IEC GUI DE 120-2018 pdf free.Security aspects-Guidelines for their inclusion in publications.
5.2.2Base security publications
Base security publications are publications that define some aspect of security, in a genericmanner.
Base security publications deal with fundamental concepts,principles and requirements withregard to general security aspects applicable to a wide range of products and systems.Horizontal standards dealing with security,as defined in lEc GuIDE 108 [14], are basesecurity publications.
5.2.3Group security publications
Group security publications show how to apply security in one of the application domains.Todo this, they may reference or customise base security publications. They are equivalent togroup publications as defined in lEC GUIDE 104 [13] for safety applications.
Group security publications may be applicable to many products or systems,or families ofsimilar products or systems.
Group security publications are sometimes referred to as sector-specific security publications.
5.2.4Product security publications
Product security publications define how to apply base security publications or group securitypublications for a particular type of product. They ensure that different products can interactor interoperate securely, and can be controlled and managed in a uniform manner.
Product security publications should as far as possible define their requirements by referenceto base security publications and group security publications.
NOTE In this context, the term product includes items such as process,service,installation, and combinationsthereof.
5.2.5Guidance security publications
Guidance security publications should not contain requirements. They explain how toimplement base publications,and group or product publications.
ln some application areas, guidance publications are not used. Instead necessary guidanceinformation is provided through informative annexes within the relevant requirementsstandard.
5.2.6Test security publications
Test security publications define ways to determine that the requirements of basepublications, and group or product publications have been correctly implemented.
Test publications typically have a specialised audience and often make reference toconformity assessment.They may define or identify reference implementations that can beused to determine correct implementation through successful interoperation.
5.2.7Relationship between types of security publications
The relationship between these different types of publications is shown in Figure 2.There isan equivalent figure for safety publications in Annex B of lEC GUIDE 104:2010[13].IEC GUI DE 120 pdf download.