iTeh Standards logo
EURUSD
Your shopping cart is empty.
IEC

IEC TR 63486:2024

(Main)

Nuclear facilities - Instrumentation, control and electrical power systems - Cybersecurity risk management approaches

Nuclear facilities - Instrumentation, control and electrical power systems - Cybersecurity risk management approaches

IEC TR 63486:2024 provides a cybersecurity framework for digital I&C programmable systems [2]. IEC 62645 [1] aligns strongly with the information security management system (ISMS) elements detailed within ISO/IEC 27001:2013 [2]. The ISO/IEC ISMS structure corresponds to the “I&C digital programmable system cybersecurity program” in the context (as defined in 5.2.1 of IEC 62645:2019 [1]).
The scope of this document is to capture the national and international cyber-risk approaches employed to manage cybersecurity risks associated with Instrumentation and Control (I&C) and Electrical Power Systems (EPS) at a Nuclear Power Plant (NPP).
This document summarizes an evaluation of cyber-risk approaches that are in use by nuclear facility operators to manage cybersecurity risks.
The scope of this document generally follows the exclusions of IEC 62645 which are:
- Non-malevolent actions and events such as accidental failures, human errors (except those stated above, such as impacting the performance of cybersecurity controls), and natural events. In particular, good practices for managing applications and data, including backup and restoration related to accidental failure, are out of scope.
This document summarizes key insights of the international and cyber-risk approaches used at NPPs regarding the application of ISO/IEC 27005:2018 [5]. The evaluation is based on 11 challenges to cybersecurity risk management and their applicability to NPP risk management. The challenges are detailed in Clause 7. This document also relates the risk management elements of IEC 62645 and IEC 63096.

General Information

Status
Published
Publication Date
12-Sep-2024
ICS
27.100 - Power stations in general
27.120.20 - Nuclear power plants. Safety
Technical Committee
SC 45A - Instrumentation, control and electrical power systems of nuclear facilities
Current Stage
PPUB - Publication issued
Start Date
13-Sep-2024
Completion Date
19-Jul-2024
Ref Project
IEC TR 63486:2024 - Nuclear facilities - Instrumentation, control and electrical power systems - Cybersecurity risk management approaches Isbn:9782832293805IEC TR 63486:2024 - Nuclear facilities - Instrumentation, control and electrical power systems - Cybersecurity risk management approaches Isbn:9782832293805
PreviousNext
Technical report
IEC TR 63486:2024 - Nuclear facilities - Instrumentation, control and electrical power systems - Cybersecurity risk management approaches Isbn:9782832293805
English language
160 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


IEC TR 63486 ®
Edition 1.0 2024-09
TECHNICAL
REPORT
colour
inside
Nuclear facilities – Instrumentation, control and electrical power systems –
Cybersecurity risk management approaches
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.
IEC Secretariat Tel.: +41 22 919 02 11
3, rue de Varembé info@iec.ch
CH-1211 Geneva 20 www.iec.ch
Switzerland
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.
About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigendum or an amendment might have been published.
IEC publications search - webstore.iec.ch/advsearchform IEC Products & Services Portal - products.iec.ch
The advanced search enables to find IEC publications by a Discover our powerful search engine and read freely all the
variety of criteria (reference number, text, technical publications previews, graphical symbols and the glossary.
committee, …). It also gives information on projects, replaced With a subscription you will always have access to up to date
and withdrawn publications. content tailored to your needs.
IEC Just Published - webstore.iec.ch/justpublished
Electropedia - www.electropedia.org
Stay up to date on all new IEC publications. Just Published
The world's leading online dictionary on electrotechnology,
details all new publications released. Available online and once
containing more than 22 500 terminological entries in English
a month by email.
and French, with equivalent terms in 25 additional languages.
Also known as the International Electrotechnical Vocabulary
IEC Customer Service Centre - webstore.iec.ch/csc
(IEV) online.
If you wish to give us your feedback on this publication or need
further assistance, please contact the Customer Service
Centre: sales@iec.ch.
IEC TR 63486 ®
Edition 1.0 2024-09
TECHNICAL
REPORT
colour
inside
Nuclear facilities – Instrumentation, control and electrical power systems –
Cybersecurity risk management approaches
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
ICS 27.120.20; 27.100 ISBN 978-2-8322-9380-5
– 2 – IEC TR 63486:2024  IEC 2024
CONTENTS
FOREWORD . 13
INTRODUCTION . 15
1 Scope . 17
1.1 General . 17
1.2 Framework . 20
1.3 Limitations . 20
2 Normative references . 20
3 Terms and definitions . 20
4 Abbreviated terms . 25
5 IEC 62645 risk management elements . 27
5.1 General . 27
5.2 Assignment of security degrees in the management of risk . 27
5.3 Safety correlation . 28
6 NPP cyber risk management challenges and analyses . 28
6.1 General . 28
6.2 Challenge 1: Aggregate risk of multiple units / locations. 31
6.3 Challenge 2: Complexity of interdependencies and interactions . 32
6.4 Challenge 3: Incident likelihood determination . 32
6.5 Challenge 4: Unknown or lacking sufficient detail for pre-developed
components . 32
6.6 Challenge 5: Differences in cyber-risk management . 33
6.7 Challenge 6: Lack of abstract analysis methods . 33
6.8 Challenge 7: Uncertainty in vulnerability / Susceptibility analysis . 33
6.9 Challenge 8: Adversary characterization uncertainty . 34
6.10 Challenge 9: Excessive information volume . 34
6.11 Challenge 10: Lack of a common and comprehensive risk management
process . 34
6.12 Challenge 11: Advanced security capabilities incompatibility . 35
7 Cyber-risk approaches versus challenges by ISO/IEC 27005 . 35
7.1 General . 35
7.2 ISO/IEC 27005:2018, 7.1 General considerations . 35
7.2.1 Summary . 35
7.2.2 Applicable challenges . 36
7.2.3 Summary of key approaches . 36
7.2.4 Cross-reference table (Table 4) . 37
7.3 ISO/IEC 27005:2018, 7.2 Basic criteria . 37
7.3.1 Summary . 37
7.3.2 Applicable challenges . 37
7.3.3 Key approaches . 38
7.3.4 Cross-reference table (Table 6) . 40
7.4 ISO/IEC 27005:2018, 7.3 Scope and boundaries . 40
7.4.1 Summary . 40
7.4.2 Applicable challenges . 40
7.4.3 Key approaches . 41
7.4.4 Cross-reference table (Table 8) . 42
7.5 ISO/IEC 27005:2018, 7.4 Organization for information security risk
management . 42

