Post-Session Audit

Security Verification Checklist for Remote OT Access

Doc ID: TAG-OT-CHK-01
Issue Date: Feb 2026
Ref: IACS UR E26 §4.2.3

Auth ID:

System:

Complete all checks immediately after the vendor confirms departure.

	Physical Isolation: If a physical key-switch or bridge cable is used, has it been returned to the OFF/Disconnected position?
	Logical Isolation: Has the Firewall Policy Status been set to DISABLED? (Verify in GUI/Console)
	Session Purge: Has the ‘diagnose sys session clear’ (or equivalent) command been run to force-drop existing TCP heartbeats?
	User Verification: Check the HMI/PLC User Management screen. Are there any active sessions labeled “Admin” or “Vendor”?
	Integrity Scan: Review the system for any new accounts created during the session. Delete any unauthorized local users.

Actual Termination (UTC):
Comments/Anomalies:

Verified By (ETO):

Signature & Rank

Get the full editable TAG-OT-CHK-01 and our IACS-compliant IAM playbook.