Security in the Communication Layer has to be supported as required for the supported Transport, including application authentication and secure communication.
The Server is obligated to minimally support user authentication with UserName/Password.
Clientshave to support passing UserName/Password or X.509 certificates as required by the Server.
Security, including encryption, signing, and user authentication is a core element for OPC UA applications and is therefore part of the OPC Foundation stacks.
It is required except for lowest-level embedded solutions that will be secured by means outside the scope of OPC UA.