Professional Documents
Culture Documents
DeltaV Services App User Guide - Basic Cybersecurity Assessment
DeltaV Services App User Guide - Basic Cybersecurity Assessment
Document Information
Initiative: Service Execution & Quality Management
Business Unit: Process Systems & Solutions
Name: DeltaV Services App User Guide for Basic Cybersecurity Assessments
SMO Document Number: SEQ-PSS-GBL-216
DeltaV Sercvices App – User Guide for Basic Cybersecurity
Document File Name:
Assessment.pdf
Document Status: Preliminary
Revision: F4
Revision History
This product and/or service is expected to provide an additional layer of protection to your DeltaV system to help avoid certain types of undesired
actions. This product and/or service represents only one portion of an overall DeltaV system security solution. Emerson does not warrant that
the product and/or service or the use of the product and/or service protects the DeltaV system from cyber-attacks, intrusion attempts,
unauthorized access, or other malicious activity (“Cyber Attacks”). Emerson shall not be liable for damages, non-performance, or delay caused
by a Cyber Attack. Users are solely and completely responsible for their control system security, practices and processes, and for the proper
configuration and use of the security products.
© Emerson 2020. All rights reserved. Unauthorized duplication, in whole or in part, is prohibited. Trademarks
identified in this document are owned by one of the Emerson group of companies. All other trademarks or
registered trademarks remain the property of their respective owners. Unless otherwise agreed to in writing by
the parties, any information provided in this document is confidential or proprietary and may not be used or
disclosed without the expressed written permission of Emerson.
www.Emerson.com
Emerson - Confidential and Proprietary
SEQ-PSS-GBL-216
DeltaV Services App User Guide for the Rev F4 – Page 3 of 40
Basic Cybersecurity Assessment (BCA)
Table of Contents
1 INTRODUCTION .....................................................................................................................................................5
1.1 PURPOSE ................................................................................................................................................................ 5
1.2 TARGET GROUP ....................................................................................................................................................... 5
1.3 PRE-ASSESSMENT PREPARATION INSTRUCTIONS ............................................................................................................. 5
2 BASIC CYBERSECURITY ASSESSMENT MODULE DASHBOARDS ...............................................................................6
3 GENERAL CYBERSECURITY ASSESSMENT QUESTIONNAIRE DATA ENTRY INSTRUCTIONS .....................................12
4 CREATING A NEW BASIC CYBERSECURITY ASSESSMENT REQUEST .......................................................................16
4.1 CHECK YOUR SUPPORT COMPANY IN SMS .................................................................................................................. 16
4.2 ENTERING DATA INTO THE “DELTAV BASIC CYBERSECURITY ASSESSMENT” MODULE ........................................................... 17
4.3 ENTERING DATA INTO THE “VENDOR AGNOSTIC BASIC CYBERSECURITY ASSESSMENT” MODULE ........................................... 22
5 SUBMITTING A BASIC CYBERSECURITY ASSESSMENT FOR EVALUATION ..............................................................28
6 BASIC CYBERSECURITY ASSESSMENT REPORT DELIVERY .....................................................................................30
6.1 SYNCHING THE FINAL CUSTOMER REPORT TO GUARDIAN/SMS....................................................................................... 31
7 HOW TO ACCESS THE CYBERSECURITY QUESTIONNAIRE FOR AN ASSESSMENT IN COMPLETED STATUS .............33
8 ERROR MESSAGE SUMMARY ...............................................................................................................................35
9 SETTINGS OPTIONS .............................................................................................................................................37
Table of Figures
Figure 1. DeltaV Services App showing the Basic Cybersecurity Assessment Module button........... 6
Figure 2. Basic Cybersecurity Assessment Module Dashboard ........................................................ 7
Figure 3. New Basic Cybersecurity Assessment Button .................................................................... 8
Figure 4. Basic Cybersecurity Assessment Button ............................................................................ 8
Figure 5. Vendor Agnostic Cybersecurity Assessment Confirmation ................................................. 9
Figure 6. Initial New Vendor Agnostic Cybersecurity Assessment Screen ...................................... 10
Figure 7. Contact Support Request Button...................................................................................... 11
Figure 8. Basic Cybersecurity Assessment Requests “In-Progress” Section ................................... 11
Figure 9. Basic Cybersecurity Assessment Requests “Submitted” Section ..................................... 12
Figure 10. Basic Cybersecurity Assessment Requests “Completed” Section .................................. 12
Figure 11. Basic Cybersecurity Assessment Questionnaire Navigation Pane ................................. 13
Figure 12. Entering Individual Question/Response Data ................................................................. 14
Figure 13. Selecting Information from a Drop-Down List ................................................................. 14
Figure 14. Adding Additional Information (Optional) ........................................................................ 15
Figure 15. Steps to Update Support Company in SMS ................................................................... 16
Figure 16. Creating a New DeltaV Basic Cybersecurity Assessment .............................................. 17
Figure 17. Inserting a System ID..................................................................................................... 17
Figure 18. Entering Required Requestor Information Data .............................................................. 18
