Questions and Answers

If you have questions about a CIMCO software product, we recommend that you first check our documentation. If you cannot find the answer to your question, you are always welcome to contact us at support@cimco.com.

General

Why do I see a Microsoft Defender SmartScreen warning when running a CIMCO installer?

CIMCO installers are digitally signed to ensure authenticity and integrity. After a recent update to our code signing certificate, Windows may temporarily show a Microsoft Defender SmartScreen warning when downloading or running a CIMCO installer.

What serial hardware is supported by CIMCO?

Most standard serial hardware is supported. Hardware from Moxa, Digi, Quatech and Sena are all supported.

I need to reinstall CIMCO but I don’t have the software anymore.

Send an email to sales@cimco.com with your company details and we will send you a link to download the software.

I have reinstalled CIMCO and now I need a new activation key.

Please contact your reseller to have the activation reset.

What is the difference between a standard DNC port and a protocol port?

A standard DNC port works with Fanuc, Okuma, Gildemeister and other standard RS232 links using hardware or software handshake, such as RTS/CTS.

If you connect a Heidenhain machine in FE mode, Mazak in Mazatrol mode, or any other machine using a communication protocol, you have to use a DNC port that includes protocols. This is also the case if you have a networking machine and use the network monitoring protocol, FTP, or similar.

Is CIMCO software affected by the Apache Log4j vulnerability?

In early December 2021, a critical vulnerability was discovered in the widely used logging tool Log4j, which is normally used by software developers to record user activity and application behavior for later review.

The Log4j framework is Java-based and distributed by the nonprofit Apache Software Foundation. https://logging.apache.org/log4j

None of CIMCO’s software is based on Java, Apache, or uses the Log4j framework, and is therefore not affected by the Log4j vulnerability/CVE.

Download:
CIMCO’s response to the Apache Log4j vulnerability

CIMCO Security and Compliance

Security Philosophy & Deployment Model

What is CIMCO’s overall security approach?

CIMCO follows a defense-in-depth security model, combining application-level controls with customer-managed infrastructure protections. Our solutions are typically deployed within the customer’s environment, ensuring full control over data, access, and network security boundaries.

Is CIMCO a cloud-only SaaS solution?

CIMCO offers on-premise and private-cloud deployments. This minimizes exposure to multi-tenant risks and allows customers to enforce their own security and compliance requirements.

Who controls the infrastructure?

The customer controls the infrastructure. CIMCO software runs within the customer-managed environment, where the customer can apply its own policies for servers, storage, firewalling, antivirus/EDR, backup, logging, and disaster recovery.

Identity & Access Management

How is user access controlled?

CIMCO enforces role-based access control (RBAC), allowing administrators to define granular permissions aligned with least-privilege principles.

Does CIMCO support enterprise identity providers?

CIMCO Software supports Active Directory and is actively being enhanced to support additional centralized authentication and SSO frameworks.

Are unique user identities enforced?

Yes. Each user is assigned a unique identifier, ensuring accountability and traceability across system interactions.

Is user activity tracked?

CIMCO supports system-level visibility into operations, with ongoing enhancements focused on expanded auditing and traceability capabilities.

Data Protection & Encryption

How is sensitive data protected?

CIMCO supports strong encryption standards, including:

Data in transit: TLS 1.2/1.3
Data at rest: AES-256, when enabled within customer infrastructure

Is SHA-256 hashing used?

Yes. CIMCO supports the use of SHA-256 hashing algorithms as part of secure data handling and integrity verification practices, consistent with industry standards.

Are secure protocols enforced?

Yes. CIMCO promotes the use of modern, secure communication protocols where applicable. For industrial environments, gateway-based architectures such as OT-Max can help isolate legacy machine protocols from the wider company network.

How are OT/industrial communications secured?

CIMCO supports secure gateway architectures that isolate machine communications and mitigate risks associated with legacy industrial protocols.

Network Security & System Hardening

What network security controls are expected?

CIMCO software is designed to operate within segmented, firewall-protected environments. Recommended controls include network isolation, controlled ingress and egress, secure zones for IT and OT systems, and restricted administrative access.