7.5.1 Summary . 42
7.5.2 Applicable challenges . 42
7.5.3 Key approaches . 43
7.5.4 Cross-reference table (Table 10) . 43
7.6 ISO/IEC 27005:2018, 8.1 General description of information security risk

assessment. 44
7.6.1 Summary . 44
7.6.2 Applicable challenges . 44
7.6.3 Key approaches . 44
7.6.4 Cross-reference table (Table 12) . 45
7.7 ISO/IEC 27005:2018, 8.2 Risk identification . 45
7.7.1 Summary . 45
7.7.2 Applicable challenges . 46
7.7.3 Key approaches . 46
7.7.4 Cross-reference table (Table 14) . 48
7.8 ISO/IEC 27005:2018, 8.3 Risk analysis . 48
7.8.1 Summary . 48
7.8.2 Applicable challenges . 49
7.8.3 Key approaches . 49
7.8.4 Cross-reference table (Table 16) . 51
7.9 ISO/IEC 27005:2018, 8.4 Risk evaluation . 51
7.9.1 Summary . 51
7.9.2 Applicable challenges . 51
7.9.3 Key approaches . 52
7.9.4 Cross-reference table (Table 18) . 53
7.10 ISO/IEC 27005:2018, 9.1 General description of risk treatment . 54
7.10.1 Summary . 54
7.10.2 Applicable challenges . 54
7.10.3 Key approaches . 54
7.10.4 Cross-reference table (Table 20) . 55
7.11 ISO/IEC 27005:2018, 9.2 Risk modification . 55
7.11.1 Summary . 55
7.11.2 Applicable challenges . 56
7.11.3 Key approaches . 56
7.11.4 Cross-reference table (Table 22) . 57
7.12 ISO/IEC 27005:2018, 9.3 Risk retention . 58
7.12.1 Summary . 58
7.12.2 Applicable challenges . 58
7.12.3 Key approaches . 58
7.12.4 Cross-reference table (Table 23) . 59
7.13 ISO/IEC 27005:2018, 9.4 Risk avoidance . 59
7.13.1 Summary . 59
7.13.2 Applicable challenges . 59
7.13.3 Key approaches . 60
7.13.4 Cross-reference table (Table 25) . 60
7.14 ISO/IEC 27005:2018, 9.5 Risk sharing . 60
7.14.1 Summary . 60
7.14.2 Applicable challenges . 60
7.14.3 Key approaches . 61

– 4 – IEC TR 63486:2024  IEC 2024
7.14.4 Cross-reference table (Table 27) . 61
7.15 ISO/IEC 27005:2018, Clause 10 Information security risk acceptance . 61
7.15.1 Summary . 61
7.15.2 Applicable challenges . 62
7.15.3 Key approaches . 62
7.15.4 Cross-reference table (Table 29) . 63
7.16 ISO/IEC 27005:2018, Clause 11 Information security risk communication and
consultation . 63
7.16.1 Summary . 63
7.16.2 Applicable challenges . 63
7.16.3 Key approaches . 64
7.16.4 Cross-reference table (Table 31) . 65
7.17 ISO/IEC 27005:2018, Clause 12 Security risk monitoring and review . 65
7.17.1 Summary . 65
7.17.2 Applicable challenges . 65
7.17.3 Key approaches . 66
7.17.4 Cross-reference table (Table 33) . 67
7.18 Overall summary of approaches to challenges . 67
8 Conclusions . 68
Annex A (informative) Chinese approach . 71
A.1 Summary of general approach . 71
A.2 ISO/IEC 27005:2018, 7.1 Context establishment . 71
A.3 ISO/IEC 27005:2018, 7.2 Basic criteria . 72
A.4 ISO/IEC 27005:2018, 8.1 General description of information security risk
assessment. 72
A.5 ISO/IEC 27005:2018, 8.2 Risk identification . 72
A.6 ISO/IEC 27005:2018, 8.3 Risk analysis . 74
A.7 ISO/IEC 27005:2018, 8.4 Risk evaluation . 74
A.8 ISO/IEC 27005:2018, 9.1 General description of risk treatment . 74
A.9 ISO/IEC 27005:2018, 9.2 Risk modification . 75
A.10 ISO/IEC 27005:2018, 9.3 Risk retention . 75
A.11 ISO/IEC 27005:2018, Clause 10 Information security risk acceptance . 75
A.12 ISO/IEC 27005:2018, Clause 12 Security risk monitoring and review . 76
Annex B (informative) Cyber informed engineering . 77
B.1 Summary of general approach . 77
B.2 ISO/IEC 27005:2018, 7.1 General considerations . 78
B.3 ISO/IEC 27005:2018, 7.2 Basic criteria . 78
B.4 ISO/IEC 27005:2018, 7.3 Scope and boundaries . 79
B.5 ISO/IEC 27005:2018, 8.1 General description of information security risk
assessment. 79
B.6 ISO/IEC 27005:2018, 8.2 Risk identification . 79
B.7 ISO/IEC 27005:2018, 8.3 Risk analysis . 80
B.8 ISO/IEC 27005:2018, 9.2 Risk modification . 80
B.9 ISO/IEC 27005:2018, 9.4 Risk avoidance . 81
B.10 ISO/IEC 27005:2018, 9.5 Risk sharing . 81
B.11 ISO/IEC 27005:2018, Clause 11 Information security risk communication and
consultation . 81
B.12 ISO/IEC 27005:2018, Clause 12 Security risk monitoring and review . 82
B.13 Reference documents . 82