Figure 19. Entering Required Header Information Data .................................................................. 19
Figure 20. Customer Information Data Entry ................................................................................... 20
Figure 21. Start of Assessment Questionnaire ................................................................................ 21
Figure 22. Initial New Vendor Agnostic Assessment Screen ........................................................... 22
Figure 23. Start of Vendor Agnostic Assessment Questionnaire ..................................................... 23
Figure 24. Section 0 of the Vendor Agnostic Assessment Questionnaire ........................................ 24
Figure 25. Answering Questions in the Vendor Agnostic Assessment Questionnaire ..................... 25
Figure 26. Answering Questions in the Vendor Agnostic Assessment Questionnaire ..................... 26
Figure 27. A Completed Vendor Agnostic Assessment Questionnaire ............................................ 27
Figure 28. Submitting BCA information for report generation .......................................................... 28
Figure 29. Recently Submitted Cybersecurity Assessment Status .................................................. 29
Figure 30. Automatic Status Updating............................................................................................. 30
Figure 31. Your Completed Assessments List ................................................................................ 31
Figure 32. Steps to Synch Final Report to SMS .............................................................................. 32
Figure 33. Steps to access a Completed Cybersecurity Assessment .............................................. 34
Figure 34. Steps to View the Section Scores .................................................................................. 34
1 INTRODUCTION
1.1 Purpose
DeltaV Services App – Basic Cybersecurity Assessment (BCA) Module is used
to execute the evaluation of the DeltaV System(s) at the customer plant across
multiple system dimensions. Using the BCA Module, the Services Engineers can:
On the App Dashboard, Service Managers can see the progress (and access at any
time) of all the BCA’s created/completed by their Service Engineers.
Both Service Engineers and Service Managers with access to the DeltaV Services
App, can create a new BCA for a given system, if the system is supported by the
same Support Company for which the user is registered in Service Management
System (SMS).
* For those previously certified under the v5.0, use the Section 8 video to update your
certification to v6.0.
Additionally, you should have read and are familiar with the following document(s):
The Basic Cybersecurity Assessment Module Dashboard is where you track the
status of the BCA’s that you have created. If you have a Service Manager access to
the App, then you will be able to see all the BCA’s created/in progress/completed by
the Service Engineers under your supervision.
At the top of this screen, there is a selection bar that reads: DeltaV Systems. This
bar will allow you to select either a standard DeltaV Basic Cybersecurity Assessment
or a Vendor-Agnostic Basic Cybersecurity Assessment.
a. Click on the top box labelled DeltaV Systems, and the following screen will
appear:
The next screen will ask whether this assessment is for an assessment of a DeltaV
control system or for a Vendor-agnostic control system assessment.
b. By selecting the DeltaV Systems option, you will see the following screen:
With an active connection to the internet, simply enter the DeltaV system I.D. for the
system to be assessed and then select “Update System from SMS”. The system will
gather the data for that system and pre-populate any information required. You will
then be advanced to the first data entry screen (see section 4.2 for the next steps).
For specific instructions on entering data for a new DeltaV assessment, please see
Section 4.2.
c. By selecting the Vendor Agnostic Systems option, you will see the following
screen to confirm your selection of “Vendor Agnostic:
Select the “Create Vendor Agnostic Assessment” button to verify that this is
what you want to do. No active connection to the internet is required for the
Vendor Agnostic version as all data will come from the customer, none from SMS
however, you must start the assessment process on-line.
d. The initial New Vendor Agnostic Assessment data entry screen appears.
Ensure that all data marked with an “*” has been filled in, then press the save
button. This will start the assessment registration process and you can now work
without on-line connection to the Services App.
Note: For specific instructions on entering data for a New Vendor Agnostic
assessment, please see Section 3.3.
e. “Contact Support” button: If you have any issue with the BCA Module, press on
the “Contact Support” button and fill out all the fields to let the Admins know the
issue you are experiencing and press the “Send” button to complete (see box 1).
Select the “App Issue” button if the issue is with the app itself but choose the
“Basic Cybersecurity Issue” button if it is a specific issue with using the BCA data
entry.
f. Download CS User Guide link: We have posted within the App this BCA user
guide that will help you understand how to utilize the module functionality.
g. Export to File button: Allows you to export all the information visible in the
Cybersecurity Home page to a .csv file that can be opened in excel to keep
metrics on your BCA’s activity.
All questions need to be answered in consultation with your customer and you must
select the appropriate response from the individual drop-down menu selections.
Start by selecting the first section “<” (see box 1).
Select the “Response” box for the first question to open the drop-down responses for
this question.
For questions within each section, select a response from the drop-down menu using
the radio button to indicate your choice and then press on “Submit” button.
In some cases, the initial question may (see box 2) have an option for additional
information, and if so, another data entry selection box will open (see box 3) allowing
you to optionally add comments for a question.
As soon as you finish answering all the questions from one of the sections, the App
will proceed to the next section.
