Security is our promise
01
Security is an Attitude
What are the security risks in industrial communication? We ask ourselves this question at all stages of development. Safe systems and devices require a safe development process. The development engineers of MB connect line are certified accordingly.
For this purpose, we rely on a TÜV expert certification program in the field of secure software development and on expert knowledge in the field of IT security (Teletrust T.P.S.S.E.).
02
Security by design
Our goal is to make the workflows and use cases in which our products are used as secure as possible and to consider IT security from the beginning of the development process.
In this way, the view on possible attack surfaces determines the work flow of the developers. Another key point is user-friendliness. The goal is to reduce complexity to that the user can not make any mistakes. The entire life cycle is considered. It is also not possible to read out data from a device that is ready for scrapping at the end of its life cycle.
The responsible handling of information and systems is a top priority for MB connect line. Our company is registered as a “critical infrastructure” on the NIS‑2 portal of the Federal Office for Information Security (BSI) - which serves as both an incentive and an obligation for us to continuously improve our high standards of cybersecurity and information security.
03
ISO/IEC 27001 certification
Our Information Security Management System (ISMS) is officially certified to ISO/IEC 27001. This certification confirms our structured approach to managing information security and protecting sensitive data, systems, and processes.
This underscores our commitment to the highest safety standards, transparent processes, and a trusting partnership with our customers and partners.
Here you can download our ISO/IEC 27001 certificate as PDF.
04
Security as a teamwork
To guarantee the security promise to our customers, MB connect line works with external IT security companies to validate developments. We are actively involved in the industrial security working groups at Teletrust and from this the evaluation method for IEC62443-4-2 was developed, against which we measure and test our product safety.
The experience and the different points of view are essential factors for the safe design of our products – without losing sight of user-friendliness.
05
Security certified - IEC 62443-4-1
With this recognition, we are demonstrating a strong commitment to quality, security and trust in our development processes and products.
Our DNA: 100% IT security for more than 25 years.
Here you can download our IEC 62443-4-1 certification as PDF.
06
Security as a Whole
In our views, a security incident as the result of a problem in the process of product design, installation, configuration, integration, or usage. As a manufacturer, only the first process is under our control.
All the following others are mostly out of our hands. We do care to deliver secure products and contribute in this way to your Security by Design exercise.
07
We see penetration tests rather as the first step of product maintenance than the last step of product creation. For us, security maintenance actually starts before the product is formally released and continues long after the product is no longer available for purchase.
It is an ongoing process that we maintain as long as the product is supported.
Testing
At regular intervals, our products are reviewed by independent IT security companies. Both automated and manual penetration tests are used here. Essentially, the following standards and guidelines are appropriated:
✓ Guideline Penetration Tests of the Federal Office for Information Security
✓ OWASP Testing Guide Version 4
✓ OWASP Application Security Verification Standard v.3 – level 2
It is important for us to establish a dialogue between developers and pentesters. That’s why a penetration test always consists of the test itself and an intensive dialogue between Pentester and the developer in the aftermath.
Since then, there have been established certification procedures for IT security products for critical applications (e.g., military, government, etc.). For classical industrial applications there are various certification possibilities, such as the standard IEC62443. In cooperation with TeleTrusT, a test catalog was developed for this, which is used for our products. In addition, the published “state of the art” (“Stand der Technik”) technology from TeleTrusT is an important tool for our product development.
SECURITY STRATEGY OVERVIEW
Our Product Security Incident Response Team (PSIRT) monitors how new threats and newly discovered technology vulnerabilities can affect our products. They are ready to respond immediately to security alerts, reports or test reports.
Our memberships
TELETRUST - IT SECURITY ASSOCIATION GERMANY
We are a member of TeleTrusT – Bundesverband IT-Sicherheit e.V. and develop our products based on current IT security guidelines. TeleTrusT is a competence network that includes domestic and foreign members from industry, administration and science as well as thematically related partner organizations. Our CEO and CTO represents TeleTrusT at the European Cyber Security Organisation (ECSO), where he is active in several working groups.
ALLIANCE FOR CYBER SECURITY
CERT@VDE
VDMA
MB connect line is a member of the German Engineering Federation (VDMA). Through dialogue with industry experts and participation in specialized working groups, we are able to identify trends, standards, and technological developments at an early stage. This allows us to incorporate innovations and best practices directly into our solutions – ensuring greater efficiency, safety, and future-readiness for our customers.
Get our Security Whitepaper
You want to learn more about our Industrial Security Standards? Order our latest Security Whitepaper now.
