| Power systems management and associated information exchange - Data and communications security - Part 8: Role-based access control
|Power systems management and associated information exchange - Data and communications security - Part 8: Role-based access control |
| Shortname | IEC TS 62351-8 CEITS 62351-8:2011-09 |
|---|---|
| Dokumentnummer | 62351-8 CEITS 62351-8 |
| Ausgabedatum | 2011-09-00 |
| Erwerb bei | https://www.vde-verlag.de/iec-normen/248698/iec-62351-8-2020.html |
| Internationales Gremium | IEC/TC 57 |
| Fachgebiet | Normung, Kommunikation, Dokumentation |
| Thema | Energiemanagementsysteme |
| Sektor | Energie |
| Branche | Elektrizität |
| Target User | Integrator, Operator, Vendor |
| Level of Abstraction | 1 |
- Einführungsbeitrag (short) EN:
IEC 62351-8: 2020 is to facilitate role-based access control (RBAC) for power system management. RBAC assigns human users, automated systems, and software applications (collectively called 'subjects' in this document) to specified 'roles', and restricts their access to only those resources, which the security policies identify as necessary for their roles. As electric power systems become more automated and cyber security concerns become more prominent, it is becoming increasingly critical to ensure that access to data (read, write, control, etc.) is restricted. As in many aspects of security, RBAC is not just a technology; it is a way of running a business. RBAC is not a new concept; in fact, it is used by many operating systems to control access to system resources. Specifically, RBAC provides an alternative to the all-or-nothing super-user model in which all subjects have access to all data, including control commands. RBAC is a primary method to meet the security principle of least privilege, which states that no subject should be authorized more permissions than necessary for performing that subjects task. With RBAC, authorization is separated from authentication. RBAC enables an organization to subdivide super-user capabilities and package them into special user accounts termed roles for assignment to specific individuals according to their associated duties. This subdivision enables security policies to determine who or what systems are permitted access to which data in other systems. RBAC provides thus a means of reallocating system controls as defined by the organization policy. In particular, RBAC can protect sensitive system operations from inadvertent (or deliberate) actions by unauthorized users. Clearly RBAC is not confined to human users though; it applies equally well to automated systems and software applications, i.e., software parts operating independent of user interactions. The following interactions are in scope: local (direct wired) access to the object by a human user; by a local and automated computer agent, or built-in HMI or panel; remote (via dial-up or wireless media) access to the object by a human user; remote (via dial-up or wireless media) access to the object by a remote automated computer agent, e.g. another object at another substation, a distributed energy resource at an end-users facility, or a control centre application. While this document defines a set of mandatory roles to be supported, the exchange format for defined specific or custom roles is also in scope of this document. Out of scope for this document are all topics which are not directly related to the definition of roles and access tokens for local and remote access, especially administrative or organizational tasks.
- Anmerkung:
Eingeschränkter sachlicher Geltungsbereich in Abschnitt 1 (Scope). / Achtung: Vorgesehener Ersatz durch IEC 57/2017/CD (2018-07).
- IEC 61850-10 (2005-05)
- IEC 61850-3 (2002-01)
- IEC 61850-4 (2011-04)
- IEC 61850-5 (2003-07)
- IEC 61850-6 (2009-12)
- IEC 61850-7-1 (2011-07)
- IEC 61850-7-2 (2010-08)
- IEC 61850-7-3 (2010-12)
- IEC 61850-7-4 (2010-03)
- IEC 61850-7-410 (2007-08)
- IEC 61850-7-420 (2009-03)
- IEC 61850-8-1 (2011-06)
- IEC 61850-9-1 (2003-05)
- IEC 61850-9-2 (2011-09)
- IEC 62443-2-1 (2010-11)
- IEC/PAS 62443-3 (2008-01)
- IEC/TR 62443-3-1 (2009-07)
- IEC/TS 62351-1 (2007-05)
- IEC/TS 62351-3 (2007-06)
- IEC/TS 62351-4 (2007-06)
- IEC/TS 62351-5 (2009-08)
- IEC/TS 62443-1-1 (2009-07)
- ISO/IEC 9594-8 (2008-12)
-
Transnational Branche: Elektrizität
Ergebnis 6VERORDNUNG (EU) Nr. 347/2013 DES EUROPÄISCHEN PARLAMENTS UND DES RATES zu Leitlinien für die transeuropäische Energieinfrastruktur und zur Aufhebung der Entscheidung Nr.1364/2006/EG und zur Änderung der Verordnungen (EG) Nr. 713/2009, (EG) Nr. 714/2009 und (EG)Nr. 715/2009VO Nr. 347/2013
Einzelne Vorschriften
Art. 4 II c) iii); 5 VII e); 9 VII; 11
Transnational Branche: Elektrizität
Ergebnis 7EMPFEHLUNG DER KOMMISSION zu Vorbereitungen für die Einführung intelligenter Messsysteme2012/148/EU
Einzelne Vorschriften
Abschnitt I Nr. 3 b); 7; 8; 10; 11; 12; 13; 18; 24-28 III; 42 h)
Transnational Branche: Elektrizität
Ergebnis 8RICHTLINIE (EU) 2016/1148 DES EUROPÄISCHEN PARLAMENTS UND DES RATES vom 6. Juli 2016 über Maßnahmen zur Gewährleistung eines hohen gemeinsamen Sicherheitsniveaus von Netz- und Informationssystemen in der UnionRL 2016/1148/EU - NIS-Richtlinie
Einzelne Vorschriften
Alle, insbes. Art. 14-16
Transnational Branche: Elektrizität
Ergebnis 9VERORDNUNG (EU) 2016/679 DES EUROPÄISCHEN PARLAMENTS UND DES RATES vom 27. April 2016 zum Schutz natürlicher Personen bei der Verarbeitung personenbezogener Daten, zum freien Datenverkehr und zur Aufhebung der Richtlinie 95/46/EG (Datenschutz-Grundverordnung)DS-GVO
Einzelne Vorschriften
Art. 5; 24; 25; 28; 29; 32; 33; 34; 35; 36; 37; 38; 39; 40; 42; 43; 45; 46; 47; 49; 51; 57; 58
Transnational Branche: Elektrizität
Ergebnis 10Richtlinie 2014/34/EU zur Harmonisierung der Rechtsvorschriften der Mitgliedstaaten für Geräte und Schutzsysteme zur bestimmungsgemäßen Verwendung in explosionsgefährdeten BereichenRL 2014/34/EU
Einzelne Vorschriften
Art. 4; 6 I; 8 II, V; 9 II, III; 29 III i.V.m. Anhang II, insbes. Punkte 1.5, 1.6.3