• PLC Security Audit Checklist Form

    Use this checklist to document PLC security controls, identify gaps, and record remediation actions during a security audit.
  • Audit Identification

  • Date of Audit*
     - -
  • Audit Type/Scope*
  • PLC Environment Details

  • PLC operating mode/status*
  • Network connection type*
  • Connected to other OT/IT systems*
  • Access Control and Authentication Checks

  • Are unique user accounts used for individual access?*
  • Are shared or default credentials in use?*
  • Which access controls are implemented where applicable?
  • Is remote access to the PLC or engineering workstation enabled?*
  • Are password and lockout controls enforced where applicable?*
  • Overall access control and authentication status*
  • Network and Communications Security

  • Firewall or network segmentation present?*
  • Allowed inbound and outbound connections
  • Secure protocols in use
  • Unsecured services or ports observed
  • Remote vendor access controlled and approved?
  • Firmware, Software, and Patch Status

  • Last firmware update date
     - -
  • Patch status*
  • Unsupported or end-of-life status*
  • Approved change management for updates*
  • Antivirus or endpoint protection on engineering workstations
  • Physical Security and Environmental Protection

  • Physical safeguards in place*
  • Cabinet or enclosure secured*
  • Room or area access restricted*
  • Backup power or UPS available
  • Backup, Recovery, and Resilience

  • Configuration backup available?*
  • Restore test performed?
  • Logging, Monitoring, and Incident Detection

  • Security/event logs enabled?*
  • Logs reviewed regularly?*
  • Alerting configured
  • Time synchronization present?*
  • Suspicious activity observed during review?*
  • Findings, Risk, and Remediation

  • Finding 1: Target Completion Date
     - -
  • Auditor Information and Submission

  • Should be Empty:
Select theme:
  • Default
  • Blue
  • Red
  • Brown
  • Green
  • Black
  • Pink
  • Dark Blue
  • Purple