PLC Security Audit Checklist Form
Use this checklist to document PLC security controls, identify gaps, and record remediation actions during a security audit.
Audit Identification
Date of Audit
*
-
Month
-
Day
Year
Date
Site/Facility Name
*
Department/Area
PLC System Name or Asset Identifier
*
PLC Make/Model
PLC Serial or Asset Tag
Audit Type/Scope
*
Initial Audit
Periodic Audit
Post-Incident Audit
Follow-Up Audit
Other
PLC Environment Details
PLC vendor/manufacturer
*
Firmware version
*
Engineering software/version used
PLC operating mode/status
*
Run
Stop
Maintenance
Unknown
Network connection type
*
Isolated
Segmented
Flat network
Remote access
Unknown
Connected to other OT/IT systems
*
Yes
No
Unknown
Access Control and Authentication Checks
Who has access to the PLC or engineering workstation?
*
Are unique user accounts used for individual access?
*
Compliant
Partially compliant
Non-compliant
Not applicable
Are shared or default credentials in use?
*
Compliant
Partially compliant
Non-compliant
Not applicable
Which access controls are implemented where applicable?
Unique user accounts
Strong authentication
Lockout after repeated failed attempts
Multi-factor authentication
Role-based access control
Session timeout
Other
Is remote access to the PLC or engineering workstation enabled?
*
Compliant
Partially compliant
Non-compliant
Not applicable
Are password and lockout controls enforced where applicable?
*
Compliant
Partially compliant
Non-compliant
Not applicable
Overall access control and authentication status
*
Compliant
Partially compliant
Non-compliant
Not applicable
Network and Communications Security
Firewall or network segmentation present?
*
Yes
No
Partial
Unknown
Allowed inbound and outbound connections
Engineering workstation
HMI/SCADA server
Historian
Remote maintenance gateway
Time synchronization service
Patch management server
Email or internet access
Other
Secure protocols in use
TLS
VPN
SSH
SFTP
HTTPS
OPC UA
MQTT over TLS
Other
Unsecured services or ports observed
Telnet
FTP
HTTP
SNMPv1/v2c
Modbus/TCP without encryption
DNP3 without secure authentication
Open remote desktop service
Other
Remote vendor access controlled and approved?
Yes, tightly controlled
Yes, but limited controls
No
Not applicable
Unknown
Observed weaknesses or exceptions
Firmware, Software, and Patch Status
Last firmware update date
-
Month
-
Day
Year
Date
Patch status
*
Up to date
Pending
Overdue
Unknown
Unsupported or end-of-life status
*
No
Yes
Unknown
Approved change management for updates
*
Yes
No
Not applicable
Antivirus or endpoint protection on engineering workstations
Yes
No
Not applicable
Unknown
Known missing updates or version concerns
Physical Security and Environmental Protection
Physical safeguards in place
*
Cabinet/enclosure locked
Restricted room access
Tamper-evident seals or indicators
Cables and ports protected
Removable media access controlled
Backup power or UPS present
Environmental controls in place
Other
Overall physical protection level
*
1
2
3
4
5
Cabinet or enclosure secured
*
Yes
No
N/A
Room or area access restricted
*
Yes
No
N/A
Backup power or UPS available
Yes
No
N/A
Observations and notes
Backup, Recovery, and Resilience
Configuration backup available?
*
Available
Partial
Missing
Unknown
Backup frequency
Please Select
Continuous
Daily
Weekly
Monthly
Ad hoc
Not scheduled
Unknown
Backup storage location
Restore test performed?
Yes
No
Planned
Unknown
Recovery notes and gaps
Logging, Monitoring, and Incident Detection
Security/event logs enabled?
*
Yes
No
Partial
Not Applicable
Logs reviewed regularly?
*
Yes
No
Partial
Not Applicable
Alerting configured
Log alerts
Email notifications
SMS notifications
SCADA/HMI alarms
Central monitoring platform
Other
Incident response contact or escalation process
*
Time synchronization present?
*
Yes
No
Partial
Not Applicable
Suspicious activity observed during review?
*
Yes
No
Partial
Not Applicable
Findings, Risk, and Remediation
Overall Risk Level
*
Please Select
Low
Medium
High
Critical
Findings
*
Finding 1: Short Summary
Finding 1: Severity
Please Select
Low
Medium
High
Critical
Finding 1: Recommended Remediation
Finding 1: Owner Responsible
Finding 1: Target Completion Date
-
Month
-
Day
Year
Date
Auditor Information and Submission
Auditor Name
*
First Name
Middle Name
Last Name
Role / Title
*
Organization / Company
*
Contact Email
*
example@example.com
Final Audit Summary / Overall Comments
Submission Status
Please Select
Completed
Needs Follow-up
Escalated
Submit Audit
Should be Empty: