A method includes generating at least one access vector associated with a specified device in an industrial process control and automation system. The specified device has one of multiple device roles. The at least one access vector is generated based on one or more communication policies defining communications between one or more pairs of devices roles in the industrial process control and automation system, where each pair of device roles includes the device role of the specified device. The method also includes providing the at least one access vector to at least one of the specified device and one or more other devices in the industrial process control and automation system in order to control communications to or from the specified device.
GOVERNMENT LICENSE RIGHTS
 This invention was made with government support under Contract No. DE-OE0000544 awarded by the U.S. Department of Energy. The government has certain rights in the invention.