Annex C (informative) French approach . 83
C.1 Summary of general approach . 83
C.2 EBIOS . 83
C.2.1 General . 83
C.2.2 EBIOS 2010. 83
C.2.3 EBIOS RM . 85
C.2.4 Mapping between modules/workshops from EBIOS methods and
challenges . 86
C.3 ISO/IEC 27005:2018, 7.2 Basic criteria . 87
C.4 ISO/IEC 27005:2018, 7.3 Scope and boundaries . 87
C.5 ISO/IEC 27005:2018, 7.4 Organization for information security risk
management . 88
C.6 ISO/IEC 27005:2018, 8.2 Risk identification . 88
C.7 ISO/IEC 27005:2018, 8.3 Risk analysis . 89
C.8 ISO/IEC 27005:2018, 8.4 Risk evaluation . 89
C.9 ISO/IEC 27005:2018, 9.1 General description of risk treatment . 90
C.10 ISO/IEC 27005:2018, 9.2 Risk modification . 90
C.11 ISO/IEC 27005:2018, 9.3 Risk retention . 91
C.12 ISO/IEC 27005:2018, 9.4 Risk avoidance . 92
C.13 ISO/IEC 27005:2018, Clause 10 Information security risk acceptance . 92
C.14 ISO/IEC 27005:2018, Clause 11 Information security risk communication and

consultation . 93
C.15 ISO/IEC 27005:2018, Clause 12 Security risk monitoring and review . 93
Annex D (informative) German approach . 95
D.1 Summary of general approach . 95
D.2 ISO/IEC 27005:2018, 7.1 General considerations . 95
D.3 ISO/IEC 27005:2018, 7.2 Basic criteria . 95
D.4 ISO/IEC 27005:2018, 7.3 Scope and boundaries . 96
D.5 ISO/IEC 27005:2018, 8.1 General description of information security risk
assessment. 96
D.6 ISO/IEC 27005:2018, 8.2 Risk identification . 96
D.7 ISO/IEC 27005:2018, 8.3 Risk analysis . 97
D.8 ISO/IEC 27005:2018, 8.4 Risk evaluation . 97
D.9 ISO/IEC 27005:2018, 9.1 General description of risk treatment . 97
D.10 ISO/IEC 27005:2018, 9.2 Risk modification . 97
D.11 ISO/IEC 27005:2018, 9.3 Risk retention . 98
D.12 ISO/IEC 27005:2018, 9.4 Risk avoidance . 98
D.13 ISO/IEC 27005:2018, 9.5 Risk sharing . 98
D.14 ISO/IEC 27005:2018, Clause 10 Information security risk acceptance . 98
D.15 ISO/IEC 27005 :2018,Clause 11 Information security risk communication and
consultation . 99
D.16 ISO/IEC 27005:2018, Clause 12 Security risk monitoring and review . 99
Annex E (informative) Harmonized threat and risk assessment (Canada) . 100
E.1 ISO/IEC 27005:2018, 7.2 Basic criteria . 100
E.2 ISO/IEC 27005:2018, 7.3 Scope and boundaries . 100
E.3 ISO/IEC 27005:2018, 7.4 Organization for information security risk
management . 101
E.4 ISO/IEC 27005:2018, 8.1 General description of information security risk
assessment. 101
E.5 ISO /IEC 27005:2018, 8.2 Risk identification . 102

