Power systems management and associated information exchange - Data and communications security - Part 8: Role-based access control for power system management

The scope of this part of IEC 62351 is to facilitate role-based access control (RBAC) for power
system management. RBAC assigns human users, automated systems, and software
applications (collectively called "subjects" in this document) to specified "roles", and restricts
their access to only those resources, which the security policies identify as necessary for their
roles.
As electric power systems become more automated and cyber security concerns become more
prominent, it is becoming increasingly critical to ensure that access to data (read, write, control,
etc.) is restricted. As in many aspects of security, RBAC is not just a technology; it is a way of
running a business. RBAC is not a new concept; in fact, it is used by many operating systems
to control access to system resources. Specifically, RBAC provides an alternative to the all-ornothing
super-user model in which all subjects have access to all data, including control
commands.
RBAC is a primary method to meet the security principle of least privilege, which states that no
subject should be authorized more permissions than necessary for performing that subject’s
task. With RBAC, authorization is separated from authentication. RBAC enables an organization
to subdivide super-user capabilities and package them into special user accounts termed roles
for assignment to specific individuals according to their associated duties. This subdivision
enables security policies to determine who or what systems are permitted access to which data
in other systems. RBAC provides thus a means of reallocating system controls as defined by
the organization policy. In particular, RBAC can protect sensitive system operations from
inadvertent (or deliberate) actions by unauthorized users. Clearly RBAC is not confined to
human users though; it applies equally well to automated systems and software applications,
i.e., software parts operating independent of user interactions.
The following interactions are in scope:
– local (direct wired) access to the object by a human user, a local and automated computer
agent, or a built-in HMI or panel;
– remote (via dial-up or wireless media) access to the object by a human user;
– remote (via dial-up or wireless media) access to the object by a remote automated computer
agent, e.g. another object at another substation, a distributed energy resource at an enduser’s
facility, or a control centre application.
While this document defines a set of mandatory roles to be supported, the exchange format for
defined specific or custom roles is also in scope of this document.
Out of scope for this document are all topics which are not directly related to the definition of
roles and access tokens for local and remote access, especially administrative or organizational
tasks, such as:
– user names and password definitions/policies;
– management of keys and/or key exchange;
– engineering process of roles;
– assignment of roles;
– selection of trusted certificate authorities issuing credentials (access tokens);
– defining the tasks of a security officer;
– integrating local policies in RBAC;
NOTE Specifically, the management of certificates is addressed in IEC 62351-9.
Existing standards (see ANSI INCITS 359-2004, IEC 62443 (all parts), and IEEE 802.1X-2004)
in process control industry and access control (RFC 2904 and RFC 2905) are not sufficient as
none of them specify neither the exact role name and associated permissions nor the format of
the access tokens nor the detailed mechanism by which access tokens are transferred to and
authenticated by the target system – all this information is needed though for interoperability.
On the other hand, IEEE 1686 already defines a minimum number of roles to be supported as
well as permissions, which are to be addressed by the roles. Note that IEEE 1686 is currently
being revised.

Energiemanagementsysteme und zugehöriger Datenaustausch – IT-Sicherheit für Daten und Kommunikation – Teil 8: Rollenbasierte Zugriffskontrolle für Energiemanagementsysteme

Gestion des systèmes de puissance et échanges d'informations associés - Sécurité des communications et des données - Partie 8: Contrôle d'accès basé sur les rôles pour la gestion de systèmes de puissance

IEC 62351-8:2020 a pour objet de faciliter le contrôle d'accès basé sur les rôles (RBAC) pour la gestion de systèmes de puissance. Le RBAC attribue des utilisateurs humains, des systèmes automatisés et des applications logicielles (appelés "sujets" dans le présent document) aux "rôles" spécifiés et limite leur accès à ces ressources uniquement, que les politiques de sécurité identifient comme nécessaires à leurs rôles. Les systèmes électriques de puissance étant de plus en plus automatisés et les préoccupations relatives à la cybersécurité étant de plus en plus importantes, il est de plus en plus critique d’assurer la restriction de l’accès aux données (lecture, écriture, contrôle, etc.). Comme pour beaucoup d’aspects liés à la sécurité, le RBAC n’est pas uniquement une technologie; il s’agit d’une manière de diriger une entreprise. Le RBAC n’est pas un concept nouveau; en réalité, il est utilisé par de nombreux systèmes d’exploitation pour contrôler l’accès aux ressources de systèmes. Le RBAC fournit notamment une alternative au modèle tout ou rien de super utilisateur dans lequel tous les sujets ont accès à toutes les données, y compris aux commandes de contrôle. Le RBAC est une méthode primaire pour satisfaire au principe de sécurité du droit d’accès minimal, qui indique qu’il convient qu’aucun sujet ne se voit attribué plus de permissions que nécessaire pour effectuer la tâche affectée audit sujet. Avec le RBAC, l’autorisation est distincte de l’authentification. Le RBAC donne lieu à une organisation permettant de sous-diviser les capacités des super utilisateurs et de les empaqueter dans des rôles de comptes utilisateurs spéciaux destinés à être attribués à des individus spécifiques selon les responsabilités qui leur sont associées. Cette sous-division permet aux politiques de sécurité de déterminer les personnes ou les systèmes qui ont accès aux données dans d’autres systèmes. Le RBAC fournit ainsi un moyen de réattribuer des contrôles de systèmes comme cela est défini par la politique organisationnelle. Le RBAC peut notamment protéger des opérations sensibles de systèmes contre des actions commises par inadvertance (ou délibérées) par des utilisateurs non autorisés. Cependant, le RBAC ne se limite clairement pas aux utilisateurs humains; il s’applique tout aussi bien aux systèmes automatisés qu’aux applications logicielles, c’est-à-dire, aux parties logicielles qui fonctionnent indépendamment des interactions avec l’utilisateur. Les interactions suivantes relèvent du domaine d’application: – accès local (raccordé directement) à l’objet par un utilisateur humain; par un agent ordinateur automatisé local, ou par un IHM ou du panneau intégré(e) aux objets; – accès à distance (par ligne commutée ou support sans fil) à l’objet par un utilisateur humain; – accès à distance (par ligne commutée ou support sans fil) à l’objet par un agent ordinateur automatisé distant, par exemple, un autre objet dans un autre poste, une ressource d’énergie distribuée dans l’installation d’un utilisateur final, ou une application centrale de contrôle. Tandis que le présent document définit un ensemble de rôles obligatoires à prendre en charge, le format d’échange de rôles définis spécifiques ou personnalisés relève également du domaine d’application du présent document. Tous les thèmes non directement liés à la définition des rôles et des jetons d’accès concernant les accès locaux et distants, en particulier les tâches administratives ou organisationnelles, ne relèvent pas du domaine d’application du présent document.

Upravljanje elektroenergetskega sistema in pripadajoča izmenjava informacij - Varnost podatkov in komunikacij - 8. del: Kontrola dostopa do elektroenergetskega sistema na podlagi vlog

General Information

Status
Published
Publication Date
20-Jul-2020
Technical Committee
Current Stage
6060 - National Implementation/Publication (Adopted Project)
Start Date
07-Jul-2020
Due Date
11-Sep-2020
Completion Date
21-Jul-2020

Buy Standard

Standard
SIST EN IEC 62351-8:2020 - BARVE na PDF-str 22,24,32,33,34,35,71,72,73,74,75,76,77
English language
77 pages
sale 10% off
Preview
sale 10% off
Preview

e-Library read for
1 day

Standards Content (sample)

SLOVENSKI STANDARD
SIST EN IEC 62351-8:2020
01-september-2020
Upravljanje elektroenergetskega sistema in pripadajoča izmenjava informacij -
Varnost podatkov in komunikacij - 8. del: Kontrola dostopa do
elektroenergetskega sistema na podlagi vlog
Power systems management and associated information exchange - Data and
communications security - Part 8: Role-based access control for power system
management
Ta slovenski standard je istoveten z: EN IEC 62351-8:2020
ICS:
29.240.30 Krmilna oprema za Control equipment for electric
elektroenergetske sisteme power systems
35.240.50 Uporabniške rešitve IT v IT applications in industry
industriji
SIST EN IEC 62351-8:2020 en

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST EN IEC 62351-8:2020
---------------------- Page: 2 ----------------------
SIST EN IEC 62351-8:2020
EUROPEAN STANDARD EN IEC 62351-8
NORME EUROPÉENNE
EUROPÄISCHE NORM
June 2020
ICS 33.200
English Version
Power systems management and associated information
exchange - Data and communications security - Part 8: Role-
based access control for power system management
(IEC 62351-8:2020)

Gestion des systèmes de puissance et échanges Energiemanagementsysteme und zugehöriger

d'informations associés - Sécurité des communications et Datenaustausch - IT-Sicherheit für Daten und

des données - Partie 8: Contrôle d'accès basé sur les rôles Kommunikation - Teil 8: Rollenbasierte Zugriffskontrolle für

pour la gestion de systèmes de puissance Energiemanagementsysteme
(IEC 62351-8:2020) (IEC 62351-8:2020)

This European Standard was approved by CENELEC on 2020-06-02. CENELEC members are bound to comply with the CEN/CENELEC

Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.

Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC

Management Centre or to any CENELEC member.

This European Standard exists in three official versions (English, French, German). A version in any other language made by translation

under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the

same status as the official versions.

CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,

Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the

Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,

Turkey and the United Kingdom.
European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels

© 2020 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.

Ref. No. EN IEC 62351-8:2020 E
---------------------- Page: 3 ----------------------
SIST EN IEC 62351-8:2020
EN IEC 62351-8:2020 (E)
European foreword

The text of document 57/2180/FDIS, future edition 1 of IEC 62351-8, prepared by IEC/TC 57 "Power

systems management and associated information exchange" was submitted to the IEC-CENELEC

parallel vote and approved by CENELEC as EN IEC 62351-8:2020.
The following dates are fixed:

• latest date by which the document has to be implemented at national (dop) 2021-03-02

level by publication of an identical national standard or by endorsement

• latest date by which the national standards conflicting with the (dow) 2023-06-02

document have to be withdrawn

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. CENELEC shall not be held responsible for identifying any or all such patent rights.

Endorsement notice

The text of the International Standard IEC 62351-8:2020 was approved by CENELEC as a European

Standard without any modification.

In the official version, for Bibliography, the following notes have to be added for the standards

indicated:
IEC 60870-5-104 NOTE Harmonized as EN 60870-5-104
IEC 61784 (series) NOTE Harmonized as EN IEC 61784 (series)
IEC 61850-8-1 NOTE Harmonized as EN 61850-8-1
IEC 61850-8-2 NOTE Harmonized as EN IEC 61850-8-2
IEC 61968 (series) NOTE Harmonized as EN 61968 (series)
IEC 61970 (series) NOTE Harmonized as EN 61970 (series)
IEC 62351-7:2017 NOTE Harmonized as EN 62351-7:2017 (not modified)
IEC 62351-9 NOTE Harmonized as EN 62351-9
IEC 62351-14 NOTE Harmonized as EN IEC 62351-14
IEC 62443 (series) NOTE Harmonized as EN IEC 62443 (series)
To be published. Stage at the time of publication: prEN IEC 62351-14:2019.
---------------------- Page: 4 ----------------------
SIST EN IEC 62351-8:2020
EN IEC 62351-8:2020 (E)
Annex ZA
(normative)
Normative references to international publications
with their corresponding European publications

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments)

applies.

NOTE 1 Where an International Publication has been modified by common modifications, indicated by (mod), the relevant

EN/HD applies.

NOTE 2 Up-to-date information on the latest versions of the European Standards listed in this annex is available here:

www.cenelec.eu.
Publication Year Title EN/HD Year
IEC 61850-7-2 - Communication networks and systems for EN 61850-7-2 -
power utility automation - Part 7-2: Basic
information and communication structure -
Abstract communication service interface
(ACSI)
IEC/TS 62351-2 - Power systems management and - -
associated information exchange - Data and
communications security - Part 2: Glossary
of terms
IEC 62351-3 2014 Power systems management and EN 62351-3 2014
associated information exchange - Data and
communications security - Part 3:
Communication network and system
security - Profiles including TCP/IP
+ A2 2020 + A2 2020
IEC 62351-4 - Power systems management and EN IEC 62351-4 -
associated information exchange - Data and
communications security - Part 4: Profiles
including MMS and derivatives
IEC/TS 62351-8 2011 Power systems management and - -
associated information exchange - Data and
communications security - Part 8: Role-
based access control
RFC 2865 - Remote Authentication Dial In User Service - -
(RADIUS)
RFC 5246 - The Transport Layer Security (TLS) - -
Protocol Version 1.2
---------------------- Page: 5 ----------------------
SIST EN IEC 62351-8:2020
EN IEC 62351-8:2020 (E)
RFC 5288 - AES Galois Counter Mode (GCM) Cipher - -
Suites for TLS)
RFC 5289 - TLS Elliptic Curve Cipher Suites with SHA- - -
256/384 and AES Galois Counter Mode
(GCM)
RFC 5755 - An Internet Attribute Certificate Profile for - -
Authorization
RFC 5878 - Transport Layer Security (TLS) - -
Authorization Extensions
RFC 6749 - The OAuth 2.0 Authorization Framework - -
RFC 7519 - JSON Web Token (JWT) - -
XACML-RBAC 2014 XACML v3.0 Core and Hierarchical Role - -
Based Access Control (RBAC) Profile
Version 1.0, October 2014.
---------------------- Page: 6 ----------------------
SIST EN IEC 62351-8:2020
IEC 62351-8
Edition 1.0 2020-04
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Power systems management and associated information exchange – Data and
communications security –
Part 8: Role-based access control for power system management
Gestion des systèmes de puissance et échanges d'informations associés –
Sécurité des communications et des données –
Partie 8: Contrôle d'accès basé sur les rôles pour la gestion de systèmes de
puissance
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 33.200 ISBN 978-2-8322-8072-0

Warning! Make sure that you obtained this publication from an authorized distributor.

Attention! Veuillez vous assurer que vous avez obtenu cette publication via un distributeur agréé.

® Registered trademark of the International Electrotechnical Commission
Marque déposée de la Commission Electrotechnique Internationale
---------------------- Page: 7 ----------------------
SIST EN IEC 62351-8:2020
– 2 – IEC 62351-8:2020  IEC 2020
CONTENTS

FOREWORD ........................................................................................................................... 6

INTRODUCTION ..................................................................................................................... 8

1 Scope .............................................................................................................................. 9

2 Normative references .................................................................................................... 10

3 Terms and definitions .................................................................................................... 11

4 Abbreviated terms ......................................................................................................... 13

5 RBAC process model ..................................................................................................... 14

5.1 Overview of RBAC process model ......................................................................... 14

5.2 Generic RBAC concepts ....................................................................................... 15

5.3 Separation of subjects, roles, and permissions ..................................................... 16

5.3.1 RBAC model .................................................................................................. 16

5.3.2 Subject assignment (subject-to-role mapping)................................................ 18

5.3.3 Role assignment (role-to-permission mapping) .............................................. 18

5.3.4 Permission assignment (mapping of actions to objects) ................................. 19

5.4 Criteria for defining roles....................................................................................... 19

5.4.1 Policies .......................................................................................................... 19

5.4.2 Subjects, roles, and permissions ................................................................... 19

5.4.3 Introducing roles reduces complexity ............................................................. 19

6 Definition of roles .......................................................................................................... 20

6.1 Role-to-permission assignment inside the entity in general ................................... 20

6.1.1 General ......................................................................................................... 20

6.1.2 Number of supported permissions by a role ................................................... 20

6.1.3 Number of supported roles ............................................................................ 20

6.1.4 Flexibility of role-to-permission mapping ........................................................ 20

6.2 Role-to-permission assignment with respect to power systems ............................. 20

6.2.1 Mandatory roles and permissions for IED access control ............................... 20

6.2.2 Power utility automation using IEC 61850 ...................................................... 23

6.3 Role to permission assignment for specific roles ................................................... 25

6.3.1 General ......................................................................................................... 25

6.3.2 Encoding specific roles .................................................................................. 25

6.3.3 Evaluation context ......................................................................................... 29

6.4 Role-to-permission assignment with respect to other non-power system

domains (e.g. industrial process control) ............................................................... 30

7 RBAC credential distribution using the PUSH model ...................................................... 30

7.1 General ................................................................................................................. 30

7.2 Secure access to an LDAP-enabled repository ...................................................... 31

7.3 Secure access to an identity provider for retrieval of a JWT .................................. 31

8 RBAC credential distribution using the PULL model ....................................................... 32

8.1 General ................................................................................................................. 32

8.2 Secure access to an LDAP-enabled repository ...................................................... 33

8.2.1 General ......................................................................................................... 33

8.2.2 PULL model with LDAP .................................................................................. 33

8.2.3 LDAP Directory organization .......................................................................... 34

8.3 Secure access to the RADIUS-enabled repository ................................................. 35

8.3.1 General ......................................................................................................... 35

8.3.2 PULL model with RADIUS .............................................................................. 35

---------------------- Page: 8 ----------------------
SIST EN IEC 62351-8:2020
IEC 62351-8:2020  IEC 2020 – 3 –

8.3.3 RADIUS security applying transparent TLS protection ................................... 36

8.4 Secure access to the JWT provider ....................................................................... 39

9 General application of RBAC access token (informative) ............................................... 39

9.1 General ................................................................................................................. 39

9.2 Session-based approach ....................................................................................... 40

9.3 Message-based approach ..................................................................................... 42

10 Definition of access tokens ............................................................................................ 42

10.1 General ................................................................................................................. 42

10.2 Supported profiles ................................................................................................. 42

10.3 Identification of access token ................................................................................ 42

10.4 General structure of the access tokens ................................................................. 43

10.4.1 Mandatory fields in the access tokens ........................................................... 43

10.4.2 Mandatory profile-specific fields..................................................................... 43

10.4.3 Optional fields in the access tokens ............................................................... 43

10.4.4 Definition of specific fields ............................................................................. 44

10.5 Specific structure of the access tokens ................................................................. 47

10.5.1 Profile A: X.509 Public key certificate ............................................................ 47

10.5.2 Profile B: X.509 Attribute certificate ............................................................... 49

10.5.3 Profile C: JSON Web Token – JWT ................................................................ 52

10.5.4 Profile D: RADIUS token ................................................................................ 54

11 Transport profiles .......................................................................................................... 56

11.1 Usage in TCP-based protocols .............................................................................. 56

11.2 Usage in non-Ethernet based protocols ................................................................. 57

12 Verification of access tokens ......................................................................................... 57

12.1 General ................................................................................................................. 57

12.2 Multiple access token existence ............................................................................ 57

12.3 Subject authentication ........................................................................................... 57

12.4 Access token availability ....................................................................................... 58

12.5 Validity period ....................................................................................................... 58

12.6 Access token integrity ........................................................................................... 58

12.7 Issuer ................................................................................................................... 58

12.8 RoleID .................................................................................................................. 58

12.9 Revision number ................................................................................................... 59

12.10 Area of responsibility ............................................................................................ 59

12.11 Role definition ....................................................................................................... 59

12.12 Revocation state ................................................................................................... 59

12.13 Operation .............................................................................................................. 59

12.14 Sequence number ................................................................................................. 59

12.15 Revocation methods ............................................................................................. 60

12.15.1 General ......................................................................................................... 60

12.15.2 Supported methods ....................................................................................... 60

13 Conformity ..................................................................................................................... 61

13.1 General ................................................................................................................. 61

13.2 Notation ................................................................................................................ 61

13.3 Conformance to access token format .................................................................... 61

13.4 Conformance to access token content ................................................................... 61

13.5 Access token distribution ...................................................................................... 61

13.6 Role information exchange .................................................................................... 62

---------------------- Page: 9 ----------------------
SIST EN IEC 62351-8:2020
– 4 – IEC 62351-8:2020  IEC 2020

13.7 Mapping to existing authorization mechanisms...................................................... 62

13.8 Security events ..................................................................................................... 62

14 Repository interaction for the defined RBAC profiles ..................................................... 62

Annex A (informative) Informative example for specific role definition .................................. 64

A.1 Scope of annex ..................................................................................................... 64

A.2 Use case description ............................................................................................. 64

A.3 XACML definition example .................................................................................... 64

A.4 Role description .................................................................................................... 65

A.5 Permission group description ................................................................................ 66

A.6 Permission description .......................................................................................... 67

A.7 Request syntax for PDP ........................................................................................ 70

Bibliography .......................................................................................................................... 72

Figure 1 – Generic framework for access control .................................................................. 15

Figure 2 – Diagram of RBAC with static and dynamic separation of duty (enhanced

version of [ANSI INCITS 359-2004])...................................................................................... 16

Figure 3 – Subjects, roles, permissions, and operations ........................................................ 18

Figure 4 – XACML structure .................................................................................................. 26

Figure 5 – Schematic view of authorization mechanism based on RBAC ............................... 31

Figure 6 – Schematic view of authorization mechanism based on RBAC PULL model .......... 33

Figure 7 – RBAC PULL model using LDAP ........................................................................... 34

Figure 8 – RBAC PULL model using RADIUS........................................................................ 36

Figure 9 – RBAC model using OAuth2.0 and JWT ................................................................. 39

Figure 10 – Session based RBAC approach (simplified IEC 62351-4 end-to-end

security) ................................................................................................................................ 41

Table 1 – List of mandatory pre-defined permissions ............................................................ 21

Table 2 – Pre-defined roles ................................................................................................... 22

Table 3 – List of pre-defined role-to-permission assignment.................................................. 23

Table 4 – LISTOBJECTS permission and associated ACSI services ..................................... 24

Table 5 – Evaluation Context ................................................................................................ 29

Table 6 – Cipher suites combinations in the context of this document ................................... 37

Table 7 – Mandatory general access token components ....................................................... 43

Table 8 – Mandatory profile specific access token components ............................................. 43

Table 9 – Optional access token components ....................................................................... 43

Table 10 – AoR fields and format .......................................................................................... 46

Table 11 – Mapping between ID and Attribute Certificate ...................................................... 52

Table 12 – Conformance to access token format ................................................................... 61

Table 13 – Conformance to access token distribution ........................................................... 62

Table 14 – Profile comparison ............................................................................................... 63

---------------------- Page: 10 ----------------------
SIST EN IEC 62351-8:2020
IEC 62351-8:2020  IEC 2020 – 5 –
Document history

Any person intervening in the present document is invited to complete the table below before

sending the document elsewhere. The purpose is to allow all actors to see all changes

introduced and the intervening persons.
Any important message to IEC editors should also be included in the table below.
Name of Document received Brief description of the Document sent
intervening changes introduced
From Date To Date
person
Steffen Fries WG15 2017-03-01 Initial Version
Enhancement of OID, More details regarding
the RADIUS profile. Clarification of relationship
Steffen Fries WG15 2017-05-30 to PULL and PUSH models, which led to a re-
write of the current describtion focussing solely
on LDAP
Enhancement of the area of responsibility
Steffen Fries WG15 2017-07-28 section. Standard of profile specific parameters
in the access token.
Frances Steffen 2017-9-
2017-08-31 Editorial updates
Cleveland Fries 22
Further Updates of the RADIUS profile with an
Frances
index option to allow for multiple roles per user
Steffen Fries Clevela 2017-09-22
ith different AoR or Revision
Deperecation of Profile C
Further description of Profile D and application
Steffen Fries 2017-11-22 itegration examples. Deletion of exisiting
Profile C
Update on RADIUS, Inclusion of custom based
Steffen Fries 2018-02-22
role definition
Refinement of custom based role definition
Steffen Fries 2018-04-30
using XACML as proposed in IEC 62351-90-1
Aligned terminology of rights and permissions
throughout the document, refinement of
mandatory permissions, inclusion of JWT
Steffen Fries 2018-06-22 (based on the contribution of Arijit Bose) as
Profile C. Introduction of security events
(incidents and warnings) supporting IEC 62351-
14.
2018-06-28
Steffen 2018-06-
Martina Braun CD doc for circulation CO
Fries 28
Incorporation of comment resolution 2018-11-
Steffen Fries 2018-11-28 WG15
(57/2056/CC) after WG15 meeting in 10/2018 23
Incorporation of final discussion of open issues
Steffen Fries 2018-01-17 WG15
after WG15 meeting in 01/2019
Steffen 2019-05-
Martina Braun IEC 2019-05-17 Edited CDV to Project leader for next step
Fries 20
Incorporation of comment resolution for CDV
after final discussion wuring web meeting in
Steffen Fries 2019-05-17 WG15 on July 1th, 2019 and discussion with IEC
IETF RADEST WG (alignment of port number
assignment)
Steffen 2019-0-
Martina Braun 2019-08-16 FDIS document upload to IEC for circulation IEC CO
Fries 23
---------------------- Page: 11 ----------------------
SIST EN IEC 62351-8:2020
– 6 – IEC 62351-8:2020  IEC 2020
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
POWER SYSTEMS MANAGEMENT AND ASSOCIATED INFORMATION
EXCHANGE - DATA AND COMMUNICATIONS SECURITY –
Part 8: Role-based access control for power system management
FOREWORD

1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising

all national electrotechnical committees (IEC National Committees). The object of IEC is to promote international

co-operation on all questions concerning standardization in the electrical and electronic fields. To this end and

in addition to other activities, IEC publishes International Standards, Technical Specifications, Technical Reports,

Publicly Available Specifications (PAS) and Guides (hereafter referred to as "IEC Publication(s)"). Their

preparation is entrusted to technical committees; any IEC National Committee interested in the subject dealt with

may participate in this preparatory work. International, governmental and non-governmental organizations liaising

with the IEC also participate in this preparation. IEC collaborates closely with the International Organization for

Standardization (ISO) in accordance with conditions determined by agreement between the two organizations.

2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international

consensus of opinion on the relevant subjects since each technical committee has representation from all

interested IEC National Committees.

3) IEC Publications have the form of recommendations for international use and are accepted by IEC National

Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC

Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any

misinterpretation by any end user.

4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications

transparently to the maximum extent possible in their national and regional publications. Any divergence between

any IEC Publication and the corresponding national or regional publication shall be clearly indicated in the latter.

5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity

assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any

services carried out by independe
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.