DIN EN IEC 62351-3:2024-10

This part of IEC 62351 specifies how to provide confidentiality, integrity protection, and message level authentication for protocols that make use of TCP/IP as a message transport layer and utilize transport layer security when cyber-security is required. IEC 62351-3 specifies how to secure TCP/IP-based protocols through constraints on the specification of the messages, procedures, and algorithms of transport layer security. In contrast to previous editions of this document, this edition is self-contained in terms of completely defining a profile of TLS. Hence, it can be applied directly. This document reflects the security requirements of the IEC power systems management protocols. Should other standards bring forward new requirements, this document may need to be revised. The standard differs from DIN EN 62351-3 (VDE 0112-351-3):2023-03 as follows: a) inclusion of the TLSv1.2-related parameters required in IEC 62351-3, edition 1.2, which are to be specified by the referenced standard. This includes the following parameters: - the mandatory TLSv1.2 encryption suites to be supported; - specification of the parameters for session resumption; - specification of the parameters for session renegotiation; - handling of revocations using CRL and OCSP; - handling of security events; b) inclusion of a TLSv1.3 profile that can be applied in the energy management sector in a similar way to TLSv1.2 sessions. One example of application is the development of power systems management protocols and the associated data exchange. In order for the measures described in this document to be effective, they shall be recognized and referenced in the specifications of protocols that use TCP/IP security via TLS. This document has been prepared in order to enable this process.