TAGSIA.COM
Post-Session Audit
Security Verification Checklist for Remote OT Access
Doc ID: TAG-OT-CHK-01
Issue Date: Feb 2026
Ref: IACS UR E26 §4.2.6
Issue Date: Feb 2026
Ref: IACS UR E26 §4.2.6
1. SESSION CONTEXT
| Auth ID: | System: |
2. TERMINATION VERIFICATION
Complete all checks immediately after the vendor confirms departure.
| Physical Isolation: If a physical key-switch or bridge cable is used, has it been returned to the OFF/Disconnected position? | |
| Logical Isolation: Has the Firewall Policy Status been set to DISABLED? (Verify in GUI/Console) | |
| Session Purge: Has the ‘diagnose sys session clear’ (or equivalent) command been run to force-drop existing TCP heartbeats? | |
| User Verification: Check the HMI/PLC User Management screen. Are there any active sessions labeled “Admin” or “Vendor”? | |
| Integrity Scan: Review the system for any new accounts created during the session. Delete any unauthorized local users. |
3. AUDIT CONCLUSION
| Actual Termination (UTC): | |
| Comments/Anomalies: |
Verified By (ETO):
Signature & Rank
