This document provides a plan to test remote terminal units (RTUs) and gateways against the baseline security requirements in DA/SA-301-2021 Security requirements for RTUs and gateways.
When the requirements are used, the need arises to evaluate the RTU or gateway against the requirements. Most procurement processes include acceptance testing to make sure that the selected RTU or gateway meets all requirements. This document provides a standardized test plan to evaluate the RTU or gateway against the RTU and gateway security requirements.
By standardizing the test plan, the test results can be more easily shared between grid operators. The vendor of the RTU or gateway can perform security tests according to the test plan and then use the test report to show compliance in all tenders that use the security requirements. This reduces the cost of testing and can give grid operators assurance in advance that there are RTUs and gateways meeting the requirements.
The test plan distinguishes two types of assessments:
- A conformity assessment to determine if the RTU or gateway has the required security functions and they are working properly.
- A vulnerability assessment in which independent testers try to find vulnerabilities in the component that bypass the security functions.