The following sub-clauses define OPENSCS Facets that, when implemented, are used to add additional functionality to the basic OPENSCS functionality.

The OPENSCS Security Server Facet defined in Table 72 includes ConformanceUnits for Servers that are not included in other OPC UA defined Facets and Profiles. This Facet is required to meet the security requirements of OPENSCS.

Table 72 – OPENSCS Security Server Facet Definition

Security Conformance Unit	Defined in	Optional / Mandatory
OPC UA Authority Profile	OPC 10000-7	M
Security Time Synch – NTP / OS Based support	OPC 10000-7	M
Security Administration	OPC 10000-7	M
Security Role Server Restrict Applications	OPC 10000-7	M
Security Role Server Restrict Endpoints	OPC 10000-7	M
Security Role Server Role Permissions	OPC 10000-7	M
Security Role Server Authorization	OPC 10000-7	M

OPENSCS security requirements mandate that the session shall always be authenticated. The use of endpoints enabling the security policy SECURITY_POLICY_NONE is not allowed.

The OPENSCS Security Client Facet defined in Table 73 includes Conformance Units for Clients that are not included in other OPC UA defined Facets and Profiles. This Facet is required to meet the security requirements of OPENSCS.

Table 73 – OPENSCS Security Client Facet Definition

Security Conformance Unit	Defined in	Optional / Mandatory
OPC UA Authority Profile	OPC 10000-7	M
Security Time Synch – NTP / OS Based support	OPC 10000-7	M
Security Default Application Instance Certificate	OPC 10000-7	M
Security Policy Required	OPC 10000-7	M
Authorization Service Client	OPC 10000-7	M

OPENSCS security requirements mandate that the session shall always be authenticated. The use of the security policy SECURITY_POLICY_NONE is not allowed.