DA/SA-401-2021: Security test plan for RTUs and gateways (draft)

Login is required to download this document
  • Version
  • Download 7
  • File Size 547.36 KB
  • File Count 1
  • Create Date December 2, 2020
  • Last Updated December 3, 2020

DA/SA-401-2021: Security test plan for RTUs and gateways (draft)

This document provides a plan to test remote terminal units (RTUs) and gateways against the security requirements in DA/SA-301-2021 Security requirements for RTUs and gateways.

When the requirements are used, the need arises to evaluate the RTU or gateway against the requirements. Most procurement processes include acceptance testing to make sure that the selected RTU or gateway meets all requirements. This document provides a standardized test plan to evaluate the RTU or gateway against the RTU and gateway security requirements.

By standardizing the test plan, the test results can be more easily shared between grid operators. The vendor of the RTU or gateway can perform security tests according to the test plan and then use the test report to show compliance in all tenders that use the security requirements. This reduces the cost of testing and can give grid operators assurance in advance that there are RTUs and gateways meeting the requirements.

The test plan consists of three phases:

  1. Functional tests and a vulnerability assessment by the vendor, usually performed during development;
  2. A review of development processes and security design by the grid operator, usually performed during selection;
  3. A penetration test by an external lab, usually performed after the RTU has been selected.

Attached Files

File
DA-SA-401-2021 Security test plan for RTUs and gateways v0.1.pdf