Inter-Customer Sites Environment - #17
This
environment captures requirements for communications between customer
sites. This is a relatively new environment, not widely deployed yet.
Typical Applications: Management of
micro-grids between customers.
Characteristics: High security
requirements because of data crossing organizational boundaries, but
relatively few, simple messages.
Similar Environments: Similar to
Inter-Control Center, but with much lower volumes and variety of data,
and less potential impact on the grid.
Definition: This environment is defined
by the following requirements:
Communication and Information Requirements that Define this Environment
Configuration Requirements
- Support interactions across widely distributed sites
Security Requirements
- Provide Identity Establishment Service (you are who you say you are)
- Provide Authorization Service for Access Control (resolving a policy-based access control decision to ensure authorized entities have appropriate access rights and authorized access is not denied)
- Provide Information Integrity Service (data has not been subject to unauthorized changes or these unauthorized changes are detected)
- Provide Confidentiality Service (only authorized access to information, protection against eavesdropping)
- Provide Inter-Domain Security Service (support security requirements across organizational boundaries)
- Provide Non-repudiation Service (cannot deny that interaction took place)
- Provide Audit Service (responsible for producing records, which track security relevant events)
- Provide Security Policy Service (concerned with the management of security policies)
- Provide Firewall Transversal
- Provide Privacy Service (the ability to ensure person information is not disclosed)
- Provide User Profile and User Management (combination of several other security services)
- Provide Security Protocol mapping (the ability to convert from one protocol to another)
- Provide Security Discovery (the ability to determine what security services are available for use)
Data Management Requirements
- Support extensive data validation procedures
- Support frequent changes in types of data exchanged
- Support management of data whose types can vary significantly in different implementations
- Support specific standardized or de facto object models of data
- Provide discovery service (discovering available services and their characteristics)
- Provide conversion and protocol mapping
- Support the management of data across organizational boundaries
Recommended Technologies
Energy Industry-Specific Technologies
Utility Field Device Related Data Exchange Technologies Utility Control Center Related Data Management TechnologiesCommunications Industry Technologies
Access Technologies IP-based Transport Protocols Link Layer and Physical Technologies Computer Systems Related Technologies General Internet and De Facto Data Management Technologies eCommerce Related Data Management TechnologiesSecurity Technologies
Policy and Framework Related Technologies General Security Technologies Media and Network Layer Technologies Application Layer Security Technologies
- RFC 2228 FTP Security Extensions
- Security,
- Internet Mail Extensions
- Security,
- RFC 2086 IMAP4 ACL extension
- Security,
- SNMP Security
- Security,
- RFC 1305 Network Time Protocol (Version 3) Specification, Implementation
- Security,
- IEC 62351-4 Security for Profiles including MMS (ISO-9506)
- Security,
- IEC 62351-5 Security for IEC 60870-5 and Derivatives
- Security,
- IEC 62351-6 Security for IEC 61850 GOOSE, GSSE, and SMV Profiles
- Security,
XML Related TechnologiesNetwork and Enterprise Management Technologies
Network Management TechnologiesSecurity Services
Common Security Services
- Audit Common Service
- Security,
- Authorization for Access Control
- Security,
- Confidentiality
- Security,
- Firewall Traversal
- Security,
- Identity Establishment Service
