IEC 62351-11-2016 PDF

Full title and description

Power systems management and associated information exchange - Data and communications security - Part 11: Security for XML documents. IEC 62351-11:2016 specifies schemas, procedures and algorithms for securing XML documents used in power systems and related domains; it profiles and extends W3C XML security standards to provide a consistent method for encrypting, signing and encapsulating XML files exchanged between systems and referenced by other IEC standards.

Abstract

IEC 62351-11:2016 defines an XML file structure, XSD components, access-control constructs and profiles of W3C XML Signature and XML Encryption to enable authenticated, integrity-protected and optionally confidential XML exchanges in the power-systems domain. It is intended to be referenced by or incorporated into other standards (for example IEC 61850 and IEC 61970) when secure XML exchange is required.

General information

• Status: Published / Active
• Publication date: 28 September 2016
• Publisher: International Electrotechnical Commission (IEC)
• ICS / categories: 33.200 (Telecontrol, telemetering)
• Edition / version: Edition 1.0 (2016)
• Number of pages: 79

Details above are taken from the official IEC publication metadata and recognized national publishers.

Scope

The standard defines a general IEC 62351-11 XML file encapsulation model (header, information body and security wrappers), XSD type definitions for headers and access-control elements, the use and profiling of W3C XML Signature and XML Encryption, algorithm selection guidance and sample files. It is intended for use wherever XML documents (including CIM or IEC 61850-related XML files) need confidentiality, integrity and origin authentication in power-system information exchanges.

Key topics and requirements

• IEC-defined XML file structure and XSD types (HeaderType, Information, AccessControl, etc.).
• Profiles and required usage of W3C XML Signature and XML Encryption for signing and encrypting XML content.
• Definitions for access-control lists (ACL), contractual constraints and XPATH-based restrictions within XML documents.
• Selection and registry of acceptable signature, digest and encryption algorithms (IANA-style method lists are referenced).
• Examples of signed, encrypted and plain XML files and guidance for interoperability with IEC 61850/61970 ecosystems.

These technical topics and example constructs are described and exemplified in the standard's normative and informative clauses.

Typical use and users

Primary users are standards developers, working groups and implementers in the electric power industry (for example IEC 61850 and IEC 61970/61968 implementers), system integrators, vendor product teams producing tools that consume or produce secure XML (CIM exports/imports, configuration files) and utility cybersecurity architects who need a standardized approach for securing XML exchanges. Adopted national bodies and technical committees responsible for power-systems communications also rely on this part when referencing XML security profiles.

Related standards

IEC 62351-11 is part of the IEC 62351 series on data and communications security for power systems. Closely related parts include IEC 62351-3, -4, -6, -7, -8 and the TR parts (for example TR 62351-10 and TR 62351-12). It is commonly referenced together with IEC 61850 (substation automation) and IEC 61970/61968 (CIM / energy management interfaces) where XML-based exchanges occur. For a full list of the series and current parts, consult the IEC 62351 series index.

Keywords

XML security, XML Encryption, XML Signature, W3C, XSD, IEC 62351, power systems security, IEC 61850, CIM, access control, ACL, secure XML files.

FAQ

Q: What is this standard?

A: IEC 62351-11:2016 is the IEC standard that specifies how XML documents used in power systems information exchange should be structured and protected (signing, encryption, access control) to provide interoperability and security in IEC-related exchanges.

Q: What does it cover?

A: It covers an XML encapsulation model (header, information and security wrappers), XSD type definitions, profiles for W3C XML Signature and XML Encryption, algorithm selection guidance, ACL and contractual constructs, and example files showing signed/encrypted cases.

Q: Who typically uses it?

A: Standards committees, implementers of IEC 61850/61970-based systems, utility and vendor engineers working on XML-based data exchange, and cybersecurity architects integrating XML security into power-system interfaces.

Q: Is it current or superseded?

A: IEC 62351-11 was published on 28 September 2016 (Edition 1.0). The IEC publication metadata lists a stability date of 2026; as of 25 February 2026 the document remains the published edition and has not been shown as withdrawn or replaced by a newer IEC 62351-11 edition. Users should check the IEC catalogue for any post‑publication amendments or a newer edition after that date.

Q: Is it part of a series?

A: Yes — IEC 62351-11 is one part of the broader IEC 62351 series addressing data and communications security for power systems; the series contains numerous parts and TR/TS documents covering protocol-specific and general security measures.

Q: What are the key keywords?

A: XML security, XML Signature, XML Encryption, XSD, W3C, IEC 62351, access control, CIM, IEC 61850.