|
US$719.00 · In stock
Delivery: <= 5 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 33009.3-2016: Industrial automation and control system security -- Distributed control system (DCS) -- Part 3: Assessment guidelines
Status: Valid
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GB/T 33009.3-2016 | English | 719 |
Add to Cart
|
5 days [Need to translate]
|
Industrial automation and control system security -- Distributed control system (DCS) -- Part 3: Assessment guidelines
| Valid |
GB/T 33009.3-2016
|
PDF similar to GB/T 33009.3-2016
Basic data | Standard ID | GB/T 33009.3-2016 (GB/T33009.3-2016) | | Description (Translated English) | Industrial automation and control system security -- Distributed control system (DCS) -- Part 3: Assessment guidelines | | Sector / Industry | National Standard (Recommended) | | Classification of Chinese Standard | N10 | | Classification of International Standard | 25.040 | | Word Count Estimation | 36,319 | | Date of Issue | 2016-10-13 | | Date of Implementation | 2017-05-01 | | Regulation (derived from) | National Standard Notice No. 17 of 2016 | | Issuing agency(ies) | General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, Standardization Administration of the People's Republic of China | GB/T 33009.3-2016: Industrial automation and control system security -- Distributed control system (DCS) -- Part 3: Assessment guidelines
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Industrial automation and control system security - Distributed control system (DCS) - Part 3. Assessment guidelines
ICS 25.040
N10
National Standards of People's Republic of China
Industrial Automation and Control System Network Security
Distributed Control System (DCS)
Part 3. Assessment guidelines
Distributedcontrolsystem (DCS) -
Part 3.Assessmentguidelines
2016-10-13 released
2017-05-01 is implemented
General Administration of Quality Supervision, Inspection and Quarantine of People's Republic of China
China National Standardization Administration released
Directory
Foreword Ⅲ
1 Scope 1
2 Normative references 1
3 Terms, definitions, abbreviations 1
3.1 Terms and definitions 1
3.2 Abbreviations 4
4 DCS Security Risk Assessment Overview 4
4.1 DCS System Overview 4
4.2 DCS security risk assessment process framework and process 6
4.3 Evaluation Results 9
5 Assessment Preparation 11
5.1 Overview 11
5.2 Determine the target of DCS assessment 11
5.3 to determine the scope of assessment 11
5.4 Formation of evaluation team 11
5.5 System Research 11
5.6 to determine the basis for assessment and method 12
5.7 Develop Evaluation Program 12
5.8 Get Support 12
6 DCS safety factor identification 12
6.1 DCS Asset Identification 12
6.2 DCS Vulnerability 13
6.3 threat identification 14
6.4 Process Feature Identification 15
7 DCS Risk Analysis 16
7.1 Risk Calculation Principle 16
7.2 Risk Management Plan 17
8 Document Security Risk Assessment Document 17
8.1 Assessment Documentation Requirements 17
8.2 Evaluation Documents 18
Appendix A (Normative) Security risk assessment of each stage of DCS life cycle 19
Appendix B (informative) risk testing tools and distributed control system (DCS) common test content 23
Appendix C (Normative) Calculation of risk 26
References 33
Foreword
GB/T 33009 "industrial automation and control systems network security distributed control system (DCS)" and GB/T 33008 "industrial automation
And control system network security programmable logic controller (PLC) "together constitute the industrial automation and control systems network security series
standard.
GB/T 33009 "Industrial Automation and Control System Network Security Distributed Control System (DCS)" is divided into four parts.
--- Part 1. Protection requirements;
--- Part 2. Management requirements;
--- Part 3. Evaluation Guide;
--- Part 4. Risk and vulnerability testing requirements.
This section GB/T 33009 Part 3.
This section drafted in accordance with GB/T 1.1-2009 given rules.
This part is proposed by China Machinery Industry Federation.
This part of the National Industrial Process Measurement, Control and Automation Standardization Technical Committee (SAC/TC124) and the National Information Security Standard
Standardization Technical Committee (SAC/TC260) centralized.