- Security,
- Information Integrity Service
- Security,
- Inter-Domain Security
- Security,
- Non-repudiation
- Security,
- Security Policies
- Security,
- Privacy Service
- Security,
- Quality of Identity Service
- Security,
- Security Protocol Mapping
- Security,
- Security Service Availability Discovery Service
- Security,
- User and Group Management
- Security,
Network and System Management Services
Data Management Common Services
Data Management Common ServicesCommon Platform Services
Common Platform ServicesData Management Best Practices
Data Management Security Best Practices
Security Frameworks and Policy DocumentsSecurity Technology Documents
Alternative Technologies
Utility Field Device Related Data Exchange Technologies
Access Technologies Networking Technologies IP-based Transport Protocols Link Layer and Physical Technologies Wireless Technologies Virtual Private Networking Technologies Computer Systems Related Technologies General Internet and De Facto Data Management Technologies
Alternative Best Practices
Security Frameworks and Policy Documents
ISO/IEC Documents on Security Technologies
- ISO/IEC 7816-1:1998 Identification cards -- Integrated circuit(s) cards with contacts -- Part 1: Physical characteristics
- Security,
- ISO/IEC 7816-3:1997 Information technology -- Identification cards -- Integrated circuit(s) cards with contacts -- Part 3: Electronic signals and transmission protocols
- Security,
- ISO/IEC 7816-3:1997/Amd 1:2002 Electrical characteristics and class indication for integrated circuit(s) cards operating at 5 V, 3 V and 1,8 V
- Security,
- ISO/IEC 7816-4:1995 Information technology -- Identification cards -- Integrated circuit(s) cards with contacts -- Part 4: Inter-industry commands for interchange
- Security,
- ISO/IEC 7816-4:1995/Amd 1:1997 secure messaging on the structures of APDU messages
- Security,
- ISO/IEC 7816-5:1994 Identification cards -- Integrated circuit(s) cards with contacts -- Part 5: Numbering system and registration procedure for application identifiers
- Security,
- ISO/IEC 7816-7:1999 Identification cards -- Integrated circuit(s) cards with contacts -- Part 7:
- Security,
- ISO/IEC 7816-8:1999 Identification cards -- Integrated circuit(s) cards with contacts -- Part 8: Security related
- Security,
- ISO/IEC 7816-9:2000 Identification cards -- Integrated circuit(s) cards with contacts -- Part 9: Additional
- Security,
- ISO/IEC 7816-10:1999 Identification cards -- Integrated circuit(s) cards with contacts -- Part 10: Electronic signals and answer to reset for synchronous cards
- Security,
- ISO/IEC 7816-11:2004 Identification cards -- Integrated circuit cards -- Part 11: Personal verification through biometric methods
- Security,
- ISO/IEC 7816-15:2004 Identification cards -- Integrated circuit cards with contacts -- Part 15: Cryptographic information application
- Security,
- ISO/IEC 9594-8:1998 Information technology -- Open Systems Interconnection -- The Directory: Authentication framework
- Security,
- ISO/IEC 9594-8:2001 Information technology -- Open Systems Interconnection -- The Directory: Public-key and attribute certificate frameworks
- Security,
- ISO 9735-5:2002 Electronic data interchange for administration, commerce and transport (EDIFACT) -- Application level syntax rules (Syntax version number: 4, Syntax release number: 1) -- Part 5: Security rul
- Security,
- ISO/IEC 10164-9:1995 Information technology -- Open Systems Interconnection -- Systems Management: Objects and attributes for access control
- Security,
- ISO/IEC 10181-1:1996 Information technology -- Open Systems Interconnection -- Security frameworks for open systems: Overview
- Security,
- ISO/IEC 10181-2:1996 Information technology -- Open Systems Interconnection -- Security frameworks for open systems: Authentication framework
- Security,
- ISO/IEC 10181-3:1996 Information technology -- Open Systems Interconnection -- Security frameworks for open systems: Access control framework
