1. Home
  2. Moldova standards
  3. STM
  4. St IEC 62351-3-2023

IEC 62351-3-2023 PDF

St IEC 62351-3-2023

Name in English:
St IEC 62351-3-2023

Name in Russian:
Ст IEC 62351-3-2023

Description in English:

Original standard IEC 62351-3-2023 in PDF full version. Additional info + preview on request

Description in Russian:
Оригинальный стандарт IEC 62351-3-2023 в PDF полная версия. Дополнительная инфо + превью по запросу
Document status:
Active
Format:
Electronic (PDF)
Delivery time (for English version):
1 business day
Delivery time (for Russian version):
365 business days
SKU:
stiec06872
Choose Document Language:
€35

Full title and description

Power systems management and associated information exchange - Data and communications security - Part 3: Communication network and system security - Profiles including TCP/IP. This international standard specifies how to provide confidentiality, integrity protection and message-level authentication for TCP/IP‑based protocols used in power system environments by defining constrained, power‑system‑appropriate profiles of Transport Layer Security (TLS).

Abstract

IEC 62351-3:2023 (Ed. 2.0) defines TLS profiles and related constraints (for TLS 1.2 and TLS 1.3) tailored to SCADA, telecontrol and other TCP/IP‑based power system protocols. It covers mandatory cipher suites, session management (resumption and renegotiation), certificate handling and revocation (CRL/OCSP), security event definitions for auditing and intrusion detection, and conformance considerations. This edition cancels and replaces the first edition and its amendments and introduces a formal TLS 1.3 profile and clarified TLS 1.2 parameters.

General information

  • Status: International Standard — current edition (technical revision).
  • Publication date: 6 June 2023.
  • Publisher: International Electrotechnical Commission (IEC).
  • ICS / categories: 33.200 (Power systems management and associated information exchange).
  • Edition / version: Edition 2.0 (2023).
  • Number of pages: 103 pages.

Scope

Specifies how to secure TCP/IP‑based protocols in power system environments by constraining TLS message formats, procedures and algorithm choices so they are applicable to telecontrol and related applications. It is intended for use as a normative reference by IEC protocol standards needing TLS-based security. Use of intermediate external security devices (for example bump‑in‑the‑wire) is considered out of scope. The document addresses both TLS 1.2 and TLS 1.3 application differences where relevant.

Key topics and requirements

  • Defined TLS profiles for TLS 1.2 and TLS 1.3 tailored to power system communications (mandatory/allowed cipher suites and parameter constraints).
  • Session management rules: session resumption, renegotiation behavior and recommended parameters.
  • Certificate handling and trust anchor management, including guidance on certificate size, exchange procedures and revocation checking via CRL and OCSP.
  • Definition of security events and error conditions to support audit trails, intrusion detection and conformance testing.
  • Constraints and recommendations aimed at interoperability, operational robustness and secure deployment within utility networks.

Typical use and users

Used by utilities, grid operators, device and protocol vendors, system integrators, security architects, test laboratories and standards committees to design, implement and verify secure TCP/IP communications for power system applications (eg. SCADA and telecontrol). It supports implementers who need interoperable TLS configurations and auditors who assess compliance with IEC power‑system security requirements.

Related standards

Part of the IEC 62351 series on data and communications security for power systems; directly related parts include IEC 62351-1 (overview), IEC 62351-2 (glossary), and IEC 62351-9 (cyber security key management). It is intended to be referenced by other IEC protocol‑specific standards that require TLS profiles. The standard also references relevant IETF RFCs (for example RFC 5246 for TLS 1.2 and RFC 8446 for TLS 1.3) and certificate/profile RFCs used for practical implementation.

Keywords

IEC 62351, TLS profile, TLS 1.2, TLS 1.3, SCADA security, telecontrol, TCP/IP security, cipher suites, certificate revocation, CRL, OCSP, session resumption, security events, power systems communications.

FAQ

Q: What is this standard?

A: IEC 62351-3:2023 is the IEC international standard specifying TLS-based security profiles and operational constraints for securing TCP/IP‑based communications in power systems.

Q: What does it cover?

A: It covers how to apply Transport Layer Security (TLS) in the power‑system context, specifying acceptable cipher suites and parameters for TLS 1.2 and TLS 1.3, session handling, certificate and revocation handling (CRL/OCSP), and definitions of security events for logging and conformance.

Q: Who typically uses it?

A: Utilities, grid operators, equipment vendors, integrators, security engineers, test houses and standards bodies use it to ensure interoperable, secure TCP/IP communications in power system deployments.

Q: Is it current or superseded?

A: Edition 2.0 published in 2023 is the current edition; it cancels and replaces the first edition and subsequent amendments. The IEC entry lists stability information and indicates this technical revision as the active edition.

Q: Is it part of a series?

A: Yes — IEC 62351-3 is one part of the broader IEC 62351 series on data and communications security for power systems; other parts cover overview, glossary, key management and protocol‑specific guidance.

Q: What are the key keywords?

A: TLS profiles, TLS 1.2, TLS 1.3, cipher suites, SCADA, telecontrol, TCP/IP security, certificates, CRL, OCSP, security events, IEC 62351.