Switchgear and controlgear and their assemblies for low voltage - Security aspects

Niederspannungsschaltgeräte und deren Niederspannungs-Schaltgerätekombinationen – Security Aspekte

Appareillages et ensembles d’appareillages basse tension - Aspects de sécurité

Stikalne in krmilne naprave ter njihovi sestavi za uporabo pri nizki napetosti - Varnostni vidiki

General Information

Status
Not Published
Public Enquiry End Date
31-Oct-2024
Current Stage
4020 - Public enquire (PE) (Adopted Project)
Start Date
04-Sep-2024
Due Date
22-Jan-2025
Completion Date
29-Oct-2024

Buy Standard

Draft
prEN IEC 63208:2024 - BARVE
English language
129 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


SLOVENSKI STANDARD
01-oktober-2024
Stikalne in krmilne naprave ter njihovi sestavi za uporabo pri nizki napetosti -
Varnostni vidiki
Switchgear and controlgear and their assemblies for low voltage - Security aspects
Appareillages et ensembles d’appareillages basse tension - Aspects de sécurité
Ta slovenski standard je istoveten z: prEN IEC 63208:2024
ICS:
29.130.20 Nizkonapetostne stikalne in Low voltage switchgear and
krmilne naprave controlgear
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

121/172/CDV
COMMITTEE DRAFT FOR VOTE (CDV)
PROJECT NUMBER:
IEC 63208 ED1
DATE OF CIRCULATION: CLOSING DATE FOR VOTING:
2024-08-30 2024-11-22
SUPERSEDES DOCUMENTS:
121/167/CD, 121/170/CC
IEC TC 121: SWITCHGEAR AND CONTROLGEAR AND THEIR ASSEMBLIES FOR LOW VOLTAGE
SECRETARIAT: SECRETARY:
France Mr Michaël LAHEURTE
OF INTEREST TO THE FOLLOWING COMMITTEES: HORIZONTAL FUNCTION(S):
TC 17, SC 22G, TC 23, TC 44, TC 65, TC 94, SC 121A, SC 121B
ASPECTS CONCERNED:
SUBMITTED FOR CENELEC PARALLEL VOTING NOT SUBMITTED FOR CENELEC PARALLEL VOTING
Attention IEC-CENELEC parallel voting
The attention of IEC National Committees, members of CENELEC,
is drawn to the fact that this Committee Draft for Vote (CDV) is
submitted for parallel voting.
The CENELEC members are invited to vote through the CENELEC
online voting system.
This document is still under study and subject to change. It should not be used for reference purposes.
Recipients of this document are invited to submit, with their comments, notification of any relevant patent rights of which they are aware
and to provide supporting documentation.
Recipients of this document are invited to submit, with their comments, notification of any relevant “In Some Countries” clauses to be
included should this proposal proceed. Recipients are reminded that the CDV stage is the final stage for submitting ISC clauses. (See
AC/22/2007 or NEW GUIDANCE DOC).

TITLE:
Switchgear and controlgear and their assemblies for low voltage – Security aspects

PROPOSED STABILITY DATE: 2028
NOTE FROM TC/SC OFFICERS:
electronic file, to make a copy and to print out the content for the sole purpose of preparing National Committee positions.
You may not copy or "mirror" the file or printed version of the document, or any part of it, for any other purpose without
permission in writing from IEC.

121/172/CDV – 2 – IEC CDV 63208 © IEC 2024
CONTENTS
FOREWORD . 11
INTRODUCTION . 13
1 Scope . 15
2 Normative references . 16
3 Terms, definitions and abbreviated terms . 16
3.1 Terms and definitions . 16
3.2 Abbreviated terms . 22
4 General . 23
5 Security objectives . 23
6 Security lifecycle management . 24
6.1 General . 24
6.2 Security risk assessment . 26
6.2.1 General . 26
6.2.2 Relationship between safety and security . 27
6.2.3 Impact assessment . 28
6.2.4 Security risk assessment result . 28
6.3 Response to security risk . 28
6.4 Security requirement specification . 29
6.5 Roles and responsibilities . 29
6.6 Important data . 29
6.7 Control system architecture . 30
6.7.1 Control system . 30
6.7.2 Levels of communication functionalities . 30
6.7.3 Levels of connectivity . 32
6.7.4 Exposure levels of equipment . 34
6.7.5 Equipment security levels . 35
6.7.6 Security protection profile . 35
7 Security requirements . 36
7.1 General . 36
7.2 Physical access and environment . 36
7.2.1 PA – Physical access and environment requirement . 36
7.2.2 Physical access and environment rational. 37
7.2.3 PA-e – Physical access and environment enhancement . 37
7.2.4 Physical access and environment typical implementation. 38
7.3 Equipment requirement . 39
7.3.1 General . 39
7.3.1.1 Main functions . 39
7.3.1.2 Compensating countermeasure . 39
7.3.1.3 Security requirements for the equipment . 39
7.3.2 FR 1 – Identification and authentication control . 40
7.3.2.1 Purpose . 40
7.3.2.2 Rationale . 40
7.3.2.3 CR 1.1 – Human user identification and authentication . 40
7.3.2.4 CR 1.2 – Software and equipment identification and
authentication . 41
7.3.2.5 CR 1.5 – Authenticator management . 41

IEC CDV 63208 © IEC 2024 – 3 – 121/172/CDV
7.3.2.6 CR 1.7 – Strength of password-based authentication . 41
7.3.2.7 CR 1.8 – Public key infrastructure certificates . 42
7.3.2.8 CR 1.9 – Strength of public key-based authentication . 42
7.3.2.9 CR 1.10 – Authenticator feedback . 42
7.3.2.10 CR 1.11 – Unsuccessful login attempts . 43
7.3.2.11 CR 1.14 – Strength of symmetric key-based authentication . 43
7.3.3 FR 2 – Use control . 43
7.3.3.1 Purpose . 43
7.3.3.2 Rationale . 43
7.3.3.3 CR 2.1 – Authorisation enforcement . 43
7.3.3.4 CR 2.2 – Wireless use control . 44
7.3.3.5 EDR 2.4 – Mobile code . 44
7.3.3.6 CR 2.5 – Session lock . 45
7.3.3.7 CR 2.6 – Remote session termination . 45
7.3.3.8 CR 2.7 – Concurrent session control . 46
7.3.3.9 CR 2.8 – Auditable events . 46
7.3.3.10 CR 2.9 – Audit storage capacity . 46
7.3.3.11 CR 2.10 – Response to audit processing failures . 47
7.3.3.12 CR 2.11 Timestamp . 47
7.3.3.13 CR 2.12 – Non-repudiation . 48
7.3.3.14 EDR 2.13 – Use of physical diagnostic and test interfaces . 48
7.3.4 FR 3 – System integrity . 48
7.3.4.1 Purpose . 48
7.3.4.2 Rationale . 48
7.3.4.3 CR 3.1 – Communication integrity . 49
7.3.4.4 EDR 3.2 – Protection from malicious code . 49
7.3.4.5 CR 3.3 – Security functionality verification . 50
7.3.4.6 CR 3.4 – Software and information integrity . 50
7.3.4.7 CR 3.5 – Input validation . 51
7.3.4.8 CR 3.6 – Deterministic output . 51
7.3.4.9 CR 3.7 – Error handling . 52
7.3.4.10 CR 3.8 – Session Integrity . 52
7.3.4.11 CR 3.9 – Protection of audit information . 52
7.3.4.12 EDR 3.10 – Support for Updates . 53
7.3.4.13 EDR 3.11 – Physical tamper resistance and detection . 53
7.3.4.14 EDR 3.12 – Provisioning product supplier roots of trust . 53
7.3.4.15 EDR 3.13 – Provisioning asset owner roots of trust . 54
7.3.4.16 EDR 3.14 – Integrity of the boot process . 54
7.3.5 FR 4 – Data confidentiality . 55
7.3.5.1 Purpose . 55
7.3.5.2 Rationale . 55
7.3.5.3 CR 4.1 – Information confidentiality. 55
7.3.5.4 CR 4.3 – Use of cryptography . 55
7.3.6 FR 5 – Restricted data flow. 55
7.3.7 FR 6 – Timely response to events . 56
7.3.7.1 Purpose . 56
7.3.7.2 Rationale . 56
7.3.7.3 CR 6.1 – Audit log accessibility . 56
7.3.8 FR 7 – Resource availability . 56

121/172/CDV – 4 – IEC CDV 63208 © IEC 2024
7.3.8.1 Purpose . 56
7.3.8.2 Rationale . 56
7.3.8.3 CR 7.1 – Denial of service protection . 56
7.3.8.4 CR 7.2 – Resource management . 57
7.3.8.5 CR 7.3 – Control system backup . 58
7.3.8.6 CR 7.4 – Control system recovery and reconstitution . 58
7.3.8.7 CR 7.6 – Network and security configuration settings . 58
7.3.8.8 CR 7.7 – Least functionality . 59
7.3.8.9 CR 7.8 – Control system inventory . 60
8 Instructions for installation, operation and maintenance . 60
8.1 User instruction requirement . 60
8.2 User instruction enhancement . 60
8.3 User instruction implementation . 61
9 Conformance verification and testing . 61
9.1 General . 61
9.2 Design documentation . 61
9.3 Physical access . 61
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.