IEEE 2030.102.1-2020 pdf download

IEEE 2030.102.1-2020 pdf download.IEEE Standard for Interoperability of Internet Protocol Security (IPsec) Utlized within Utlity Control Systems
This standard specifies requirements for interoperability of devices utilized within utility control systems, which implement the Internet Protocol Security (IPsec) protocol suite within an IPv4 environment.
1.2 Purpose
The purpose of this document is to define a specific configuration profile for the Internet Protocol Security (IPSec) protocol suite suitable for use within a utility control system.
The primary goal in developing this standard is to promote interoperability between products developed by different vendors. It focuses on those configuration parameters needed to support the establishment and sustained operation of an IPSec Virtual Private Network (VPN) tunnel between two devices that have implemented IPSec conforming to this standard. A secondary goal of this standard is to help minimize configuration errors involving IPSec implementations within utility control systems.
1.3 Word usage The word shall indicates mandatory requirements strictly to be followed in order to conform to the standard and from which no deviation is permitted (shall equals is required to).
1,2 The word should indicates that among several possibilities one is recommended as particularly suitable, without mentioning or excluding others; or that a certain course of action is preferred but not necessarily required (should equals is recommended that).
The word may is used to indicate a course of action permissible within the limits of the standard (may equals is permitted to).
The word can is used for statements of possibility and capability, whether material, physical, or causal (can equals is able to).
2. Normative references The following referenced documents are indispensable for the application of this document (i.e., they shall be understood and used, so each referenced document is cited in text and its relationship to this document is explained). For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments or corrigenda) applies. IETF RFC 3947, Negotiation of NAT-Traversal in the IKE. IETF RFC 3948, UDP Encapsulation of IPSec ESP Packets. IETF RFC 5280, Internet X.509 Public Key Infrastructure Certifcate and Certifcate Revocation List (CRL) Profle. NIST SP 800-131A Rev 2, Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths.
3. Confguration requirements for IPsec utilized within utility control systems
3.1 General
The configuration parameters identified in this section shall be supported to be compliant with this standard. Those that are deemed “Required” are considered the absolute minimum requirements for the configuration parameters listed in the following tables, whereas those listed as “Recommended” are considered optional configuration parameters that should be supported. “Deprecated” parameters are those that are no longer supported and shall not be used as part of this standard. The defined profile outlines the minimum set of IPsec options to be supported by devices implementing this standard to establish and maintain Phase 1 and Phase 2 Internet Key Exchange (IKE) and IPsec security associations [B4]
3 . Table A.1 should be used to list the supported parameters. The confguration parameters contained within this section were infuenced by the use case of the IPsec tunnel supporting critical utility control system traffc. They were chosen to support a balance of highest security and availability including requirements for the following:
— Sustaining the IPsec tunnel
— Fast recovery (i.e., re-establishment) from a failure of the IPsec tunnel
— Alignment with recommendations outlined in NIST SP 800-131A 4
3.2 IPsec confguration profle The configuration parameters identified in this section shall be supported to be compliant with this standard. These parameters are organized into Table 1 through Table 4.IEEE 2030.102.1 pdf download.IEEE 2030.102.1-2020 pdf download