– 6 – IEC TR 63486:2024  IEC 2024
E.6 ISO/IEC 27005:2018, 8.3 Risk analysis . 104
E.7 ISO/IEC 27005:2018, 8.4 Risk evaluation . 104
E.8 ISO/IEC 27005:2018, 9.1 General description of risk treatment . 104
E.9 ISO/IEC 27005:2018, 9.2 Risk modification . 105
E.10 ISO/IEC 27005:2018, 9.3 Risk retention . 105
E.11 ISO/IEC 27005:2018, 9.4 Risk avoidance . 105
E.12 ISO/IEC 27005:2018, Clause 10 Information security risk acceptance . 105
E.13 ISO/IEC 27005:2018, Clause 11 Information security risk communication and
consultation . 106
E.14 ISO/IEC 27005:2018, 12 Security risk monitoring and review . 106
E.15 Reference document . 107
Annex F (informative) HAZCADS approach . 108
F.1 Summary of general approach . 108
F.2 ISO/IEC 27005:2018, 7.1 General considerations . 109
F.3 ISO/IEC 27005:2018, 7.2 Basic criteria . 110
F.4 ISO/IEC 27005:2018,7.3 Scope and boundaries . 110
F.5 ISO/IEC 27005:2018, 8.1 General description of information security risk
assessment. 111
F.6 ISO/IEC 27005:2018, 8.2 Risk identification . 111
F.7 ISO/IEC 27005:2018, 8.3 Risk analysis . 112
F.8 ISO/IEC 27005:2018, 8.4 Risk evaluation . 113
F.9 ISO/IEC 27005:2018, 9.1 General description of risk treatment . 113
F.10 ISO/IEC 27005:2018, 9.2 Risk modification . 113
F.11 ISO/IEC 27005:2018, Clause 11 Information security risk communication and
consultation . 113
F.12 Reference documents . 114
Annex G (informative) IAEA computer security risk management . 115
G.1 Summary of general approach . 115
G.2 ISO/IEC 27005:2018, 7.1 General considerations . 116
G.3 ISO/IEC 27005:2018, 7.2 Basic criteria . 116
G.4 ISO/IEC 27005:2018, 7.3 Scope and boundaries . 117
G.5 ISO/IEC 27005:2018, 7.4 Organization for information security risk
management . 118
G.6 ISO/IEC 27005:2018, 8.1 General description of information security risk
assessment. 118
G.7 ISO/IEC 27005:2018, 8.2 Risk identification . 118
G.8 ISO/IEC 27005:2018, 8.3 Risk analysis . 119
G.9 ISO/IEC 27005:2018, 8.4 Risk evaluation . 120
G.10 ISO/IEC 27005:2018, 9.1 General description of risk treatment . 120
G.11 ISO/IEC 27005:2018, 9.2 Risk modification . 121
G.12 ISO/IEC 27005:2018, 9.3 Risk retention . 121
G.13 ISO/IEC 27005:2018, 9.4 Risk avoidance . 121
G.14 ISO/IEC 27005:2018, 9.5 Risk sharing . 121
G.15 ISO/IEC 27005:2018, Clause 10 Information security risk acceptance . 122
G.16 ISO/IEC 27005:2018, Clause 11 Information security risk communication and
consultation . 122
G.17 ISO/IEC 27005:2018, Clause 12 Security risk monitoring and review . 122
Annex H (informative) IEC 62443 . 123
H.1 Summary of general approach . 123
H.2 ISO/IEC 27005:2018, 7.1 General considerations . 124

H.3 ISO/IEC 27005:2018, 7.2 Basic criteria . 125
H.4 ISO/IEC 27005:2018, 7.3 Scope and boundaries . 125
H.5 ISO/IEC 27005:2018,7.4 Organization for information security risk
management . 125
H.6 ISO/IEC 27005:2018, 8.1 General description of information security risk

assessment. 126
H.7 ISO/IEC 27005:2018, 8.2 Risk identification . 126
H.8 ISO/IEC 27005:2018, 8.3 Risk analysis . 127
H.9 ISO/IEC 27005:2018, 8.4 Risk evaluation . 128
H.10 ISO/IEC 27005:2018, 9.1 General description of risk treatment . 128
H.11 ISO/IEC 27005:2018, 9.2 Risk modification . 128
H.12 ISO/IEC 27005:2018, 9.3 Risk retention . 129
H.13 ISO/IEC 27005:2018, 9.4 Risk avoidance . 129
H.14 ISO/IEC 27005:2018, 9.5 Risk sharing . 129
H.15 ISO/IEC 27005:2018, Clause 10 Information security risk acceptance . 129
H.16 ISO/IEC 27005:2018, Clause 11 Information security risk communication and
consultation . 129
H.17 ISO/IEC 27005:2018, Clause 12 Security risk monitoring and review . 130
Annex I (informative) Russian approach . 131
I.1 Summary of general approach . 131
I.2 ISO/IEC 27005:2018, 7.1 General considerations . 132
I.3 ISO/IEC 27005:2018, 7.2 Basic criteria . 132
I.4 ISO/IEC 27005:2018, 7.3 Scope and boundaries . 133
I.5 ISO/IEC 27005:2018, 7.4 Organization for information security risk
management . 133
I.6 ISO/IEC 27005:2018, 8.2 Risk identification . 134
I.7 ISO/IEC 27005:2018, 8.3 Risk analysis . 134
I.8 ISO/IEC 27005:2018, 8.4 Risk evaluation . 135
I.9 ISO/IEC 27005:2018, 9.1 General description of risk treatment . 135
I.10 ISO/IEC 27005:2018, 9.2 Risk modification . 136
I.11 ISO/IEC 27005:2018, 9.3 Risk retention . 136
I.12 ISO/IEC 27005:2018, 9.4 Risk avoidance . 136
I.13 ISO/IEC 27005:2018, Clause 10 Information security risk acceptance . 137
I.14 ISO/IEC 27005:2018, Clause 11 Information security risk communication and
consultation . 137
I.15 ISO/IEC 27005:2018, Clause 12 Security risk monitoring and review . 138
I.16 Reference documents . 138
Annex J (informative) US NRC . 139
J.1 Summary of general approach . 139
J.2 ISO/IEC 27005:2018, 7.1 Context establishment . 139
J.3 ISO/IEC 27005:2018, 7.2 Basic criteria . 140
J.4 ISO/IEC 27005:2018, 8.1 General description of information security risk
assessment. 140
J.5 ISO/IEC 27005:2018, 8.2 Risk identification . 141
J.6 ISO/IEC 27005:2018, 8.3 Risk analysis . 142
J.7 ISO/IEC 27005:2018, 8.4 Risk evaluation . 142
J.8 ISO/IEC 27005:2018, 9.1 General description of risk treatment . 143
J.9 ISO/IEC 27005:2018, 9.2 Risk modification . 144
J.10 ISO/IEC 27005:2018, 9.3 Risk retention . 144
J.11 ISO/IEC 27005:2018, Clause 10 Information security risk acceptance . 145

