3.3.2 IEEE C37.240 (Cybersecurity Requirements for Substation Automation, Protection, and Control Systems)

3.3.2.1 Focus

This document provides technical requirements for substation cybersecurity. It presents sound engineering practices that can be applied to achieve high levels of cybersecurity of automation, protection, and control systems independent of voltage class or criticality of cyber assets. Cybersecurity includes trust and assurance of data in motion, data at rest, and incident response.

These requirements are categorized as follows:

•        High level requirements and priorities for interface categories.

•        System communications components.

•        Functional Requirements.

•        User authentication and authorization.

•        Data-in-motion protection.

•        Configuration management.

•        Security event auditing and analysis/incident response.

•        Security testing.

3.3.2.2 Associated Evaluation Scheme and Governance

There is no official evaluation scheme regarding this standard.

The Institute of Electrical and Electronics Engineers (IEEE) is a member based organization. Its activities include developing standards dedicated to advance technology for the benefit of humanity. 3.3.2.3 Process None.

3.3.2.4 Practice

Not publicly known. 3.3.2.5 Formal Status

None.

3.3.2.6 Relation to other standards / schemes

Related standards include:

• IEC 62351-8, Power systems management and associated information exchange—Data and communications security—Part 8: Role-based access control)