IEEE 1686-2013 pdf download

IEEE 1686-2013 pdf download.IEEE Standard for Intelligent Electronic Devices Cyber Security Capabilities
4.2 Applicability
This standard can be applied to any IED. Although the standard is designed to provide the tools and features for a user to implement an IED security effort in response to NERC CIP requirements [B5] 5 , the standard is applicable to any IED where the user requires security, accountability, and auditability in the configuration and maintenance of the IED.
This standard does not address which devices should be required to meet the standard. Each user must assess their specific situation and choose where the standard should apply in their particular case. Issues affecting this choice include, but are not limited to, the following:
IED classification (critical/non-critical infrastructure)
User’s cyber security plan and procedures
Communication and local area network (LAN)/wide area network (WAN) facilities
Protection and control system architecture
4.3 Implementing IED security
The implementation of a security posture for IEDs and their configuration software is a combination of technology and procedures. Technology alone will not produce the desired results without the implementation and enforcement of a set of complementary security procedures. Additionally, security procedures and technology are often developed in conjunction with one another with considerations given to such things as operational costs, user practices, manpower constraints, and communications capabilities.
This standard defines the functions and features to be provided in IEDs to accommodate CIP programs. It is recognized, however, that in some cases, the functions and features may require some adaptation or relaxation to meet a user’s specific situation. As an example, this standard calls for at least ten unique userID/passwords for the IED. In a very small utility such as a municipality, there may not be ten users who require access, and therefore the requirement is not substantiated. For a very large utility with an IED maintenance force that covers a wide geographical area, ten individual passwords may not be enough.
In such cases, the user must identify to the IED provider where the user’s requirements differ or exceed the standard. Further, the failure of an IED to meet every clause of this standard does not necessarily preclude its use in a secure environment. It is possible the deficiency may be overcome by procedural or administrative technology, architecture, or other measures.
4.4 Proper use of this standard
4.4.1 IEEE Std 1686 requirements
The proper use of this standard requires the following three elements:
a) Proper citation of the standard
b) TOC to the standard
c) Analysis and verification by the user of the IED offering
4.4.2 Proper citation
The proper citation of this standard in a procurement document is as follows:
The IED shall meet or exceed the requirements established in IEEE Std 1686, Standard for Intelligent Electronic Devices Cyber Security Capabilities.
Modifications to the standard by the user to meet specific circumstances or requirements of the user are permissible, so long as they are clearly identified in supporting documentation that accompanies the specification as part of a procurement process. When this is desired, it may be stipulated in a citation as in the following examples:
The IED shall meet or exceed the requirements established in IEEE Std 1686, Standard for Intelligent Electronic Device Cyber Security Capabilities, except as noted below:
5.1.3: The minimum number of passwords shall be 20 (user desires a greater number of asswords than provided by the standard)
5.2.1: The minimum number of records in the audit trail shall be 512 (user desires to relax the number of audit trail records required in the standard to be retained by the IED)
Users are strongly discouraged against making generic statements such as “IED shall meet all applicable clauses and subclauses of IEEE Std 1686.” Such statements create the potential for differing assessments by the user and the vendor/supplier as to what is applicable.IEEE 1686 pdf download.IEEE 1686-2013 pdf download