– 8 – IEC TR 63486:2024  IEC 2024
J.12 ISO/IEC 27005:2018, Clause 11 Information security risk communication and
consultation . 146
J.13 ISO/IEC 27005:2018, Clause 12 Security risk monitoring and review . 147
Annex K (informative) United Kingdom . 148
K.1 Summary of general approach . 148
K.2 ISO/IEC 27005:2018, 7.2 Basic criteria . 148
K.3 ISO/IEC 27005:2018,7.3 Scope and boundaries . 149
K.4 ISO/IEC 27005:2018, 7.4 Organization for information security risk
management . 151
K.5 ISO/IEC 27005:2018, 8.1 General description of information security risk
assessment. 151
K.6 ISO/IEC 27005:2018, 8.2 Risk identification . 152
K.7 ISO/IEC 27005:2018, 8.3 Risk analysis . 152
K.8 ISO/IEC 27005:2018, 8.4 Risk evaluation . 153
K.9 ISO/IEC 27005:2018, 9.1 General description of risk treatment . 154
K.10 ISO/IEC 27005:2018, 9.2 Risk modification . 154
K.11 ISO/IEC 27005:2018, 9.3 Risk retention . 155
K.12 ISO/IEC 27005:2018, Clause 10 Information security risk acceptance . 155
K.13 ISO/IEC 27005:2018, Clause 11 Information security risk communication and
consultation . 155
K.14 ISO/IEC 27005:2018, Clause 12 Security risk monitoring and review . 156
Bibliography . 157

Figure 1 – Overview of the Hierarchy of IEC SC 45A Standards Related to Cyber
Security . 19
Figure 2 – Technical Report Development Approach . 31
Figure C.1 – EBIOS 2010 Process Overview . 84
Figure C.2 – EBIOS Risk Manager Overview [11] . 85
Figure E.1 – HTRA Risk Formula (Figure B-4 of [8]) . 102
Figure F.1 – Overview of HAZCADS Method (See Reference documents, EPRI 2018) . 109
Figure H.1 – Parts of the ISA/IEC 62443 Series [39] . 124
Figure I.1 – Overview the Relation of the FSTEC Approach for Risk Assessment and
ISO/IEC 27005 . 131
Figure K.1 – UK IS/DBSy approach: Example InfoSec model . 150

Table 1 – Risk management challenges . 28
Table 2 – Cyber-risk approaches . 30
Table 3 – ISO/IEC 27005 Clause 7.1: Applicable challenges . 36
Table 4 – ISO/IEC 27005 Clause 7.1: Cross reference table . 37
Table 5 – ISO/IEC 27005 Clause 7.2: Applicable challenges . 38
Table 6 – ISO/IEC 27005 Clause 7.2: Cross reference table . 40
Table 7 – ISO/IEC 27005 Clause 7.3: Applicable challenges . 40
Table 8 – ISO/IEC 27005 Clause 7.3: Cross reference table . 42
Table 9 – ISO/IEC 27005 Clause 7.4: Applicable challenges . 43
Table 10 – ISO/IEC 27005 Clause 7.4: Cross reference table . 43
Table 11 – ISO/IEC 27005 Clause 8.1: Applicable challenges . 44
Table 12 – ISO/IEC 27005 Clause 8.1: Cross reference table . 45

Table 13 – ISO/IEC 27005 Clause 8.2: Applicable challenges . 46
Table 14 – ISO/IEC 27005 Clause 8.2: Cross reference table . 48
Table 15 – ISO/IEC 27005 Clause 8.3: Applicable challenges . 49
Table 16 – ISO/IEC 27005 Clause 8.3: Cross reference table . 51
Table 17 – ISO/IEC 27005 Clause 8.4: Applicable challenges . 52
Table 18 – ISO/IEC 27005 Clause 8.4: Cross reference table . 53
Table 19 – ISO/IEC 27005 Clause 9.1: Applicable challenges . 54
Table 20 – ISO/IEC 27005 Clause 9.1: Cross reference table . 55
Table 21 – ISO/IEC 27005 Clause 9.2: Applicable challenges . 56
Table 22 – ISO/IEC 27005 Clause 9.2: Cross reference table . 57
Table 23 – ISO/IEC 27005 Clause 9.3: Cross reference table . 59
Table 24 – ISO/IEC 27005 Clause 9.4: Applicable challenges . 60
Table 25 – ISO/IEC 27005 Clause 9.4: Cross reference table . 60
Table 26 – ISO/IEC 27005 Clause 9.5: Applicable challenges . 61
Table 27 – ISO/IEC 27005 Clause 9.5: Cross reference table . 61
Table 28 – ISO/IEC 27005 Clause 10: Applicable challenges . 62
Table 29 – ISO/IEC 27005 Clause 10: Cross reference table . 63
Table 30 – ISO/IEC 27005 Clause 11: Applicable challenges . 63
Table 31 – ISO/IEC 27005 Clause 11: Cross reference table . 65
Table 32 – ISO/IEC 27005 Clause 12: Applicable challenges . 66
Table 33 – ISO/IEC 27005 Clause 12: Cross reference table . 67
Table 34 – Summary of approaches to challenges . 68
Table A.1 – Chinese approach: Challenges addressed . 71
Table A.2 – Chinese approach: Insights for ISO/IEC Clause 7.1 . 71
Table A.3 – Chinese approach: Insights for ISO/IEC Clause 7.2 . 72
Table A.4 – Chinese approach: Insights for ISO/IEC Clause 8.1 . 72
Table A.5 – Chinese approach: Insights for ISO/IEC Clause 8.2 . 73
Table A.6 – Chinese approach: Insights for ISO/IEC Clause 8.3 . 74
Table A.7 – Chinese approach: Insights for ISO/IEC Clause 8.4 . 74
Table A.8 – Chinese approach: Insights for ISO/IEC Clause 9.1 . 75
Table A.9 – Chinese approach: Insights for ISO/IEC Clause 9.2 . 75
Table A.10 – Chinese approach: Insights for ISO/IEC Clause 9.3 . 75
Table A.11 – Chinese approach: Insights for ISO/IEC Clause 10. 75
Table A.12 – Chinese approach: Insights for ISO/IEC Clause 1
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

Loading comments...

This May Also Interest You

IEC
IEC 62541-100:2025(Main)
OPC unified architecture - Part 100: Devices

IEC 62541-100:2025 defines the information model associated with Devices. This document describes three models which build upon each other as follows:
• The (base) Device Model is intended to provide a unified view of devices and their hardware and software parts irrespective of the underlying device protocols.
• The Device Communication Model adds Network and Connection information elements so that communication topologies can be created.
• The Device Integration Host Model finally adds additional elements and rules required for host systems to manage integration for a complete system. It enables reflecting the topology of the automation system with the devices as well as the connecting communication networks.
This document also defines AddIns that can be used for the models in this document but also for models in other information models. They are:
• Locking model – a generic AddIn to control concurrent access,
• Software update model – an AddIn to manage software in a Device.
This second edition cancels and replaces the first edition published in 2015. This edition constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous edition:
a a ComponentType that can be used to model any HW or SW element of a device has been defined and a SoftwareType has been added as subtype of ComponentType;
b the new OPC UA interface concept and defined interfaces for Nameplate, DeviceHealth, and SupportInfo has been added.
c) a new model for Software Update (Firmware Update) has been added;
d) a new entry point for documents where each document is represented by a FileType instance has been specified;
e) a model that provides information about the lifetime, related limits and semantic of the lifetime of things like tools, material or machines has been added.

  • Standard
    152 pages
    English language
    sale 15% off
  • Standard
    158 pages
    French language
    sale 15% off
  • Standard
    310 pages
    English and French language
    sale 15% off
IEC
IEC TR 61169-1-8:2025(Main)
Radio-frequency connectors - Part 1-8: Electrical test methods - Voltage standing wave ratio for a single connector by double connector method

IEC TR 61169-1-8:2025 provides a test method for voltage standing wave ratio (VSWR, hereinafter) of single RF connector by double-connector method. This document is applicable to single RF cable connectors and single microstrip RF connectors as well as single adapters if an estimation of the VSWR of a single completely installed RF-connector is used and a time domain feature is not available on the vector network analyzer.

  • Technical report
    18 pages
    English language
    sale 15% off
IEC
IEC 61757-1-4:2025(Main)
Fibre optic sensors - Part 1-4: Strain measurement - Distributed sensing based on Rayleigh scattering

IEC 61757-1-4:2025 defines the terminology, structure, and measurement methods of distributed fibre optic sensors for absolute strain measurements based on spectral correlation analysis of Rayleigh backscattering signatures in single-mode fibres, where the fibre is the distributed strain measurement element in a measurement range from about 10 m to tens of km. This document also applies to hybrid sensor systems that combine the advantages of Brillouin and Rayleigh backscattering effects to obtain optimal measurement quality. This document also specifies the most important features and performance parameters of these distributed fibre optic strain sensors defines procedures for measuring these features and parameters. This part of IEC 61757 does not apply to point measurements or to dynamic strain measurements. Distributed strain measurements using Brillouin scattering in single-mode fibres are covered in IEC 61757-1-2. The most relevant applications of this strain measurement technique are listed in Annex A, while Annex B provides a short description of the underlying measurement principle.

  • Standard
    27 pages
    English language
    sale 15% off
  • Standard
    29 pages
    French language
    sale 15% off
  • Standard
    56 pages
    English and French language
    sale 15% off
IEC
IEC 62541-13:2025(Main)
OPC Unified Architecture - Part 13: Aggregates

IEC 62541-13:2025 is available as IEC 62541-13:2025 RLV which contains the International Standard and its Redline version, showing all changes of the technical content compared to the previous edition.IEC 62541-13:2025 defines the information model associated with Aggregates. Programmatically produced aggregate examples are listed in Annex A. This third edition cancels and replaces the second edition published in 2020. This edition constitutes a technical revision.
This edition includes the following technical changes with respect to the previous edition:
a) Multiple fixes for the computation of aggregates
• The Raw status bit is always set for non-bad StatusCodes for the Start and End aggregates.
• Entries in the Interpolative examples Tables A2.2 Historian1, Historian2, and Historian3 have been changed from Good to Good, Raw status codes when the timestamp matches with the timestamp of the data source.
• Missing tables have been added for DurationInStateZero and DurationInStateNonZero.
• The value of zero has been removed for results with a StatusCode of bad.
• Data Type was listed as "Status Code" when it is "Double" for both Standard Deviation and both Variance Aggregates.
• Rounding Error in TimeAverage and TimeAverage2 have been corrected.
• The status codes have been corrected for the last two intervals and the value has been corrected in the last interval.
• The wording has been changed to be more consistent with the certification testing tool.
• UsedSlopedExtrapolation set to true for Historian2 and all examples locations needed new values or status' are modified.
• Values affected by percent good and percent bad have been updated.
• PercentGood/PercentBad are now accounted for in the calculation.
• TimeAverage uses SlopedInterpolation but the Time aggregate is incorrectly allowed to used Stepped Interpolation.
• Partial bit is now correctly calculated.
• Unclear sentence was removed.
• Examples have been moved to a CSV.
• The value and status code for Historian 3 have been updated.
• TimeAverage2 Historian1 now takes uncertain regions into account when calculating StatusCodes.
• TimeAverage2 Historian2 now takes uncertain regions into account when calculating StatusCodes.
• Total2 Historian1 now takes uncertain regions into account when calculating StatusCodes
• Total2 Historian2 now takes uncertain regions into account when calculating StatusCodes
• Maximum2 Historian1 now takes uncertain regions into account when calculating StatusCodes
• MaximumActualTime2 Historian1 now takes uncertain regions into account when calculating StatusCodes
• Minimum2 Historian1 now takes uncertain regions into account when calculating StatusCodes
• MinimumActualTime2 Historian1 now has the StatusCodes calculated while using the TreatUncertainAsBad flag.
• Range2 Historian1 now looks at TreatUncertainAsBad in the calculation of the StatusCodes.
• Clarifications have been made to the text defining how PercentGood/PercentBad are used. The table values and StatusCodes of the TimeAverage2 and Total2 aggregates have been corrected.

  • Standard
    64 pages
    English language
    sale 15% off
  • Standard
    64 pages
    French language
    sale 15% off
  • Standard
    128 pages
    English and French language
    sale 15% off
IEC
IEC 62541-7:2025(Main)
OPC Unified Architecture - Part 7: Profiles

IEC 62541-7: 2025 specifies value and structure of Profiles in the OPC Unified Architecture.
OPC UA Profiles are used to segregate features with regard to testing of OPC UA products and the nature of the testing. The scope of this document includes defining functionality that can only be tested. The definition of actual TestCases is not within the scope of this document, but the general categories of TestCases are covered by this document.
Most OPC UA applications will conform to several, but not all of the Profiles.
This fourth edition cancels and replaces the third edition published in 2020. This edition constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous edition:
a) Profiles and ConformanceUnits are not part of this document, but are solely managed in a public database as described in Clause 1.

  • Standard
    160 pages
    English language
    sale 15% off
  • Standard
    173 pages
    French language
    sale 15% off
  • Standard
    333 pages
    English and French language
    sale 15% off
IEC
IEC 62541-4:2025(Main)
OPC unified architecture - Part 4: Services

IEC 62541-4:2025 is available as IEC 62541-4:2025 RLV which contains the International Standard and its Redline version, showing all changes of the technical content compared to the previous edition.IEC 62541-4:2025 defines the OPC Unified Architecture (OPC UA) Services. The Services defined are the collection of abstract Remote Procedure Calls (RPC) that are implemented by OPC UA Servers and called by OPC UA Clients. All interactions between OPC UA Clients and Servers occur via these Services. The defined Services are considered abstract because no particular RPC mechanism for implementation is defined in this document. IEC 62541‑6 specifies one or more concrete mappings supported for implementation. For example, one mapping in IEC 62541‑6 is to UA-TCP UA-SC UA-Binary. In that case the Services described in this document appear as OPC UA Binary encoded payload, secured with OPC UA Secure Conversation and transported via OPC UA TCP. Not all OPC UA Servers implement all of the defined Services. IEC 62541‑7 defines the Profiles that dictate which Services must be implemented in order to be compliant with a particular Profile. A BNF (Backus-Naur form) for browse path names is described in Annex A. This fourth edition cancels and replaces the third edition published in 2020. This edition constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous edition:
a) addition of new definitions to Method Call Service to allow optional Method arguments;
b)addition of reference to SystemStatusChangeEventType for event monitored item error scenarios;
c) enhancement of the general description of how determining if a Certificate is trusted;
d) addition of support for ECC;
e) addition of revisedAggregateConfiguration to AggregateFilterResult structure;
f) addition of INVALID to the BrowseDirection enumeration data type;
g) addition of INVALID to the TimestampsToReturn enumeration data type;
h) addition of definitions that make sure the subscription functionality works if retransmission queues are optional;
i) addition of client checks has been added to be symmetric to the Server Certificate check has been added;
j) clarification that ‘local’ top level domain is not appended by server into certificate and not checked by client when returned from LDS-ME;
k) addition of a definition for expiration behaviour of IssuedIdentityTokens;
l) addition of status code Good_PasswordChangeRequired to ActivateSession;
m) restriction of AdditionalInfo to servers in debug mode;
n) addition of new status code Bad_ServerTooBusy;
o) addition of definition for cases where server certificate must be contained in GetEndpoints response.