- Security,
- ISO/IEC 10181-4:1997 Information technology -- Open Systems Interconnection -- Security frameworks for open systems: Non-repudiation framework
- Security,
- ISO 10202-1:1991 Financial transaction cards -- Security architecture of financial transaction systems using integrated circuit cards -- Part 1: Card life cycle
- Security,
- ISO 10202-7:1998 Financial transaction cards -- Security architecture of financial transaction systems using integrated circuit cards -- Part 7: Key management
- Security,
- ISO 10202-8:1998 Financial transaction cards -- Security architecture of financial transaction systems
- Security,
- ISO/IEC TR 13335-1:1996 Information technology -- Guidelines for the management of IT Security -- Part 1: Concepts and models for IT Security
- Security,
- ISO/IEC TR 13335-2:1997 Information technology -- Guidelines for the management of IT Security -- Part 2: Managing and planning IT Security
- Security,
- ISO/IEC TR 13335-5 Information technology - Guidelines for the management of IT Security - Part 5: Management guidance on network security
- Security,
- ISO/IEC 13888-1:1997 Information technology -- Security techniques -- Non-repudiation -- Part 1: General
- Security,
- ISO/IEC 13888-2:1998 Information technology -- Security techniques -- Non-repudiation -- Part 2: Mechanisms using symmetric techniques
- Security,
- ISO/IEC 13888-3:1997 Information technology -- Security techniques -- Non-repudiation -- Part 3: Mechanisms using asymmetric techniques
- Security,
- ISO/IEC 15408-1:1999 Information technology -- Security techniques -- Evaluation criteria for IT security -- Part 1: Introduction and general mode
- Security,
- ISO/IEC 15408-2:1999 Information technology -- Security techniques -- Evaluation criteria for IT security -- Part 2: Security functional requirements
- Security,
- ISO/IEC 17799:2000 Information technology -- Code of practice for information security management
- Security,
- ISO JTC1 SC37 1.37.19784.1 BioAPI - Biometric Application Programming Interface
- Security,
- ISO JTC1 SC37 1.37.19794 - Biometric Data Interchange Format
- Security,
- ISO JTC1 SC37 1.37.19794.3 Biometric Data Interchange Format - Part 3: Finger Pattern Spectral Data
- Security,
- ISO JTC1 SC37 1.37.19794.4 Biometric Data Interchange Format - Part 4: Finger Image Data
- Security,
- ISO JTC1 SC37 1.37.1974.5 Biometric Data Interchange Format - Part 5: Face Image Data
- Security,
Federal Documents on Security Technologies IETF Internet Requests for Comments (RFCs) on Security Technologies
- RFC 1004 Distributed-protocol authentication scheme
- Security,
- RFC 1040 Privacy enhancement for Internet electronic mail: Part I: Message
- Security,
- RFC 1423 Privacy Enhancement for Internet Electronic Mail: Part III: Algorithms, Modes, and Identifiers
- Security,
- RFC 1507 DASS - Distributed Authentication Security Service
- Security,
- RFC 1579 Firewall-Friendly FTP
- Security,
- RFC 1826 IP Authentication Header
- Security,
- RFC 1827 IP Encapsulating Security Payload (ESP)
- Security,
- RFC 1968 The PPP Encryption Control Protocol (ECP)
- Security,
- RFC 2040 The RC5, RC5-CBC, RC5-CBC-Pad, and RC5-CTS Algorithms
- Security,
- RFC 2045 Multi-Purpose Internet Mail Extensions (MIME) and Secure/MIME
- Security,
- RFC 2086 IMAP4 ACL extension
- Security,
- RFC 2093 Group Key Management Protocol (GKMP) Specification
- Security,
- RFC 2228 FTP Security Extensions
- Security,
- RFC 2230 Key Exchange Delegation Record for the DNS
- Security,
- RFC 2244 ACAP -- Application Configuration Access Protocol
- Security,
- RFC 2246 The TLS Protocol Version 1.0
- Security,
- RFC 2313 PKCS #1: RSA Encryption Version 1.5
- Security,
- RFC 2315 PKCS #7: Cryptographic Message Syntax Version 1.5
- Security,
- RFC 2356 Sun's SKIP Firewall Traversal for Mobile IP
- Security,
- RFC 2406 IP Encapsulating Security Payload (ESP)
