SM-302-2020: Security requirements for procuring data concentrators (draft)

  • Version
  • Download 38
  • File Size 901.91 KB
  • File Count 1
  • Create Date November 8, 2019
  • Last Updated December 30, 2019

SM-302-2020: Security requirements for procuring data concentrators (draft)

This document provides functional and quality requirements for the security of data concentrators, including requirements for secure development processes at the vendor. The requirements cover secure communication between the smart meters and the data concentrators and central system. They do not cover the security of the central systems themselves.

The requirements are meant for procuring new data concentrators. Smart meters are addressed separately. The requirements are not meant for legacy systems, although a selection of them can be used to improve the latter.

This document aims to help grid operators to set procurement requirements. It includes requirements that ENCS has developed for members in Austria, Czech Republic, the Netherlands and Portugal, which have been used in different tenders. They are set up to allow independent testing, and more than 15 data concentrators have already been successfully tested against them. By using these requirements in their tender process, grid operators can benefit from their already high maturity level.

The measures are aligned with ISO 27001:2013. They are designed to fit as much as possible into the processes and procedures already in place in the organizations, and to find the needed balance between the assured security level, feasibility by vendors and the operational impact.

Draft version 2.6 for review.

Attached Files

SM-302-2020 Security requirements for procuring data concentrators v2.6.pdfDownload