  • Standard
    245 pages
    English language
    sale 15% off
  • Standard
    257 pages
    French language
    sale 15% off
  • Standard
    502 pages
    English and French language
    sale 15% off
IEC
IEC TS 62876-3-4:2025(Main)
Nanomanufacturing - Reliability assessment - Part 3-4: Linearity of output characteristics for metal contacted 2D semiconductor devices

IEC TS 62876-3-4:2025, which is a Technical Specification, establishes a standardized guideline to assess
• reliability of metallic interfaces
of Ohmic-contacted field-effect transistors (FETs) using 2D nano-materials by quantifying
• linearity of current-voltage (I-V) output curves
for devices with various materials combinations of van der Waals (vdW) interfaces.
For metallic interfaces with 2D materials (eg. graphene, MoS2, MoTe2, WS2, WSe2, etc) and metals (eg. Ti, Cr, Au, Pd, In, Sb, etc), the reliability of Ohmic contact is quantified.
For FETs consisting of 2D materials-based channels (eg. MoS2, MoTe2, WS2, WSe2, etc), the reliability of Ohmic contact when varying contacting metal, channel length, channel thickness, applied voltage, and surface treatment condition is quantified.
The reliability of the metallic contacts is quantified from the linearity of I-V characteristics measured over extended time periods.

  • Technical specification
    24 pages
    English language
    sale 15% off
IEC
IEC TS 63414:2025(Main)
Artificial pollution tests on high-voltage polymeric insulators to be used on AC and DC systems

IEC TS 63414:2025 is applicable for the determination of the AC and DC pollution flashover and withstand voltage characteristics of insulators with polymeric housing, to be used outdoors in HV applications and exposed to polluted environments. This is also applicable for insulators with hydrophobic coatings. This document refers to AC systems with a rated voltage greater than 1 000 V and DC systems with a rated voltage greater than 1 500 V.
The object of this technical specification is to prescribe standardized test methods, requirements and procedures for artificial pollution tests applicable to polymeric insulators for overhead lines including traction lines, station post and hollow insulators of equipment. Available test experience with polymeric station post and hollow insulators, especially for DC applications, is limited.
The proposed tests are not applicable to ceramic and glass insulators without polymeric housing, to greased insulators or to special types of insulators (e.g., insulators with semiconducting glaze).
Differently to ceramic and glass insulators without polymeric housing:
- The pollution performance of insulators with polymeric housing varies with the hydrophobicity condition of the surface. The specific conditions simulated by standardized tests might not represent the actual dynamic field conditions.
- The determination of the flashover and/or withstand voltage under pollution conditions is not enough for dimensioning. Additional constraints related to possible ageing are also to be considered.
- If the Hydrophobicity Transfer Material (HTM) test according to IEC TR 62039 confirms that an insulator is non-HTM, it can be tested according to IEC 60507 or IEC TS 61245.

  • Technical specification
    39 pages
    English language
    sale 15% off
IEC
IEC 63522-4:2025(Main)
Electrical relays - Tests and measurements - Part 4: Dielectric strength test

IEC 63522-4:2025 is used for testing along with the appropriate severities and conditions for measurements and tests designed to assess the ability of DUTs to perform under expected conditions of transportation, storage and all aspects of operational use.
The object of this test is to define a standard test method for the dielectric strength test.

  • Standard
    10 pages
    English language
    sale 15% off
  • Standard
    10 pages
    French language
    sale 15% off
  • Standard
    20 pages
    English and French language
    sale 15% off
IEC
IEC 62541-10:2025(Main)
OPC Unified Architecture - Part 10: Programs

IEC 62541-10:2025 is available as IEC 62541-10:2025 RLV which contains the International Standard and its Redline version, showing all changes of the technical content compared to the previous edition.IEC 62541-10:2025 defines the Information Model associated with Programs in OPC Unified Architecture (OPC UA). This includes the description of the NodeClasses, standard Properties, Methods and Events and associated behaviour and information for Programs. The complete AddressSpace model including all NodeClasses and Attributes is specified in IEC 62541-3. The Services such as those used to invoke the Methods used to manage Programs are specified in IEC 62541-4. An example for a DomainDownload Program is defined in Annex A. This fourth edition cancels and replaces the third edition published in 2020. This edition constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous edition:
- StateMachine table format has been aligned.

  • Standard
    42 pages
    English language
    sale 15% off
  • Standard
    45 pages
    French language
    sale 15% off
  • Standard
    87 pages
    English and French language
    sale 15% off