- Security,
- RFC 2437 PKCS #1: RSA Cryptography Specifications Version 2.0
- Security,
- RFC 2440 OpenPGP Message Format
- Security,
- RFC 2408 Internet Security Association and Key Management Protocol (ISAKMP)
- Security,
- RFC 2409 The Internet Key Exchange (IKE)
- Security,
- RFC 2459 Internet X.509 Public Key Infrastructure Certificate and CRL Profile
- Security,
- RFC 2510 Internet X.509 Public Key Infrastructure Certificate Management Protocols
- Security,
- RFC 2511 Internet X.509 Certificate Request Message Format
- Security,
- RFC 2527 Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework
- Security,
- RFC 2547 BGP/MPLS VPNs
- Security,
- RFC 2560 X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP
- Security,
- RFC 2764 A Framework for IP Based Virtual Private Networks
- Security,
- RFC 2753 A Framework for Policy-based Admission Control
- Security,
- RFC 2797 Certificate Management Messages over CMS
- Security,
- RFC 2817 Upgrades to TLS within HTTP/1.1
- Security,
- RFC 2818 HTTP over TLS (HTTPS)
- Security,
- RFC 2865 Remote Authentication Dial In User Service (RADIUS)
- Security,
- RFC 2869 RADIUS Extensions
- Security,
- RFC 2874 DNS Extensions to Support IPv6 Address Aggregation and Renumbering
- Security,
- RFC 2875
- Security,
- RFC 2888 Secure Remote Access with L2TP
- Security,
- RFC 2898 PKCS #5: Password-Based Cryptography Specification Version 2.0
- Security,
- RFC 2946 Telnet Data Encryption Option
- Security,
- RFC 2977 Mobile IP Authentication, Authorization, and Accounting Requirements
- Security,
- RFC 2979 Behavior of and Requirements for Internet Firewalls
- Security,
- RFC 2985 PKCS #9: Selected Object Classes and Attribute Types Version 2.0
- Security,
- RFC 3268 Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS)
- Security,
- RFC 3280 Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
- Security,
- RFC 3369 Cryptographic Message Syntax (CMS)
- Security,
- RFC 3370 Cryptographic Message Syntax (CMS) Algorithms
- Security,
- RFC 3447 Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1
- Security,
- RFC 3647 Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework
- Security,
Other Security Technolog
- IEEE 802.11b Web Encryption Protocol
- Security,
- IEEE 802.11i Security for Wireless Networks
- Security,
- RSA Documents on Security Technologies
- Security,
- RSA PKCS #8 Private-Key Information Syntax Standard
- Security,
- RSA PKCS #12 Personal Information Exchange Syntax Standard, version 1.0.
- Security,
- OASIS Documents on Security Technologies
- Security,
- WC3 XML Key Management Specification (XKMS 2.0) Bindings
- Security,
- W3C The Platform for Privacy Preferences 1.1 (P3P1.1) SpecificationW3C Working Draft 27 April 2004
- Security,
- AGA-12 Cryptographic Protection of SCADA Communications General Recommendations.
- Security,
- ANSI INCITS 359-2004 Role Based Access Control (RBAC)
- Security,
- EPRI 1002596 ICCP TASE.2 Security Enhancements
- Security,
- NERC Certificate Policy for the Energy Market Access and Reliability Certificate (e MARC) Program Version 2.4
- Security,
- NIST GSC-IS The NIST Interagency Report 6887 - 2003 edition (Government Smart Card-Interoperability Specification) Version 2.1
- Security,
- NISTIR 6529 Common Biometric File Format (CBEFF)
- Security,
- Smart Card Alliance Smart Card Primer
- Security,
- Smart Card Alliance Privacy and Secure Identification Systems: The Role of Smart Cards as a Privacy-Enabling Technology
- Security,
- Smart Card Alliance Government Smart Card Handbook
- Security,
- WebDAV Access Control Extensions to WebDAV
- Security,
- WPA WI-FI Protected Access
- Security,
- WPA2 WI-FI Protected Access Version 2
- Security,
- TMN PKI - Digital certificates and certificate revocation lists profiles
- Security,
Possible Technologies
Utility Field Device Related Data Exchange Technologies
Networking Technologies Wireless Technologies
|