BSI 24/30484649 DC 2024

$24.66

BS EN IEC 63208 Switchgear and controlgear and their assemblies for low voltage – Security aspects

Published By	Publication Date	Number of Pages
BSI	2024	116

Guaranteed Safe Checkout

Categories: 29.130.20 - Low voltage switchgear and controlgear, BSI

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. We’re here to assist you 24/7.
Email:[email protected]

Description

PDF Catalog

PDF Pages	PDF Title
1	30484649-NC.pdf
3	121_156e_CD.pdf
12	FOREWORD
14	INTRODUCTION
16	1 Scope
17	2 Normative references 3 Terms, definitions and abbreviated terms 3.1 Terms and definitions
22	3.2 Abbreviated terms
23	4 General 5 Security objectives 6 Security lifecycle management 6.1 General
25	6.2 Security risk assessment 6.2.1 General
26	6.2.2 Relationship between safety and security
27	6.2.3 Impact assessment 6.2.4 Security risk assessment result 6.3 Response to security risk
28	6.4 Security requirement specification 6.5 Roles and responsibilities 6.6 Important data
29	6.7 Control system architecture 6.7.1 Control system 6.7.2 Levels of communication functionalities
31	6.7.3 Levels of connectivity
33	6.7.4 Exposure levels of equipment 6.7.5 Equipment security levels
34	6.7.6 Security protection profile 7 Security requirements 7.1 General 7.2 Physical access and environment 7.2.1 PA – Physical access and environment requirement
35	7.2.2 Physical access and environment rational 7.2.3 PA-e – Physical access and environment enhancement
36	7.2.4 Physical access and environment typical implementation
37	7.3 Equipment requirement 7.3.1 General 7.3.1.1 Safety related functions 7.3.1.2 Compensating countermeasure 7.3.1.3 Security requirements for the equipment
38	7.3.2 FR 1 – Identification and authentication control 7.3.2.1 Purpose 7.3.2.2 Rationale 7.3.2.3 CR 1.1 – Human user identification and authentication 7.3.2.3.1 Applicability 7.3.2.3.2 Requirement 7.3.2.3.3 Requirement rational
39	7.3.2.3.4 Requirement enhancement 7.3.2.4 CR 1.2 – Software and equipment identification and authentication 7.3.2.4.1 Applicability 7.3.2.4.2 Requirement 7.3.2.4.3 Requirement rational 7.3.2.4.4 Requirement enhancement 7.3.2.5 CR 1.5 – Authenticator management 7.3.2.5.1 Applicability 7.3.2.5.2 Requirement 7.3.2.5.3 Requirement rational 7.3.2.6 CR 1.7 – Strength of password-based authentication 7.3.2.6.1 Applicability 7.3.2.6.2 Requirement 7.3.2.6.3 Requirement rational
40	7.3.2.7 CR 1.8 – Public key infrastructure certificates 7.3.2.7.1 Applicability 7.3.2.7.2 Requirement 7.3.2.7.3 Requirement rational 7.3.2.8 CR 1.9 – Strength of public key-based authentication 7.3.2.8.1 Applicability 7.3.2.8.2 Requirement 7.3.2.8.3 Requirement rational 7.3.2.9 CR 1.10 – Authenticator feedback 7.3.2.9.1 Applicability 7.3.2.9.2 Requirement 7.3.2.9.3 Requirement rational 7.3.2.10 CR 1.11 – Unsuccessful login attempts 7.3.2.10.1 Applicability 7.3.2.10.2 Requirement
41	7.3.2.10.3 Requirement rational 7.3.2.11 CR 1.14 – Strength of symmetric key-based authentication 7.3.2.11.1 Applicability 7.3.2.11.2 Requirement 7.3.2.11.3 Requirement rational 7.3.3 FR 2 – Use control 7.3.3.1 Purpose 7.3.3.2 Rationale 7.3.3.3 CR 2.1 – Authorization enforcement 7.3.3.3.1 Applicability 7.3.3.3.2 Requirement 7.3.3.3.3 Requirement rational 7.3.3.3.4 Requirement enhancement 7.3.3.4 CR 2.2 – Wireless use control 7.3.3.4.1 Applicability
42	7.3.3.4.2 Requirement 7.3.3.4.3 Requirement rational 7.3.3.5 EDR 2.4 – Mobile code 7.3.3.5.1 Applicability 7.3.3.5.2 Requirement 7.3.3.5.3 Requirement rational 7.3.3.5.4 Requirement enhancement 7.3.3.6 SAR 2.4 – Mobile code 7.3.3.6.1 Applicability 7.3.3.6.2 Requirement 7.3.3.6.3 Requirement rational 7.3.3.6.4 Requirement enhancement
43	7.3.3.7 CR 2.5 – Session lock 7.3.3.7.1 Applicability 7.3.3.7.2 Requirement 7.3.3.7.3 Requirement rational 7.3.3.8 CR 2.6 – Remote session termination 7.3.3.8.1 Applicability 7.3.3.8.2 Requirement 7.3.3.8.3 Requirement rational 7.3.3.9 CR 2.7 – Concurrent session control 7.3.3.9.1 Applicability 7.3.3.9.2 Requirement 7.3.3.9.3 Requirement rational 7.3.3.10 CR 2.8 – Auditable events 7.3.3.10.1 Applicability
44	7.3.3.10.2 Requirement 7.3.3.10.3 Requirement rational 7.3.3.11 CR 2.9 – Audit storage capacity 7.3.3.11.1 Applicability 7.3.3.11.2 Requirement 7.3.3.11.3 Requirement rational 7.3.3.12 CR 2.10 – Response to audit processing failures 7.3.3.12.1 Applicability 7.3.3.12.2 Requirement 7.3.3.12.3 Requirement rational 7.3.3.13 CR 2.11 Timestamp 7.3.3.13.1 Applicability 7.3.3.13.2 Requirement
45	7.3.3.13.3 Requirement rational 7.3.3.13.4 Requirement enhancement 7.3.3.14 CR 2.12 – Non-repudiation 7.3.3.14.1 Applicability 7.3.3.14.2 Requirement 7.3.3.14.3 Requirement rational 7.3.3.15 EDR 2.13 – Use of physical diagnostic and test interfaces 7.3.3.15.1 Applicability 7.3.3.15.2 Requirement 7.3.3.15.3 Requirement rational 7.3.4 FR 3 – System integrity 7.3.4.1 Purpose 7.3.4.2 Rationale 7.3.4.3 CR 3.1 – Communication integrity 7.3.4.3.1 Applicability
46	7.3.4.3.2 Requirement 7.3.4.3.3 Requirement rational 7.3.4.3.4 Requirement enhancement 7.3.4.4 EDR 3.2 – Protection from malicious code 7.3.4.4.1 Applicability 7.3.4.4.2 Requirement 7.3.4.4.3 Requirement rational 7.3.4.4.4 Additional requirement 7.3.4.4.5 Additional requirement rational
47	7.3.4.5 SAR 3.2 – Protection from malicious code 7.3.4.5.1 Applicability 7.3.4.5.2 Requirement 7.3.4.5.3 Requirement rational 7.3.4.6 CR 3.3 – Security functionality verification 7.3.4.6.1 Applicability 7.3.4.6.2 Requirement 7.3.4.6.3 Requirement rational 7.3.4.6.4 Requirement enhancement 7.3.4.7 CR 3.4 – Software and information integrity 7.3.4.7.1 Applicability 7.3.4.7.2 Requirement 7.3.4.7.3 Requirement rational
48	7.3.4.7.4 Requirement enhancement 7.3.4.7.5 Additional requirement 7.3.4.7.6 Additional requirement rational 7.3.4.8 CR 3.5 – Input validation 7.3.4.8.1 Applicability 7.3.4.8.2 Requirement 7.3.4.8.3 Requirement rational 7.3.4.9 CR 3.6 – Deterministic output 7.3.4.9.1 Applicability 7.3.4.9.2 Requirement
49	7.3.4.9.3 Requirement rational 7.3.4.10 CR 3.7 – Error handling 7.3.4.10.1 Applicability 7.3.4.10.2 Requirement 7.3.4.10.3 Requirement rational 7.3.4.11 CR 3.8 – Session Integrity 7.3.4.11.1 Applicability 7.3.4.11.2 Requirement 7.3.4.11.3 Requirement rational 7.3.4.12 CR 3.9 – Protection of audit information 7.3.4.12.1 Applicability 7.3.4.12.2 Requirement 7.3.4.12.3 Requirement rational 7.3.4.13 EDR 3.10 – Support for Updates 7.3.4.13.1 Applicability
50	7.3.4.13.2 Requirement 7.3.4.13.3 Requirement rational 7.3.4.13.4 Requirement enhancement 7.3.4.14 EDR 3.11 – Physical tamper resistance and detection 7.3.4.14.1 Applicability 7.3.4.14.2 Requirement 7.3.4.14.3 Requirement rational 7.3.4.15 EDR 3.12 – Provisioning product supplier roots of trust 7.3.4.15.1 Applicability 7.3.4.15.2 Requirement 7.3.4.15.3 Requirement rational 7.3.4.16 EDR 3.13 – Provisioning asset owner roots of trust 7.3.4.16.1 Applicability 7.3.4.16.2 Requirement 7.3.4.16.3 Requirement rational
51	7.3.4.17 EDR 3.14 – Integrity of the boot process 7.3.4.17.1 Applicability 7.3.4.17.2 Requirement 7.3.4.17.3 Requirement rational 7.3.4.17.4 Requirement enhancement 7.3.5 FR 4 – Data confidentiality 7.3.5.1 Purpose 7.3.5.2 Rationale 7.3.5.3 CR 4.3 – Use of cryptography 7.3.5.3.1 Applicability 7.3.5.3.2 Requirement 7.3.5.3.3 Requirement rational 7.3.6 FR 5 – Restricted data flow
52	7.3.7 FR 6 – Timely response to events 7.3.7.1 Purpose 7.3.7.2 Rationale 7.3.7.3 CR 6.1 – Audit log accessibility 7.3.7.3.1 Applicability 7.3.7.3.2 Requirement 7.3.7.3.3 Requirement rational 7.3.8 FR 7 – Resource availability 7.3.8.1 Purpose 7.3.8.2 Rationale 7.3.8.3 CR 7.1 – Denial of service protection
53	7.3.8.3.1 Applicability 7.3.8.3.2 Requirement 7.3.8.3.3 Requirement rational 7.3.8.3.4 Additional requirement 7.3.8.4 CR 7.2 – Resource management 7.3.8.4.1 Applicability 7.3.8.4.2 Requirement 7.3.8.4.3 Requirement rational 7.3.8.5 CR 7.3 – Control system backup 7.3.8.5.1 Applicability 7.3.8.5.2 Requirement
54	7.3.8.5.3 Requirement rational 7.3.8.5.4 Requirement enhancement 7.3.8.6 CR 7.4 – Control system recovery and reconstitution 7.3.8.6.1 Applicability 7.3.8.6.2 Requirement 7.3.8.6.3 Requirement rational 7.3.8.7 CR 7.6 – Network and security configuration settings 7.3.8.7.1 Applicability 7.3.8.7.2 Requirement 7.3.8.7.3 Requirement rational 7.3.8.8 CR 7.7 – Least functionality 7.3.8.8.1 Applicability 7.3.8.8.2 Requirement 7.3.8.8.3 Requirement rational
55	7.3.8.9 CR 7.8 – Control system inventory 7.3.8.9.1 Applicability 7.3.8.9.2 Requirement 7.3.8.9.3 Requirement rational 8 Instructions for installation, operation and maintenance 8.1 User instruction requirement
56	8.2 User instruction rational 8.3 User instruction enhancement 8.4 User instruction implementation 9 Conformance verification and testing 9.1 General 9.2 Life cycle management 9.3 Physical access 9.3.1 Verification of physical access and environment
57	9.3.2 Physical access and environment enhancement 9.4 FR 1 – Identification and authentication control 9.4.1 CR 1.1 – Human user identification and authentication 9.4.1.1 Requirement verification 9.4.1.2 Requirement enhancement verification 9.4.2 CR 1.2 – Software and equipment identification and authentication 9.4.2.1 Requirement verification
58	9.4.2.2 Requirement enhancement verification 9.4.3 CR 1.5 – Authenticator management 9.4.3.1 Requirement verification 9.4.4 CR 1.7 – Strength of password-based authentication 9.4.4.1 Requirement verification 9.4.5 CR 1.8 – Public key infrastructure certificates 9.4.5.1 Requirement verification
59	9.4.6 CR 1.9 – Strength of public key-based authentication 9.4.6.1 Requirement verification 9.4.7 CR 1.10 – Authenticator feedback 9.4.7.1 Requirement verification 9.4.8 CR 1.11 – Unsuccessful login attempts 9.4.8.1 Requirement verification 9.4.9 CR 1.14 – Strength of symmetric key-based authentication 9.4.9.1 Requirement verification
60	9.5 FR 2 – Use control 9.5.1 CR 2.1 – Authorization enforcement 9.5.1.1 Requirement verification 9.5.1.2 Requirement enhancement verification 9.5.2 CR 2.2 – Wireless use control 9.5.2.1 Requirement verification 9.5.3 EDR 2.4 – Mobile code 9.5.3.1 Requirement verification
61	9.5.3.2 Requirement enhancement verification 9.5.4 SAR 2.4 – Mobile code 9.5.4.1 Requirement verification 9.5.4.2 Requirement enhancement verification 9.5.5 CR 2.5 – Session lock 9.5.5.1 Requirement verification 9.5.6 CR 2.6 – Remote session termination 9.5.6.1 Requirement verification
62	9.5.7 CR 2.7 – Concurrent session control 9.5.7.1 Requirement verification 9.5.8 CR 2.8 – Auditable events 9.5.8.1 Requirement verification 9.5.9 CR 2.9 – Audit storage capacity 9.5.9.1 Requirement verification 9.5.10 CR 2.10 – Response to audit processing failures 9.5.10.1 Requirement verification
63	9.5.11 CR 2.11 – Timestamps 9.5.11.1 Requirement verification 9.5.11.2 Requirement enhancement verification 9.5.12 CR 2.12 – Non-repudiation 9.5.12.1 Requirement verification 9.5.13 EDR 2.13 – Use of physical diagnostic and test interfaces 9.5.13.1 Requirement verification 9.6 FR 3 – System integrity 9.6.1 CR 3.1 – Communication integrity 9.6.1.1 Requirement verification
64	9.6.1.2 Requirement enhancement verification 9.6.2 EDR 3.2 – Protection from malicious code 9.6.2.1 Requirement verification 9.6.3 SAR 3.2 – Protection from malicious code 9.6.3.1 Requirement verification 9.6.4 CR 3.3 – Security functionality verification 9.6.4.1 Requirement verification
65	9.6.4.2 Requirement enhancement verification 9.6.5 CR 3.4 – Software and information integrity 9.6.5.1 Requirement verification 9.6.5.2 Requirement enhancement verification 9.6.6 CR 3.5 – Input validation 9.6.6.1 Requirement verification 9.6.7 CR 3.6 – Deterministic output 9.6.7.1 Requirement verification
66	9.6.8 CR 3.7 – Error handling 9.6.8.1 Requirement verification 9.6.9 CR 3.8 – Session Integrity 9.6.9.1 Requirement verification 9.6.10 CR 3.9 – Protection of audit information 9.6.10.1 Requirement verification 9.6.11 EDR 3.10 – Support for updates 9.6.11.1 Requirement verification
67	9.6.11.2 Requirement enhancement verification 9.6.12 EDR 3.11 – Physical tamper resistance and detection 9.6.12.1 Requirement verification 9.6.13 EDR 3.12 – Provisioning product supplier roots of trust 9.6.13.1 Requirement verification 9.6.14 EDR 3.13 – Provisioning asset owner roots of trust 9.6.14.1 Requirement verification
68	9.6.15 EDR 3.14 – Integrity of the boot process 9.6.15.1 Requirement verification 9.6.15.2 Requirement enhancement verification 9.7 FR 4 – Data confidentiality 9.7.1 CR 4.3 – Use of cryptography 9.7.1.1 Requirement verification 9.8 FR 6 – Timely response to events 9.8.1 CR 6.1 – Audit log accessibility 9.8.1.1 Requirement verification
69	9.8.1.2 Requirement enhancement verification 9.9 FR 7 – Resource availability 9.9.1 CR 7.1 – Denial of service protection 9.9.1.1 Requirement verification 9.9.1.2 Requirement enhancement verification 9.9.2 CR 7.2 – Resource management 9.9.2.1 Requirement verification 9.9.3 CR 7.3 – Control system backup 9.9.3.1 Requirement verification
70	9.9.3.2 Requirement enhancement verification 9.9.4 CR 7.4 – Control system recovery and reconstitution 9.9.4.1 Requirement verification 9.9.5 CR 7.6 – Network and security configuration settings 9.9.5.1 Requirement verification 9.9.6 CR 7.7 – Least functionality 9.9.6.1 Requirement verification 9.9.7 CR 7.8 – Control system inventory 9.9.7.1 Requirement verification
72	Annex A (informative) Cybersecurity and electrical system architecture A.1 General A.2 Typical architecture involving switchgear and controlgear and their assembly A.2.1 Building
73	A.2.2 Manufacturing
75	Annex B (informative) Use case studies B.1 General
76	B.2 Use case 1 – Protection against Denial of Service (DoS) attack
77	B.3 Use case 2 – Protection against unauthorized modification of sensing device
78	B.4 Use case 3 – Protection against unauthorized modification of wireless equipment
79	B.5 Use case 4 – Protection against threat actor remotely taking control of a “Managing” intelligent assembly
81	Annex C (Informative) Development methods of cybersecurity aspects
82	Annex D (informative) Instructions to be provided to the user of the equipment and for integration into an assembly D.1 General D.2 Risk assessment and security planning D.2.1 Risk assessment D.2.2 Security plan
83	D.3 Recommendations for design and installation of the system integrating switchgear and controlgear and their assemblies D.3.1 General access control D.3.2 Recommendations for local access
84	D.3.3 Recommendations for remote access D.3.4 Recommendations for firmware upgrades
85	D.3.5 Recommendations for the end of life D.4 Instructions for an assembly
86	Annex E (normative) Security protection profile of soft-starter, motor starter and semiconductor controller E.1 Introduction E.1.1 Protection profile reference E.1.2 Target of evaluation overview E.1.3 General mission objectives
87	E.1.4 Features E.1.5 Product usage E.1.6 Users
88	E.2 Assumptions E.3 Conformance claims and conformance statement E.4 Security problem definition E.4.1 Critical assets of the environment
89	E.4.2 ToE critical assets E.4.3 Threat Model E.4.3.1 Attackers E.4.3.2 Threats
90	E.5 Security objectives E.6 Security requirements E.6.1 Security functional requirements E.6.2 Security assurance requirements
92	Annex F (normative) Security protection profiles of circuit-breaker F.1 Introduction F.1.1 Protection profile reference F.1.2 Target of evaluation overview F.1.3 General mission objectives
93	F.1.4 Features F.1.5 Product usage F.1.6 Users F.2 Assumptions
94	F.3 Conformance claims and conformance statement F.4 Security problem definition F.4.1 Critical assets of the environment F.4.2 ToE critical assets
95	F.4.3 Threat Model F.4.3.1 Attackers F.4.3.2 Threats
96	F.5 Security objectives F.6 Security requirements F.6.1 Security functional requirements F.6.2 Security assurance requirements
97	Annex G (normative) Protection profile of transfer switch equipment G.1 Introduction G.1.1 Protection profile reference G.1.2 Target of evaluation overview G.1.2.1 Overview
98	G.1.3 General mission objectives G.1.4 Features G.1.5 Product usage G.1.6 Users G.2 Assumptions G.3 Conformance claims and conformance statement
99	G.4 Security problem definition G.4.1 Critical assets of the environment G.4.2 ToE critical assets
100	G.4.3 Threat Model G.4.3.1 Attackers G.4.3.2 Threats G.5 Security objectives G.6 Security requirements G.6.1 Security functional requirements
101	G.6.2 Security assurance requirements
102	Annex H (normative) Protection profile for wireless controlgear with its communication interface H.1 Introduction H.1.1 Protection profile reference H.1.2 Target of evaluation overview
103	H.1.3 General mission objectives H.1.4 Features H.1.5 Product usage H.1.6 Users H.2 Assumptions
104	H.3 Conformance claims and conformance statement H.4 Security problem definition H.4.1 Critical assets of the environment H.4.2 ToE critical assets
105	H.4.3 Threat Model H.4.3.1 Attackers H.4.3.2 Threats
106	H.5 Security objectives H.6 Security requirements H.6.1 Security functional requirements H.6.2 Security assurance requirements
107	Annex I (informative) Equipment requirements by level of exposure
108	Annex J (informative) Bridging references to cybersecurity management systems
114	Bibliography

Additional information

Status	Definitive
Pages	116
Publication Date	2024-01-05
Standard Number	24/30484649 DC
Title	BS EN IEC 63208 Switchgear and controlgear and their assemblies for low voltage – Security aspects
Descriptors	Security, Switchboards (switchgear), Switchgear, Very-low-voltage installations, Low-voltage equipment
Publisher	BSI
Committee	PEL/121
ICS Codes	29.130.20 - Low voltage switchgear and controlgear

Preview PDF


PDF Format	Searchable	Printable	Preview Now

BSI 24/30484649 DC 2024

PDF Catalog

Related products