identification Systems and devices should restrict access to any data with potential confidentiality concerns, including point and tag information.
ics T0843 Program Download All field controllers should restrict the modification of programs to only certain users (e.g., engineers, field technician), preferably through implementing a role-based access mechanism.
ics T0845 Program Upload All field controllers should restrict program uploads to only certain users (e.g., engineers, field technician), preferably through implementing a role-based access mechanism.
ics T0886 Remote Services Provide privileges corresponding to the restriction of a GUI session to control system operations (examples include HMI read-only vs. read-write modes). Ensure local users, such as operators and engineers, are giving prioritization over remote sessions and have the authority to regain control over a remote session if needed. Prevent remote access sessions (e.g., RDP, VNC) from taking over local sessions, especially those used for ICS control, especially HMIs.

References