Who is responsible for server and operating-system hardening?

The customer normally manages the operating system, server hardening, patching, endpoint protection, monitoring, backup, and firewall policies. CIMCO can provide product guidance, but the deployment environment remains customer-controlled.

Can CIMCO software be deployed in secure zones?

Yes. CIMCO software can be deployed in controlled network zones where access is limited to approved users, approved systems, and required services only.

Are systems monitored for threats?

CIMCO software is deployed within customer-managed infrastructure, where threat monitoring is handled by the customer’s IT/security tools and policies. CIMCO supports deployment in monitored and segmented environments and can provide detailed system logs and operational information where applicable to support customer-led monitoring, investigation, and incident response.

Integration Security

Does CIMCO support enterprise system integration?

Yes. CIMCO integrates with ERP systems, SQL databases, and other enterprise platforms while maintaining secure data exchange practices.

How are file transfers secured?

Secure transfer methods are supported where applicable, with additional safeguards for environments requiring machine-level communication.

Regulatory Compliance & Data Governance

How does CIMCO support regulatory compliance, such as ITAR/EAR?

CIMCO enables compliance through:

Strict access controls
Support for encryption of controlled technical data
Support for role-based access to information
Support for policies restricting access by unauthorized or foreign persons

Does CIMCO store personal data (PII)?

No. CIMCO solutions are not designed to process or store PII, significantly reducing exposure to privacy regulations such as GDPR or CCPA.

Infrastructure & Deployment Security

What infrastructure is required?

CIMCO operates within customer-managed infrastructure, which may include:

On-premise servers or private cloud, such as Azure
Network segmentation and firewall controls
Optional secure hardware components, such as OT gateways

Is cloud deployment supported?

Yes. CIMCO supports deployment in secure cloud environments, allowing customers to leverage enterprise-grade cloud security controls.

Monitoring, Incident Response & Continuous Improvement

How are security incidents handled?

CIMCO supports customer-led incident response processes and commits to prompt notification and remediation support in the event of compliance or security issues.

How does CIMCO improve security over time?

Security is continuously enhanced through:

Product development initiatives, such as SSO and auditing improvements
Alignment with evolving industry standards
Customer feedback and security assessments

OT-Max Security

What is OT-Max?

OT-Max is a secure communication gateway for industrial environments. It is designed to sit between the company network and the machine network, so communication with CNC machines and other industrial equipment can be separated, controlled, and limited to the required services and protocols.

This helps avoid exposing legacy or vendor-specific machine protocols directly to the wider company network.

How does OT-Max separate the company network from the machine network?

OT-Max uses two Ethernet interfaces:

ETH0 is used for the company network.
ETH1 is used for the machine network.

This keeps company-side systems and machine-side devices on separate network segments. Machines communicate on the machine side, while approved users and systems access OT-Max from the company side through configured services.

Does OT-Max include firewall controls?

Yes. OT-Max includes configurable firewall rules to control which traffic is allowed, blocked, or forwarded between the company side and the machine side.

This helps limit access to approved hosts, ports, and required services.

Which secure file transfer methods can be used on the company side?

OT-Max supports modern file transfer methods on the company side, including SMB3 and SFTP.

SMB3 can be used for company-side file sharing and access to configured shares.
SFTP can be used for secure file transfer to and from OT-Max.

Which machine-side communication protocols does OT-Max support?

OT-Max supports the following machine-side file transfer and machine data protocols.

File transfer / machine access protocols:

SMB1
FTP
NFS

Machine data protocols:

FANUC FOCAS
HAAS M-NET / NGC
Heidenhain LSV-2
Modbus TCP
MTConnect
OPC UA
Siemens S7

The required protocol depends on the machine control, device type, and customer site configuration. Protocols should only be enabled where required for the specific machine or integration.

What are the customer’s responsibilities when deploying OT-Max?

OT-Max is deployed as part of the customer’s IT and OT infrastructure and is maintained by the customer according to their own security, network, patching, and change-management policies.

CIMCO can assist with configuration and setup based on the customer’s requirements, machine environment, and network design.