Encryption or application level security requirements are not required on the protocol level.

It is recommended that all encryption or application level security requirements that are specified should be based on a network security assessment. If encryption on the protocol level is required, it is recommended to use encryption algorithms specified by OPC UA. Any advanced security features, if implemented, should have the option to be disabled and not adversely affect system performance.

No provision for user level security is considered for the MDIS Interface. The MDIS Interface is controller to controller communication and is not user restricted. All user level security should be implemented in the SPCS and DCS.