In order to check your Support Company in SMS, follow the steps as shown in the
next image:
Enter the DeltaV System ID for which you are requesting the Basic Cybersecurity
Assessment (see box 5). App will establish connection with SMS and populate the
customer information. For this first step, direct connection to Emerson Network or via
VPN is needed. Press the “Update System from SMS” button to retrieve the data
from SMS (see box 6). The screen will show some action circles while the data is
retrieved. Do this before going to the customer site.
If the System ID requested is not in the SMS database or the System ID is not
associated with your LBP or FSO, you will receive an error message. In the case of
any message, you cannot continue without correcting the error.
If the Customer information retrieved from SMS is not current, you can change it in
the App, since those are editable fields. There several data entry screens associated
with getting started on a new DeltaV Basic Cybersecurity Assessment. Complete all
the mandatory fields for BCA Customer Information and BCA Requester Information
(see box 7) and then press the “NEXT” button.
Note: There are mandatory fields required to progress to the next step, indicated by
an “*” next to the field name (see red box highlight above).
When data entry is complete, depress the “Next” button to proceed (see box 8).
After pressing on NEXT button, you will be presented with the navigation pane (top
left) where you will enter information required for completion of the BCA. Start with
selecting the Header Information selection (see box 9). Complete the required data
entry for this page and depress “Next” to continue to the next step (see box 10).
10
After selecting Next, you will need to select Customer Information from the header
pane (see box 11). Complete the required data entry for this page and depress
“Next” to continue to the next step (see box 12).
11
12
11
1
Finally, after selecting “Next”, you will be taken to the Cyber Assessment Overview
page. Select “Cybersecurity Assessment” from the header pane (see box 13).
You are now ready to begin the next phase of the assessment process with your
customer as you will now begin to ask and answer the individual questions from the
Questionnaire (see box 14).
When you select the top arrow, the questions and selectable answers will appear,
section by section. When a major section is complete, you will be advanced to the
next section and so on… until the questionnaire has been completed.
13
14
From the initial Vendor Agnostic Assessment screen, select Save and you will be
taken to the first data entry section, Section 0.
You are now ready to begin the next phase of the assessment process with your
customer as you will now begin to ask and answer the individual questions from the
Questionnaire (see box 15). Use the right arrow key to migrate to the new set of
questions.
15
5
Simply click on the right arrow for each question and provide the information
required. Starting with the first question, when answered, press “Submit” to
automatically proceed to the next question.
16
For each question (blue box) enter the data required in the response box (brown
box), then press Submit. The response should show up in the response box (Green
box) and the next question should be promoted to the blue box. Continue until the
last question has been answered and submitted, and you will be automatically
advanced to the next set of questions and answers.
Proceed to answer these questions in the same way until all questions in the
assessment have been answered.
As a section is completed, a check mark will appear (blue box) and a sub-section
score (green box) will be posted.
After all the 7 sub-sections has been completed, then you can press on “Submit”
button (see box 17) to send the responses of the customer in order to generate the
Basic Cybersecurity Assessment Report.
18
17
A verification screen pops up (see box 18). Hit “YES” to complete submitting the
information. After that action, the app will send you back to the Cybersecurity home
page where you will see that the report passed from “In Progress Cybersecurity
Assessment” section to “Submitted Cybersecurity Assessments” section.
After submitting the BCA information, wait for 1-3 business days to receive the report
in the App.
After Lifecycle Services team process the report, the App’s status of the BCA passes
from Submitted to Completed.
In order to download the Completed BCA Report, press on the right arrow symbol to
the right and download it. Save it in a convenient location in your PC.
Please remember that this report will be sent to you in Word format, allowing you to
make any changes to fit your organization. Please remember to only submit the final
report in PDF format to your customer!
The Basic Cybersecurity Assessment App now provides for the easy posting of the
final PDF report to SMS. This “synching” process must be done by the requestor of
the assessment and must be submitted in PDF format.
In order to post to SMS, the final file must be in PDF format. Posting the final PDF
to SMS will allow us to fully discuss the results (as presented by you) when we
discuss further with you and your customer. The posting will also allow the
comparison of last year’s assessment to any current assessment for “progress”
purposes. The final PDF should have any and all changes made by you to the report
and then posted to SMS.
2. Use the filters to find the Assessment according to your information needs (Box
20)
3. Press on the Assessment of your interest and access the questions and answers
(Box 21)
19
7
20
21
Each section of the Completed Assessment shows the score obtained according to
responses of the customer
The System ID entered for this Cybersecurity Request does not belong to your FSO
or Impact Partner region.
This error flashes to indicate that a required field has no data entry.
9 SETTINGS OPTIONS
• There is a viewing few options that can be set within the BCA app and can be
accessed from within the app using the button located at the upper right-hand
corner of the app screen.
By selecting the “three dots” button, the screen opens to the right side of the page
revealing the following options menu:
• Releases:
• Switch Moule:
• Messages:
If there are any messages posted, you can view them here.
• Diagnostics:
• About: