IEC 62351-8-2020 pdf free.Power systems management and associated information exchange – Data and communications security – Part 8: Role-based access control for power system management.
Note that for the processing of security warnings and alarms resulting from security logging events and monitoring information there exists separate documents specifying the handling. More specifically, security event handling is specified in IEC 62351141 while the handling of monitoring objects is specified by IEC 62351-7.
Note that warnings and alarms are used to indicate the severity of an event from a security point of view. The following notions are used:
— a warning is intended to raise awareness but to indicate that it may be safe to proceed;
— an alarm is an indication to not proceed.
In any case, it is expected that an operator’s security policy determines the final handling based on the operational environment.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes requirements of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
IEC 61850-7-2, Communication networks and systems for power utility automation — Part 7-2:
Basic in formation and communication structure — Abstract communication service interface
(A CS!)
IEC TS 62351-2, Power systems management and associated information exchange — Data and communications security — Part 2: Glossary of termslEC 62351-3:2014, Power systems management and associated in formation exchange — Data and communications security — Part 3•. Communication network and system security — Profiles including TCP/IP
IEC 62351-3:2014/AMD2:20192
IEC 62351-4, Power systems management and associated information exchange — Data and communications security — Part 4: Profiles including MMS and derivatives.
The purpose of an access control mechanism is to protect system resources, formally called “objects”. Role-based access control (RBAC) is a technology that has the potential to reduce the complexity and cost of security administration in networks with large numbers of intelligent devices. Under RBAC, security administration is simplified through the use of roles and constraints to organize subject access levels. RBAC reduces costs within an organization primarily because it accepts that employees change roles and responsibilities more frequently than the permissions within roles and responsibilities have to be changed. For a system that implements RBAC, system resources can represent information containers (e.g., files, directories in an operating system and/or columns rows, tables, and views within a database management system) or exhaustible device resources, such as printers, disk space, and CPU cycles.IEC 62351-8 pdf download.