| Req ID | Requirement name | Supported by CIP | Need application support | Need HW solution | Status if supported by CIP | IEC-62443-4-2 tests reference | CIP recommendation |
|---|---|---|---|---|---|---|---|
| CR-5.1 | Network segmentation | FALSE | TRUE | FALSE | N.A. | None | CIP does not support this requirement. CIP users should meet this requirement by using common networking protocols that are supported by switches and routers to implement network segmentation |
| NDR-5.2 | Zone boundary protection | FALSE | TRUE | FALSE | N.A. | None | This is a product specific requirement, it should be met by CIP users by using CIP provided packages. |
| NDR-5.2 RE(1) | Deny all, permit by exception | FALSE | TRUE | FALSE | N.A. | None | Same as NDR-5.2 |
| NDR-5.2 RE(2) | Island mode | FALSE | TRUE | FALSE | N.A. | None | Same as NDR-5.2 |
| NDR-5.2 RE(3) | Fail close | TRUE | FALSE | TRUE | N.A. | None | Same as NDR-5.2 |
| NDR-5.3 | General purpose, person-to-person communication restrictions | FALSE | TRUE | FALSE | N.A. | None | This is a product specific requirement and has to be met by CIP users. This can be done by blocking specific ports that are used by applications to communicate general purpose messages between person to person |
| CR-5.4 | Application partitioning | FALSE | FALSE | FALSE | N.A. | None | No component level requirement |