iTeh Standards logo
EURUSD
Your shopping cart is empty.
SIST

SIST EN IEC 62351-9:2023

(Main)

Power systems management and associated information exchange - Data and communications security - Part 9: Cyber security key management for power system equipment (IEC 62351-9:2023)

Power systems management and associated information exchange - Data and communications security - Part 9: Cyber security key management for power system equipment (IEC 62351-9:2023)

IEC 62351-9:2023 specifies cryptographic key management, primarily focused on the management of long-term keys, which are most often asymmetric key pairs, such as public-key certificates and corresponding private keys. As certificates build the base this document builds a foundation for many IEC 62351 services (see also Annex A). Symmetric key management is also considered but only with respect to session keys for group-based communication as applied in IEC 62351-6. The objective of this document is to define requirements and technologies to achieve interoperability of key management by specifying or limiting key management options to be used.
This document assumes that an organization (or group of organizations) has defined a security policy to select the type of keys and cryptographic algorithms that will be utilized, which may have to align with other standards or regulatory requirements. This document therefore specifies only the management techniques for these selected key and cryptography infrastructures. This document assumes that the reader has a basic understanding of cryptography and key management principles.
The requirements for the management of pairwise symmetric (session) keys in the context of communication protocols is specified in the parts of IEC 62351 utilizing or specifying pairwise communication such as:
• IEC 62351-3 for TLS by profiling the TLS options
• IEC 62351-4 for the application layer end-to-end security
• IEC TS 62351-5 for the application layer security mechanism for IEC 60870-5-101/104 and IEEE 1815 (DNP3)
The requirements for the management of symmetric group keys in the context of power system communication protocols is specified in IEC 62351-6 for utilizing group security to protect GOOSE and SV communication. IEC 62351-9 utilizes GDOI as already IETF specified group-based key management protocol to manage the group security parameter and enhances this protocol to carry the security parameter for GOOSE, SV, and PTP.
This document also defines security events for specific conditions which could identify issues which might require error handling. However, the actions of the organisation in response to these error conditions are beyond the scope of this document and are expected to be defined by the organizations security policy.
In the future, as public-key cryptography becomes endangered by the evolution of quantum computers, this document will also consider post-quantum cryptography to a certain extent. Note that at this time being no specific measures are provided.
This second edition cancels and replaces the first edition published in 2017. This edition constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous edition:
a) Certificate components and verification of the certificate components have been added;
b) GDOI has been updated to include findings from interop tests;
c) GDOI operation considerations have been added;
d) GDOI support for PTP (IEEE 1588) support has been added as specified by IEC/IEEE 61850-9-3 Power Profile;
e) Cyber security event logging has been added as well as the mapping to IEC 62351-14;
f) Annex B with background on utilized cryptographic algorithms and mechanisms has been added.

Energiemanagementsysteme und zugehöriger Datenaustausch - IT-Sicherheit für Daten und Kommunikation - Teil 9: Cyber security Schlüssel-Management für Stromversorgungsanlagen (IEC 62351-9:2023)

Gestion des systèmes de puissance et échanges d'informations associés - Sécurité des communications et des données - Partie 9: Gestion de clé de cybersécurité des équipements de système de puissance (IEC 62351-9:2023)

IEC 62351-9:2023 spécifie la gestion des clés cryptographiques, principalement axée sur la gestion des clés à long terme, qui sont le plus souvent des paires de clés asymétriques, telles que des certificats de clés publiques et les clés privées correspondantes. Comme les certificats constituent la base, le présent document établit une fondation pour de nombreux services de l’IEC 62351 (voir également Annex A). La gestion des clés symétriques est également prise en compte, mais uniquement en ce qui concerne les clés de session pour les communications de groupe, telles qu’elles sont appliquées dans l’IEC 62351-6. L’objectif du présent document est de définir les exigences et les technologies permettant d’assurer l’interopérabilité de la gestion des clés en spécifiant ou en limitant les options de gestion de clés à utiliser.
Le présent document présume qu’une organisation (ou un groupe d’organisations) a défini une politique de sécurité pour sélectionner le type de clés et d’algorithmes cryptographiques qui seront utilisés, qui peuvent être à aligner sur d’autres normes ou exigences réglementaires. Le présent document spécifie donc uniquement les techniques de gestion de ces infrastructures de clé et de cryptographie sélectionnées. Le présent document présume que le lecteur a des notions de base en cryptographie et sur les principes de gestion des clés.
Les exigences relatives à la gestion des paires de clés (de session) symétriques dans le contexte des protocoles de communication sont spécifiées dans les parties de l’IEC 62351 qui utilisent ou spécifient une communication par paire, telles que:
• l’IEC 62351-3 pour TLS en profilant les options TLS;
• l’IEC 62351-4 pour la sécurité de bout en bout de la couche application;
• l’IEC 62351-5 pour le mécanisme de sécurité de la couche application pour l’IEC 60870-5-101/104 et l’IEEE 1815 (DNP3).
Les exigences relatives à la gestion des clés de groupe symétriques dans le contexte des protocoles de communication des systèmes de puissance sont spécifiées dans l’IEC 62351-6 pour l’utilisation de sécurité de groupe pour protéger les communications GOOSE et SV. L’IEC 62351-9 utilise GDOI comme protocole de gestion de clés par groupe déjà spécifié par l’IETF (Internet Engineering Task Force) pour gérer le paramètre de sécurité de groupe et améliore ce protocole pour transporter le paramètre de sécurité pour les communications GOOSE, SV et PTP.
Le présent document définit également les événements de sécurité pour des conditions spécifiques susceptibles d’identifier des problèmes pouvant exiger un traitement des erreurs. Cependant, les actions de l’organisation en réponse à ces conditions d’erreur ne relèvent pas du domaine d’application du présent document et sont censées être définies par la politique de sécurité des organisations.
À l’avenir, lorsque la cryptographie à clé publique sera mise en danger par l’évolution des ordinateurs quantiques, le présent document examinera également la cryptographie post-quantique dans une certaine mesure. Il est à noter qu’à l’heure actuelle, aucune mesure spécifique n’est prévue.
Cette deuxième édition annule et remplace la première édition parue en 2017. Cette édition constitue une révision technique.
Cette édition inclut les modifications techniques majeures suivantes par rapport à l’édition précédente:
a) des composants de certificats et leur vérification ont été ajoutés;
b) le GDOI a été mis à jour pour inclure les résultats des essais d’interopérabilité;
c) des aspects liés au fonctionnement du GDOI ont été ajoutés;
d) la prise en charge du GDOI pour PT

Upravljanje elektroenergetskega sistema in pripadajoča izmenjava informacij - Varnost podatkov in komunikacij - 9. del: Upravljanje računalniške varnosti opreme napajalnih sistemov (IEC 62351-9:2023)

Standard IEC 62351-9:2023 določa upravljanje kriptografskih ključev, ki se osredotoča predvsem na dolgoročne ključe, ki so najpogosteje asimetrični pari ključev, kot so potrdila za javne ključe in ustrezni zasebni ključi. Ker certifikati gradijo osnovo, ta dokument gradi osnovo za številne storitve standarda IEC 62351 (glej tudi dodatek A). Upošteva se tudi upravljanje simetričnih ključev, vendar le v zvezi s ključi sej za skupinsko komunikacijo, kot se uporablja v standardu IEC 62351-6. Cilj tega dokumenta je določitev zahtev in tehnologij doseganje interoperabilnosti upravljanja ključev z določitvijo ali omejitvijo možnosti upravljanja ključev, ki bodo uporabljene.
Ta dokument predpostavlja, da je organizacija (ali skupina organizacij) opredelila varnostno politiko za izbiro vrste ključev in kriptografskih algoritmov, ki bodo uporabljeni, kar bo morda treba uskladiti z drugimi standardi ali regulativnimi zahtevami. Ta dokument tako določa zgolj načine upravljanja za te izbrane infrastrukture ključev in kriptografije. Ta dokument predvideva, da bralec v osnovi razume načela kriptografije upravljanja ključev.
Zahteve za upravljanje parnih simetričnih (sejnih) ključev v kontekstu komunikacijskih protokolov so določene v delih standarda IEC 62351, ki uporabljajo ali določajo parno komunikacijo, kot so:
• IEC 62351-3 za TLS s profiliranjem možnosti TLS
• IEC 62351-4 za celovito varnost aplikacijskega sloja
• IEC TS 62351-5 za varnostni mehanizem aplikacijskega sloja za IEC 60870-5-101/104 in IEEE 1815 (DNP3)
Zahteve za upravljanje parnih simetričnih ključev skupine v kontekstu komunikacijskih protokolov elektroenergetskega sistema so določene v standardu 62351-6 za uporabo varnosti skupine za zaščito komunikacije GOOSE in SV. Standard IEC 62351-9 uporablja GDOI kot že določen protokol za upravljanje ključev na osnovi skupine IETF za upravljanje varnostnega parametra skupine ter izboljša ta protokol za prenos varnostnega parametra za GOOSE, SV in PTP.
Dokument določa tudi varnostne dogodke za posebne pogoje, ki lahko prepoznajo težave, ki lahko zahtevajo obravnavanje napak. Vendar dejanja organizacije kot odgovor na te pogoje napak ne spadajo v področje uporabe tega dokumenta in naj bi jih določila varnostna politika organizacije.
V prihodnosti, ko bo kriptografija z javnim ključem ogrožena zaradi razvoja kvantnih računalnikov, bo ta dokument do določene mere obravnaval tudi postkvantno kriptografijo. Upoštevajte, da trenutno ni določenih posebnih ukrepov.
Druga izdaja razveljavlja in nadomešča prvo izdajo, objavljeno leta 2017. Ta izdaja je tehnično popravljena izdaja.
Ta izdaja v primerjavi s prejšnjo vključuje naslednje pomembne tehnične spremembe:
a) dodane so bile komponente potrdil in preverjanje pristnosti komponent potrdil;
b) GDOI je bil posodobljen in vključuje ugotovitve iz preskušanj interoperabilnosti;
c) dodani so bili premisleki glede delovanja GDOI;
d) dodana je bila podpora GDOI za PTP (IEEE 1588), kot določa profil napajanja iz standarda EC/IEEE 61850-9-3;
e) dodano je bilo beleženje dogodkov računalniške varnosti in ujemanje s standardom IEC 62351-14;
f) dodan je bil dodatek B z ozadjem o uporabljenih kriptografskih algoritmih in mehanizmih.

General Information

Status
Published
Publication Date
11-Sep-2023
ICS
29.240.30 - Control equipment for electric power systems
33.200 - Telecontrol. Telemetering
35.030 - IT Security
35.240.50 - IT applications in industry
Technical Committee
PSE - Power systems management
Current Stage
6060 - National Implementation/Publication (Adopted Project)
Start Date
02-Aug-2023
Due Date
07-Oct-2023
Completion Date
12-Sep-2023
Mandate
M/490 - Standardisation mandate to the European Standardisation Organisations (ESOs) to support European Smart Grid deployment
Ref Project
EN IEC 62351-9:2023 - Power systems management and associated information exchange - Data and communications security - Part 9: Cyber security key management for power system equipment

Relations

Revised
SIST EN 62351-9:2017 - Power systems management and associated information exchange - Data and communications security - Part 9: Cyber security key management for power system equipment
Effective Date
19-Jan-2021

Overview

SIST EN IEC 62351-9:2023 (IEC 62351-9:2023) specifies cyber security key management for power system equipment. It focuses on the management of long‑term cryptographic keys - primarily asymmetric key pairs and public‑key certificates - and defines interoperable key management techniques and requirements for power system environments. The standard complements other parts of the IEC 62351 family by establishing the foundation for certificate-based services, group key management for multicast protocols (via GDOI), and security event reporting.

Key technical topics and requirements

  • Asymmetric key and PKI management
    • Certificate components, generation, installation, verification and revocation practices.
    • Certificate enrolment and onboarding procedures, including protocols and trust anchor management.
  • Group key management
    • Use of GDOI (Group Domain of Interpretation) for managing symmetric group keys for GOOSE, SV and PTP (IEEE 1588).
    • Enhancements and operational considerations based on interop testing and support for IEC/IEEE 61850-9-3 Power Profile.
  • Symmetric key treatment
    • Session key considerations for group‑based communication (linked to IEC 62351-6) and profiles for pairwise session keys handled in other parts (62351‑3, -4, -5).
  • Key lifecycle and system policy
    • Key lifecycle stages, secure key generation and protection, key usage rules, and object identifier usage.
  • Revocation and validation
    • CRLs, OCSP, SCVP and procedures for certificate status and recovery.
  • Security events and logging
    • Definitions of security events, mapping to IEC 62351-14 for cyber security event logging and handling (response actions defined by organizational policy).
  • Operational and future considerations
    • Guidance for RNG, cryptographic algorithm selection (Annex B background), and note on post‑quantum cryptography considerations (no specific PQC measures mandated yet).

Practical applications - who uses this standard

  • Utilities and grid operators implementing secure communication and device authentication.
  • Substation automation vendors, IED manufacturers and system integrators deploying certificates and group keys for GOOSE, SV and PTP.
  • PKI/PMI operators, cybersecurity engineers and architects responsible for certificate lifecycle, enrolment and revocation.
  • Regulators and compliance teams requiring standardized key management practices for critical infrastructure.
  • Test labs and interoperability teams validating GDOI and certificate management in power systems.

Related standards and protocols

  • IEC 62351 family: -3, -4, -5, -6, -14
  • IETF RFCs: GDOI, OCSP, TAMP, CMC, SCEP/EST
  • IEC/IEEE 61850-9-3 (PTP Power Profile)
  • ISO/IEC standards on PKI and cryptographic modules

Keywords: IEC 62351-9:2023, SIST EN IEC 62351-9:2023, cyber security key management, power system equipment, PKI, certificates, GDOI, GOOSE, SV, PTP, certificate revocation, OCSP, CRL, group key management.

SIST EN IEC 62351-9:2023 - BARVESIST EN IEC 62351-9:2023 - BARVE
PreviousNext
Standard
SIST EN IEC 62351-9:2023 - BARVE
English language
147 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


SLOVENSKI STANDARD
01-oktober-2023
Upravljanje elektroenergetskega sistema in pripadajoča izmenjava informacij -
Varnost podatkov in komunikacij - 9. del: Upravljanje računalniške varnosti
opreme napajalnih sistemov (IEC 62351-9:2023)
Power systems management and associated information exchange - Data and
communications security - Part 9: Cyber security key management for power system
equipment (IEC 62351-9:2023)
Energiemanagementsysteme und zugehöriger Datenaustausch - IT-Sicherheit für Daten
und Kommunikation - Teil 9: Cyber security Schlüssel-Management für
Stromversorgungsanlagen (IEC 62351-9:2023)
Gestion des systèmes de puissance et échanges d'informations associés - Sécurité des
communications et des données - Partie 9: Gestion de clé de cybersécurité des
équipements de système de puissance (IEC 62351-9:2023)
Ta slovenski standard je istoveten z: EN IEC 62351-9:2023
ICS:
29.240.30 Krmilna oprema za Control equipment for electric
elektroenergetske sisteme power systems
35.030 Informacijska varnost IT Security
35.240.50 Uporabniške rešitve IT v IT applications in industry
industriji
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EUROPEAN STANDARD EN IEC 62351-9

NORME EUROPÉENNE
EUROPÄISCHE NORM July 2023
ICS 33.200 Supersedes EN 62351-9:2017
English Version
Power systems management and associated information
exchange - Data and communications security - Part 9: Cyber
security key management for power system equipment
(IEC 62351-9:2023)
Gestion des systèmes de puissance et échanges Energiemanagementsysteme und zugehöriger
d'informations associés - Sécurité des communications et Datenaustausch - IT-Sicherheit für Daten und
des données - Partie 9: Gestion de clé de cybersécurité des Kommunikation - Teil 9: Cyber security Schlüssel-
équipements de système de puissance Management für Stromversorgungsanlagen
(IEC 62351-9:2023) (IEC 62351-9:2023)
This European Standard was approved by CENELEC on 2023-07-11. CENELEC members are bound to comply with the CEN/CENELEC
Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.
Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC
Management Centre or to any CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the
same status as the official versions.
CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,
Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the
Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Türkiye and the United Kingdom.

European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2023 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.
Ref. No. EN IEC 62351-9:2023 E

European foreword
The text of document 57/2579/FDIS, future edition 2 of IEC 62351-9, prepared by IEC/TC 57 "Power
systems management and associated information exchange" was submitted to the IEC-CENELEC
parallel vote and approved by CENELEC as EN IEC 62351-9:2023.
The following dates are fixed:
• latest date by which the document has to be implemented at national (dop) 2024-04-11
level by publication of an identical national standard or by endorsement
• latest date by which the national standards conflicting with the (dow) 2026-07-11
document have to be withdrawn
This document supersedes EN 62351-9:2017 and all of its amendments and corrigenda (if any).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CENELEC shall not be held responsible for identifying any or all such patent rights.
This document has been prepared under a standardization request addressed to CENELEC by the
European Commission. The Standing Committee of the EFTA States subsequently approves these
requests for its Member States.
Any feedback and questions on this document should be directed to the users’ national committee. A
complete listing of these bodies can be found on the CENELEC website.
Endorsement notice
The text of the International Standard IEC 62351-9:2023 was approved by CENELEC as a European
Standard without any modification.
In the official version, for Bibliography, the following notes have to be added for the standard indicated:
ISO/IEC 19790:2012 NOTE Approved as EN ISO/IEC 19790:2020 (not modified)
IEC 62351-8 NOTE Approved as EN IEC 62351-8
ISO/IEC 19790 NOTE Approved as EN ISO/IEC 19790
IEC 62443-3-3 NOTE Approved as EN IEC 62443-3-3
IEC 62443-4-2 NOTE Approved as EN IEC 62443-4-2
Annex ZA
(normative)
Normative references to international publications
with their corresponding European publications
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments)
applies.
NOTE 1  Where an International Publication has been modified by common modifications, indicated by (mod),
the relevant EN/HD applies.
NOTE 2  Up-to-date information on the latest versions of the European Standards listed in this annex is available
here: www.cencenelec.eu.
Publication Year Title EN/HD Year
IEC/TS 62351-2 - Power systems management and associated - -
information exchange - Data and
communications security - Part 2: Glossary of
terms
IEC 62351-3 2023 Power systems management and associated - -
information exchange - Data and
communications security - Part 3:
Communication network and system security -
Profiles including TCP/IP
IEC 62351-4 - Power systems management and associated EN IEC 62351-4 -
information exchange - Data and
communications security - Part 4: Profiles
including MMS and derivatives
IEC 62351-5 - Power systems management and associated EN IEC 62351-5 -
information exchange - Data and
communications security - Part 5: Security for
IEC 60870-5 and derivatives
IEC 62351-6 - Power systems management and associated EN IEC 62351-6 -
information exchange - Data and
communications security - Part 6: Security for
IEC 61850
IEC 62351-14 — Power systems management and associated - -
information exchange - Data and
communications security - Part 14: Cyber
security event logging
ISO/IEC 9594-8 2020 Information technology - Open systems - -
interconnection - Part 8: The Directory: Public-
key and attribute certificate frameworks
ISO/IEC 9594-11 2020 Information technology - Open systems - -
interconnection directory - Part 11: Protocol
specifications for secure operations

Under preparation. Stage at the time of publication: IEC/ACDV 62351-14:2023.
Publication Year Title EN/HD Year
ISO/IEC 9834-1 2012 Information technology - Procedures for the - -
operation of object identifier registration
authorities: General procedures and top arcs
of the international object identifier tree
IETF RFC 5272 - Certificate Management over CMS (CMC) - -
IETF RFC 5755 - An Internet Attribute Certificate Profile for - -
Authorization
IETF RFC 5934 - Trust Anchor Management Protocol (TAMP) - -
IETF RFC 6407 - The Group Domain of Interpretation - -
IETF RFC 6960 - X.509 - Internet Public Key Infrastructure - -
Online Certificate Status Protocol - OCSP
IETF RFC 7030 - Enrolment over Secure Transport - -
IETF RFC 8052 - Group Domain of Interpretation (GDOI) - -
Protocol Support for IEC 62351 Security
IETF RFC 8263 - Group Domain of Interpretation (GDOI) - -
GROUPKEY-PUSH Acknowledgement
Message
IETF RFC 8894 - Simple Certificate Enrolment Protocol - -

IEC 62351-9 ®
Edition 2.0 2023-06
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Power systems management and associated information exchange – Data and

communications security –
Part 9: Cyber security key management for power system equipment

Gestion des systèmes de puissance et échanges d’informations associés –

Sécurité des communications et des données –

Partie 9: Gestion de clé de cybersécurité des équipements de système de

puissance
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 33.200 ISBN 978-2-8322-6950-3

– 2 – IEC 62351-9:2023  IEC 2023
CONTENTS
FOREWORD . 8
1 Scope . 10
2 Normative references . 11
3 Terms, definitions, and abbreviations . 12
3.1 Terms and definitions . 12
3.2 Abbreviations and acronyms . 17
4 Security concepts applicable to power systems . 19
4.1 General . 19
4.2 Security objectives . 19
4.2.1 Confidentiality . 19
4.2.2 Data integrity . 19
4.2.3 Authentication. 19
4.2.4 Non-repudiation . 20
4.3 Cryptographic algorithms and concepts . 20
5 Key establishment and management techniques . 21
5.1 General . 21
5.2 Key management lifecycle . 21
5.2.1 Key management in the life cycle of a device . 21
5.2.2 Lifecycle of a cryptographic key . 23
5.3 Cryptographic key usages . 24
5.4 Key management system security policy . 25
5.5 Key management design principles for power system operations . 25
5.6 Establishment of symmetric keys . 26
5.6.1 Overview . 26
5.6.2 The Diffie-Hellman key agreement method . 26
5.6.3 Key derivation function (KDF) method . 26
5.6.4 Group key management . 27
5.7 Trust supported by public-key infrastructures (PKI) and privilege
management infrastructures (PMI) . 30
5.7.1 General . 30
5.7.2 Registration authorities (RA) . 30
5.7.3 Certification authority (CA) . 30
5.7.4 Public-key certificates . 31
5.7.5 Attribute certificates . 32
5.7.6 Public-key certificate and attribute certificate extensions . 33
5.8 Certificate management of public-key certificates . 33
5.8.1 Certificate management process . 33
5.8.2 Initial certificate creation . 34
5.8.3 Onboarding of an entity . 34
5.8.4 Enrolment of an entity . 35
5.8.5 Certificate signing request (CSR) processing . 38
5.8.6 Enrolment Protocols . 41
5.8.7 Trust Anchor Management Protocol (TAMP) . 42
5.9 Revocation of public-key certificates . 42
5.9.1 Certificate revocation lists (CRLs) . 42
5.9.2 Online certificate status protocol (OCSP) . 43
5.9.3 Server-based certificate validation protocol (SCVP) . 46

IEC 62351-9:2023  IEC 2023 – 3 –
5.9.4 Recovering from certificate revocation of an end entity . 47
5.10 Trust via non-PKI issued (self-signed) certificates . 47
5.11 Authorization and validation lists . 48
5.11.1 General . 48
5.11.2 AVLs in non-constrained environments . 48
5.11.3 AVLs in constrained environments . 49
6 Key management (normative) . 49
6.1 General . 49
6.2 Handling of security events . 49
6.3 Required cryptographic material. 50
6.4 Random Number Generation . 50
6.5 Object identifiers . 50
6.5.1 Concept of object identifiers . 50
6.5.2 Use of object identifiers by this document . 50
7 Asymmetric key management (normative). 51
7.1 General . 51
7.2 Certificate components . 51
7.2.1 Public-Key certificate components . 51
7.2.2 Attribute certificate components . 52
7.3 Certificate generation and installation . 53
7.3.1 Private and public key generation and installation. 53
7.3.2 Cryptographic key protection . 54
7.3.3 Use of existing security key management infrastructure . 54
7.3.4 Certificate policy . 54
7.3.5 Entity registration for identity establishment . 55
7.3.6 Entity configuration . 55
7.3.7 Entity enrolment . 56
7.3.8 Trust anchor information update . 58
7.4 Certificate components and certificate verification. 58
7.4.1 General . 58
7.4.2 Certificate format and encoding . 58
7.4.3 Certificate signature verification . 59
7.4.4 Public-key certificate components . 59
7.4.5 Attribute certificate components . 66
7.4.6 Certificate revocation status . 69
7.5 Certificate revocation . 70
7.6 Certificate expiration and renewal . 71
7.7 Clock Synchronization and Accuracy. 72
7.8 Authorization and validation lists . 72
7.8.1 General . 72
7.8.2 Syntax for authorization and validation list (AVL) for public-key
certificates . 72
7.8.3 AVL scope restriction . 73
7.8.4 AVL protocol restriction extension. 74
7.8.5 AVL pinning of certificate and associated identifier . 74
7.8.6 Public-key certificate extensions related to use of AVLs . 75
7.8.7 Issuing of an AVL . 75
7.8.8 Endpoint Handling of AVLs . 75
8 Group based key management (normative) . 75

– 4 – IEC 62351-9:2023  IEC 2023
8.1 GDOI requirements . 75
8.2 Internet Key Exchange Version 1 (IKEv1) . 76
8.3 Phase 1 IKEv1 main mode exchange type 2. 77
8.3.1 General . 77
8.3.2 Certificate request payload . 78
8.3.3 Security association exchange (1) . 78
8.3.4 Key exchange (2) . 79
8.3.5 ID authentication exchange (3) . 80
8.4 Phase 1/2 ISAKMP informational exchange type 5 . 81
8.4.1 General . 81
8.4.2 Phase 1 informational exchange . 82
8.4.3 Phase 2 Informational Exchange . 83
8.5 Phase 2 GDOI GROUPKEY-PULL exchange type 32 . 83
8.5.1 General . 83
8.5.2 Hash computations . 84
8.5.3 Multi-sender and counter mode encryption algorithm . 85
8.5.4 SA KEK, SEQ, KEK/LKH key download payload support . 85
8.5.5 GROUPKEY-PULL group SA request exchange . 85
8.5.6 SA TEK payload . 90
8.5.7 IEC 61850 SA TEK payload . 91
8.5.8 SA TEK payload for IEC 61850-9-3 . 92
8.5.9 SPI discussion . 94
8.5.10 SA data attributes . 95
8.5.11 GROUPKEY-PULL group key download exchange . 95
8.5.12 TEK Key Download Handling . 98
8.6 Phase 2 GROUPKEY-PUSH exchange type 33 . 98
8.6.1 General . 98
8.6.2 GROUPKEY-PUSH Message . 99
8.6.3 GROUPKEY-PUSH acknowledgement message . 99
8.7 Operational considerations . 100
8.7.1 General . 100
8.7.2 Group Security Policy . 100
8.7.3 Group dynamicity . 100
8.7.4 Handling of Key Delivery Assurance (informative) . 102
9 Protocol Implementation Conformance Statement (PICS) . 102
9.1 General . 102
9.2 Notation . 103
9.3 Conformance to general key management requirements . 103
9.4 Conformance to requirements for asymmetric key management . 103
9.5 Requirements for group-based key management . 104
9.6 Supported GDOI Payload OIDs . 104
Annex A (informative) Relations to other parts of IEC 62351 and other IEC documents . 105
Annex B (informative) Cryptographic algorithms and mechanisms. 107
B.1 Trust and trust anchor . 107
B.2 Cryptographic algorithms . 107
B.2.1 Introduction . 107
B.2.2 Security strength . 108
B.3 Public-key algorithms . 108
B.3.1 General . 108

IEC 62351-9:2023  IEC 2023 – 5 –
B.3.2  The RSA public-key algorithm . 109
B.3.3  The DSA public-key algorithm . 110
B.3.4  The ECDSA public-key algorithm . 110
B.3.5  The EdDSA public-key algorithms . 112
B.3.6  Digital signature algorithms . 114
B.4  Symmetric key algorithms . 116
B.4.1  Stream ciphers vs. block ciphers . 116
B.4.2  Advance encryption standard . 116
B.4.3  Advanced encryption standard – cipher block chaining (AES-CBC) . 117
B.4.4  Advanced encryption standard – counter mode (AES-CTR) . 117
B.5  Hash algorithms . 118
B.6  Integrity check value (ICV) algorithms . 119
B.6.1  General . 119
B.6.2  Keyed-hash message authentication code (HMAC) algorithm . 119
B.6.3  Advance Encryption Standard (AES) – Galois message authentication
code (GMAC) algorithm . 120
B.7  Authenticated encryption with associated data (AEAD) algorithms . 120
B.7.1  General . 120
B.7.2  Advanced encryption standard (AES) – Galois/Counter Mode (GCM) . 121
B.7.3  Advanced encryption standard (AES) – Counter with CBC-MAC (CCM) . 121
B.8  Diffie-Hellman key agreement . 122
B.8.1  General . 122
B.8.2  Introduction to cyclic groups . 122
B.8.3  Diffie-Hellman method over finite field . 123
B.8.4  The discrete logarithm problem . 123
B.8.5  Elliptic curve Diffie-Hellman key agreement . 123
B.8.6  Key establishment algorithms . 124
B.9  Key derivation . 125
B.10  Migration of cryptographic algorithms . 126
B.11  Post-quantum computing cryptography . 126
B.12  Random Number Generation (RNG) . 127
B.12.1  Random number generation types . 127
B.12.2  Deterministic random bit generators . 127
B.12.3  Non-deterministic random number generation . 128
B.12.4  Entropy sources . 128
Annex C (informative) Certificate enrolment and renewal flowcharts . 129
C.1  Certificate Enrolment . 129
C.2  Certificate Renewal . 130
Annex D (informative) Security Event mapping to IEC 62351-14 . 131
D.1  General . 131
D.2  Security event log records for credential transport and enrolment . 131
D.3  Security event log records for public-key certificate verification . 132
D.4  Security event log records for attribute certificate verification . 134
D.5  Security event log records for certificate revocation status . 136
D.6  Security event log records for group-based key management with GDOI . 137
Bibliography . 138

Figure 1 – Overview key management in the life cycle of an entity . 22

– 6 – IEC 62351-9:2023  IEC 2023
Figure 2 – Cryptographic key life cycle . 23
Figure 3 – Overview of group key management on the example of GDOI . 27
Figure 4 – GDOI IKE Phase 1 – Authentication and securing communication channel . 28
Figure 5 – GDOI Pull Phase 2 . 29
Figure 6 – Overview of PKI infrastructure and realization examples . 30
Figure 7 – Central certificate generation . 32
Figure 8 – Relationship between public-key certificates and attribute certificates . 33
Figure 9 – Example of the SCEP entity enrolment and CSR process . 36
Figure 10 – Example of the EST entity enrolment and CSR process . 37
Figure 11 – CSR processing . 38
Figure 12 – Certification request format . 39
Figure 13 – Certificate request message format . 40
Figure 14 – Certificate revocation list . 43
Figure 15 – Overview of the online certificate status protocol (OCSP) . 44
Figure 16 – Diagram using a combination of CRL and OCSP processes . 45
Figure 17 – Call Flows for the Online Certificate Status Protocol (OCSP). 46
Figure 18 – Overview Server-Based Certificate Validation Protocol using OCSP
Backend . 47
Figure 19 – IKEv1 (RFC 2409) main mode exchange with RSA digital signatures . 78
Figure 20 – IKEv1 main mode exchange and security association messages . 78
Figure 21 – IKEv1 main mode exchange: key exchange messages . 79
Figure 22 – IKEv1 Main Mode Exchange: ID authentication messages . 80
Figure 23 – IKEv1 HASH_I calculation . 81
Figure 24 – Phase 1 Informational Exchange (cf. RFC 2408, section 4.8) . 82
Figure 25 – Phase 2 Informational Exchange (cf. RFC 2409, section 5.7) . 83
Figure 26 – IKEv1 HASH(1) calculation . 83
Figure 27 – GDOI GROUPKEY-PULL as defined in RFC 6407 . 84
Figure 28 – GROUPKEY-PULL hash computations . 84
Figure 29 – GROUPKEY-PULL initial SA request exchange . 85
Figure 30 – RFC 6407 Identification Payload . 86
Figure 31 – ID_OID Identification Data . 87
Figure 32 – 61850_UDP_ADDR_GOOSE/SV ASN.1 BNF . 88
Figure 33 – IPADDRESS ASN.1 BNF . 88
Figure 34 – Example IecUdpAddrPayload ASN.1 Data with DER Encoding . 89
Figure 35 – 61850_UDP_TUNNEL Payload ASN.1 BNF . 89
Figure 36 – 61850_ETHERNET_GOOSE/SV Payload ASN.1 BNF . 89
Figure 37 – RFC 6407 SA TEK Payload . 90
Figure 38 – IEC-61850 SA TEK Payload . 91
Figure 39 – Correlation of SPI Value . 94
Figure 40 – GROUPKEY-PULL Key Download Exchange . 95
Figure 41 – GROUPKEY-PULL group key download hash computations . 95
Figure 42 – Key renewal triggered by the entities . 97
Figure 43 – GROUPKEY-PUSH message (from RFC 6407) . 98

IEC 62351-9:2023  IEC 2023 – 7 –
Figure 44 – GROUPKEY-PUSH ACK message (from RFC 8263) . 98
Figure 45 – GROUPKEY-PUSH ACK hash computations . 99
Figure 46 – GROUPKEY-PUSH ack_key computations . 99
Figure A.1 – IEC 62351-9 relationship to other parts of IEC 62351 . 105
Figure C.1 – Certificate Enrolment (general) . 129
Figure C.2 – Certificate Renewal State Machine . 130

Table 1 – Public-key certificate components . 51
Table 2 – Attribute certificate components . 53
Table 3 – KDC IKEv1 Requirements . 76
Table 4 – IEC 61850 Object IDs: Mandatory (m) and Optional (o) . 87
Table 5 – PICS for general key management . 103
Table 6 – PICS for asymmetric key management . 103
Table 7 – PICS for group-based key management (valid for KDC and Client) . 104
Table 8 – PICS for supported OIDs for the identification payload . 104
Table D.1 – Security event logs for credential transport and certificate enrolment
mapped to IEC 62351-14 . 131
Table D.2 – Security event logs defined for public-key certificate verification mapped to
IEC 62351-14. 132
Table D.3 – Security event logs defined for attribute certificate verification mapped to
IEC 62351-14. 134
Table D.4 – Security event logs defined for certificate revocation status mapped to
IEC 62351-14. 136
Table D.5 – Security event logs for GDOI mapped to IEC 62351-14 . 137

– 8 – IEC 62351-9:2023  IEC 2023
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
POWER SYSTEMS MANAGEMENT AND ASSOCIATED INFORMATION
EXCHANGE – DATA AND COMMUNICATIONS SECURITY –

Part 9: Cyber security key management for power system equipment

FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote international
co-operation on all questions concerning standardization in the electrical and electronic fields. To this end and
in addition to other activities, IEC publishes International Standards, Technical Specifications, Technical Reports,
Publicly Available Specifications (PAS) and Guides (hereafter referred to as "IEC Publication(s)"). Their
preparation is entrusted to technical committees; any IEC National Committee interested in the subject dealt with
may participate in this preparatory work. International, governmental and non-governmental organizations liaising
with the IEC also participate in this preparation. IEC collaborates closely with the International Organization for
Standardization (ISO) in accordance with conditions determined by agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence between
any IEC Publication and the corresponding national or regional publication shall be clearly indicated in the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of patent
rights. IEC shall not be held responsible for identifying any or all such patent rights.
IEC 62351-9 has been prepared by WG15: Data and Communication Security, of IEC technical
committee TC57: Power systems management and associated information exchange. It is an
International Standard.
This second edition cancels and replaces the first edition published in 2017. This edition
constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous
edition:
a) Certificate components and verification of the certificate components have been added;
b) GDOI has been updated to include findings from interop tests;
c) GDOI operation considerations have been added;
d) GDOI support for PTP (IEEE 1588) support has been added as specified by IEC/IEEE
61850-9-3 Power Profile;
e) Cyber security event logging has been added as well as the mapping to IEC 62351-14;

IEC 62351-9:2023  IEC 2023 – 9 –
f) Annex B with background on utilized cryptographic algorithms and mechanisms has been
added.
The text of this International Standard is based on the following documents:
Draft Report on voting
57/2579/FDIS 57/2594/RVD
Full information on the voting for its approval can be found in the report on voting indicated in
the above table.
The language used for the development of this International Standard is English.
This document was drafted in accordance with ISO/IEC Directives, Part 2, and developed in
accordance with ISO/IEC Directives, Part 1 and ISO/IEC Directives, IEC Supplement, avai
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

Loading comments...

Frequently Asked Questions

SIST EN IEC 62351-9:2023 is a standard published by the Slovenian Institute for Standardization (SIST). Its full title is "Power systems management and associated information exchange - Data and communications security - Part 9: Cyber security key management for power system equipment (IEC 62351-9:2023)". This standard covers: IEC 62351-9:2023 specifies cryptographic key management, primarily focused on the management of long-term keys, which are most often asymmetric key pairs, such as public-key certificates and corresponding private keys. As certificates build the base this document builds a foundation for many IEC 62351 services (see also Annex A). Symmetric key management is also considered but only with respect to session keys for group-based communication as applied in IEC 62351-6. The objective of this document is to define requirements and technologies to achieve interoperability of key management by specifying or limiting key management options to be used. This document assumes that an organization (or group of organizations) has defined a security policy to select the type of keys and cryptographic algorithms that will be utilized, which may have to align with other standards or regulatory requirements. This document therefore specifies only the management techniques for these selected key and cryptography infrastructures. This document assumes that the reader has a basic understanding of cryptography and key management principles. The requirements for the management of pairwise symmetric (session) keys in the context of communication protocols is specified in the parts of IEC 62351 utilizing or specifying pairwise communication such as: • IEC 62351-3 for TLS by profiling the TLS options • IEC 62351-4 for the application layer end-to-end security • IEC TS 62351-5 for the application layer security mechanism for IEC 60870-5-101/104 and IEEE 1815 (DNP3) The requirements for the management of symmetric group keys in the context of power system communication protocols is specified in IEC 62351-6 for utilizing group security to protect GOOSE and SV communication. IEC 62351-9 utilizes GDOI as already IETF specified group-based key management protocol to manage the group security parameter and enhances this protocol to carry the security parameter for GOOSE, SV, and PTP. This document also defines security events for specific conditions which could identify issues which might require error handling. However, the actions of the organisation in response to these error conditions are beyond the scope of this document and are expected to be defined by the organizations security policy. In the future, as public-key cryptography becomes endangered by the evolution of quantum computers, this document will also consider post-quantum cryptography to a certain extent. Note that at this time being no specific measures are provided. This second edition cancels and replaces the first edition published in 2017. This edition constitutes a technical revision. This edition includes the following significant technical changes with respect to the previous edition: a) Certificate components and verification of the certificate components have been added; b) GDOI has been updated to include findings from interop tests; c) GDOI operation considerations have been added; d) GDOI support for PTP (IEEE 1588) support has been added as specified by IEC/IEEE 61850-9-3 Power Profile; e) Cyber security event logging has been added as well as the mapping to IEC 62351-14; f) Annex B with background on utilized cryptographic algorithms and mechanisms has been added.

IEC 62351-9:2023 specifies cryptographic key management, primarily focused on the management of long-term keys, which are most often asymmetric key pairs, such as public-key certificates and corresponding private keys. As certificates build the base this document builds a foundation for many IEC 62351 services (see also Annex A). Symmetric key management is also considered but only with respect to session keys for group-based communication as applied in IEC 62351-6. The objective of this document is to define requirements and technologies to achieve interoperability of key management by specifying or limiting key management options to be used. This document assumes that an organization (or group of organizations) has defined a security policy to select the type of keys and cryptographic algorithms that will be utilized, which may have to align with other standards or regulatory requirements. This document therefore specifies only the management techniques for these selected key and cryptography infrastructures. This document assumes that the reader has a basic understanding of cryptography and key management principles. The requirements for the management of pairwise symmetric (session) keys in the context of communication protocols is specified in the parts of IEC 62351 utilizing or specifying pairwise communication such as: • IEC 62351-3 for TLS by profiling the TLS options • IEC 62351-4 for the application layer end-to-end security • IEC TS 62351-5 for the application layer security mechanism for IEC 60870-5-101/104 and IEEE 1815 (DNP3) The requirements for the management of symmetric group keys in the context of power system communication protocols is specified in IEC 62351-6 for utilizing group security to protect GOOSE and SV communication. IEC 62351-9 utilizes GDOI as already IETF specified group-based key management protocol to manage the group security parameter and enhances this protocol to carry the security parameter for GOOSE, SV, and PTP. This document also defines security events for specific conditions which could identify issues which might require error handling. However, the actions of the organisation in response to these error conditions are beyond the scope of this document and are expected to be defined by the organizations security policy. In the future, as public-key cryptography becomes endangered by the evolution of quantum computers, this document will also consider post-quantum cryptography to a certain extent. Note that at this time being no specific measures are provided. This second edition cancels and replaces the first edition published in 2017. This edition constitutes a technical revision. This edition includes the following significant technical changes with respect to the previous edition: a) Certificate components and verification of the certificate components have been added; b) GDOI has been updated to include findings from interop tests; c) GDOI operation considerations have been added; d) GDOI support for PTP (IEEE 1588) support has been added as specified by IEC/IEEE 61850-9-3 Power Profile; e) Cyber security event logging has been added as well as the mapping to IEC 62351-14; f) Annex B with background on utilized cryptographic algorithms and mechanisms has been added.

SIST EN IEC 62351-9:2023 is classified under the following ICS (International Classification for Standards) categories: 29.240.30 - Control equipment for electric power systems; 33.200 - Telecontrol. Telemetering; 35.030 - IT Security; 35.240.50 - IT applications in industry. The ICS classification helps identify the subject area and facilitates finding related standards.

SIST EN IEC 62351-9:2023 has the following relationships with other standards: It is inter standard links to SIST EN 62351-9:2017. Understanding these relationships helps ensure you are using the most current and applicable version of the standard.

SIST EN IEC 62351-9:2023 is associated with the following European legislation: Standardization Mandates: M/490. When a standard is cited in the Official Journal of the European Union, products manufactured in conformity with it benefit from a presumption of conformity with the essential requirements of the corresponding EU directive or regulation.

You can purchase SIST EN IEC 62351-9:2023 directly from iTeh Standards. The document is available in PDF format and is delivered instantly after payment. Add the standard to your cart and complete the secure checkout process. iTeh Standards is an authorized distributor of SIST standards.

This May Also Interest You

SIST
SIST EN ISO 10059-1:2026(Main)
Dense shaped refractory products - Determination of cold compressive strength - Part 1: Referee test without packing (ISO 10059-1:2025)
EN ISO 10059-1:2025

This document specifies a method for determination of the cold compressive strength of dense shaped refractory products.
Shaped refractories are those which have fixed geometry and dimensions when delivered to the user. This document is accordingly applicable to standard shape refractory bricks, but also special shapes refractory products and pre-cast products.

  • Standard
    19 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 13245-3:2026(Main)
Plastics - Unplasticized poly(vinyl chloride) (PVC-U) profiles for building applications - Part 3: Designation of PVC-UE profiles
EN 13245-3:2025

This document establishes a system of designation for profiles made of cellular unplasticized poly(vinyl chloride) (PVC-UE) intended to be used for building applications. This system is intended to be used in product specification after the application is specified.
NOTE   It is intended to use this method for the designation of PVC-UE profiles for information related to technical literature of the manufacturer, not for the marking of the products.
This part is applicable to PVC-UE profiles of any colour, obtained by a mono-extrusion or a co-extrusion process, with or without surface finishing (e.g. foil, paint or print).
This document defines minimum requirements for the surface finishing of PVC-UE profiles.
Profiles for the management of electrical power cables, communication cables and power track systems used for the distribution of electrical power, profiles for windows or doors and profiles for guttering are not covered by this document.

  • Standard
    26 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 13245-1:2026(Main)
Plastics - Unplasticized poly(vinyl chloride) (PVC-U) profiles for building applications - Part 1: Designation of PVC-U profiles
EN 13245-1:2025

This document establishes a system of designation for profiles made of unplasticized poly(vinyl chloride) (PVC-U) intended to be used for building applications. This system is intended to be used in product specification after the application is specified.
NOTE   It is intended to use this system for the designation of PVC-U profiles for information related to technical literature of the manufacturer, not for the marking of the products.
This part is applicable to PVC-U profiles of any colour, obtained by a mono-extrusion or a co-extrusion process, with or without surface finishing (e.g. foil, paint or print).
This document defines minimum requirements for the surface finishing of PVC-U profiles.
Profiles for the management of electrical power cables, communication cables and power track systems used for the distribution of electrical power, profiles for windows or doors and profiles for guttering are not covered by this document.

  • Standard
    24 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO 5014:2026(Main)
Dense and insulating shaped refractory products - Determination of modulus of rupture at ambient temperature (ISO 5014:2025)
EN ISO 5014:2025

This document specifies a method for the determination of the modulus of rupture of dense and insulating shaped refractory products at ambient temperature, under conditions of a constant rate of increase of stress.
Shaped refractories are those which have fixed geometry and dimensions when delivered to the user. This document is accordingly applicable to standard shape refractory bricks, but also special shapes refractory products and pre-cast products.
This document is also applicable to unshaped refractories (see ISO 1927-6) after preparation of test specimens according to ISO 1927-5.

  • Standard
    18 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO 8894-2:2026(Main)
Refractory materials - Determination of thermal conductivity - Part 2: Hot-wire method (parallel) (ISO 8894-2:2007)
EN ISO 8894-2:2025

This part of ISO 8894 describes a hot-wire (parallel) method for the determination of the thermal conductivity of refractory products and materials. It is applicable to dense and insulating shaped products and to powdered or granular materials (see 6.2), for thermal conductivities of less than 25 W/m·K. The limits are imposed by the thermal diffusivity of the test material and therefore by the dimensions of the test pieces; higher thermal conductivities can be measured if larger pieces are used. Electrically conducting materials cannot be measured.
NOTE 1 The thermal conductivity of products with a hydraulic or chemical bond can be affected by the appreciable amount of water that is retained after hardening or setting and is released on firing. These materials can therefore require pretreatment. The nature and extent of such pretreatment, and the period for which the test piece is held at the measurement temperature as a preliminary to carrying out the test, are details that are outside the scope of this part of ISO 8894 and are agreed between the parties concerned.
NOTE 2 In general, it is difficult to make measurements on anisotropic materials and the use of this method for such materials is also agreed between the parties concerned.

  • Standard
    21 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 14215:2026(Main)
Textile floor coverings - Classification of rugs and runners
EN 14215:2025

This document specifies the requirements for classification of woven, tufted, knitted, needled, flocked, bonded, hand-tufted rugs and runners into use classes with regard to one or more of the following properties: wear, appearance retention, additional performance properties and classes for luxury rating.
This document is not applicable to hand-knotted rugs and runners, to barrier mats or to bathroom rugs.
This document refers to the classification as defined in EN ISO 10874:2012.

  • Standard
    13 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 12081:2026(Main)
Railway applications - Axleboxes - Lubricating greases
EN 12081:2025

This document is a part of a package of standards: EN 12080, EN 12081, EN 12082-1 and EN 12082-2. This document specifies the quality requirements of greases intended for the lubrication of axlebox rolling bearings according to EN 12080, required for reliable operation of trains on European networks. It covers the requirements for conformity assessment of new greases, as well as requirements for quality batch control and change management.

  • Standard
    15 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 4700-001:2025(Main)
Aerospace series - Steel and heat-resisting alloys - Wrought products - Technical specification - Part 001: Plates, sheets and strips
EN 4700-001:2025

This document specifies the requirements for the ordering, manufacture, testing, inspection and delivery of steel and heat-resisting (cobalt, nickel and iron-based alloys) alloy plates, sheets and strips. It is presupposed to be applied when referred to and in conjunction with the EN material standard unless otherwise specified on the drawing, order or inspection schedule.

  • Standard
    31 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 1646-1:2026(Main)
Leisure accommodation vehicles - Motor caravans - Part 1: Habitation requirements relating to health and safety
EN 1646-1:2025

This document specifies requirements intended to ensure the safety and health of persons when they use motor caravans for temporary or seasonal habitation.
It also specifies the corresponding test methods.
Specific requirements of this document apply to motor caravans where the overall length multiplied by the overall width does not exceed 13,5 m2 plan area.
Requirements applicable to road safety are not included in the scope of this document.
This document is applicable exclusively to motor caravans as defined in EN 13878.

  • Standard
    42 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST-TS CLC IEC/TS 62271-316:2026(Main)
High-voltage switchgear and controlgear - Part 316: Direct current by-pass switches and paralleling switches (IEC/TS 62271-316:2024)
CLC IEC/TS 62271-316:2025

This part of IEC 62271, which is a Technical Specification, is applicable to direct current (DC) by-pass switches (BPS) and paralleling switches (PS) designed for indoor or outdoor installation and for operation on HVDC transmission systems having direct voltages of 100 kV and above.
Switches other than mechanical switching devices used for the same applications specified here are not covered by this document.

  • Technical specification
    79 pages
    English language
    sale 10% off
    e-Library read for
    1 day