This part of the drafting unit. Zhejiang Research Institute Co., Ltd., Zhejiang University, Machinery Industry Instrumentation Technology and Economy Institute, heavy
Qing Posts and Telecommunications University, Shenyang Institute of Automation, Chinese Academy of Sciences, Southwest University, Fujian Institute of Technology, Hangzhou Institute of Science and Technology, Beijing Kai
Star Information Security Technology Co., Ltd., China Electronics Standardization Institute, State Grid Smart Grid Research Institute, China Nuclear Power Engineering Limited
Company, Shanghai Automation Instrumentation Co., Ltd., Tung Technology Co., Ltd., Tsinghua University, Siemens (China) Co., Ltd., Shi Na
Germany Electric (China) Co., Ltd., Beijing Iron and Steel Design and Research Institute, Huazhong University of Science and Technology, Beijing Austin Technology Co., Ltd., Rockwell since
Automation (China) Co., Ltd., China Instrument Society, Ministry of Industry and Information Technology Institute of the Fifth, Beijing Haitai radius Technology Co., Ltd.
Division, Qingdao Tofino Information Security Technology Co., Ltd., Beijing Guodian Zhishen Control Technology Co., Ltd., Beijing Power Control Wacom Technology Co., Ltd.,
Beijing Hollysys Systems Engineering Co., Ltd., China National Petroleum Pipeline Co., Ltd., Beijing Kuang En Network Technology Co., Ltd., Southwest
Power Design Institute, Guangdong Aerospace Satellite Technology Co., Ltd., North China Electric Power Design Institute Engineering Co., Ltd., Huawei Technologies Co., Ltd., China Electronics
Thirty Institute of Science and Technology Corporation, Shenzhen Wansun Control Co., Ltd., Yokogawa Electric (China) Co., Ltd. Beijing R & D center.
The main drafters of this section. Shi Yiming, Feng Dongqin, Mei Ke, Wang Yumin, Wang Ping, Wang Hao, Gao Mengzhou, Xu Shanshan, Xu winter, Liu Feng,
Xu Jianxin, Chen Ping, Yang Yuemei, Chen Jianfei, but also about Hui, Huang Jiahui, Jia Chi Qian, Liang Yao, Liu Dalong, Lu Geng Hong, Liu Wenlong, Wang Fang, Meng Yahui,
Fan Kefeng, Liang Xiao, Wang Yanjun, Zhang Jianjun, Xue Baihua, Xu Bin, Chen Xiaotao, Hua Rong, Gao Kunlun, Wang Xue, Zhou Chunjie, Zhang Li, Liu Jie,
Wang Tao, Sun Jing, Hu Boliang, Liu Anzheng, Tian Yucong, Fang Liang, Ma Xinxin, Wang Yong, Du Jialin, Chen Rigang, Li Rui, Liu Limin, Kong Yong,
Zhu Jingling, Zhang Zhi, Zhang Jianxun, Lan Kun, Zhang Jinbin, Cheng Jixun, Shang Wenli, Zhong Cheng, Liang Meng, Chen Xiaofeng, Bo Zhijun, Ding Lu, Li Lin, Yang Yingliang,
Yang Lei.
Industrial Automation and Control System Network Security
Distributed Control System (DCS)
Part 3. Assessment guidelines
1 Scope
GB/T 33009 provisions of this part of the distributed control system security risk assessment level, the assessment of the object and the implementation process to
And safety effectiveness test.
This section applies to power, petroleum, chemical, water conservancy, metallurgy, building materials and other fields for DCS system security risk assessment live
It also applies to system maintenance activities that guide DCS users in improving and enhancing their DCS security capabilities in their production systems.
2 Normative references
The following documents for the application of this document is essential. For dated references, only the dated version applies to this article
Pieces. For undated references, the latest edition (including all amendments) applies to this document.
Information security technology Information security risk assessment code
Information security for industrial control systems - Part 1. Evaluation criteria
3 Terms, definitions, abbreviations
3.1 Terms and definitions
GB/T 20984-2007 and GB/T 30976.1-2014 define the following terms and definitions apply to this document. For the sake of it
In use, the following repetition lists some of the terms and definitions in GB/T 20984-2007 and GB/T 30976.1-2014.
3.1.1
Acceptance acceptance
A method used to end the project implementation in the risk assessment activities is mainly organized by the organization under assessment and carries out item-by-item inspection on the assessment activities
The test, to achieve the assessment of the target to accept the standard.
[GB/T 30976.1-2014, Definition 3.1.4]
3.1.2
Access control accesscontrol
Protect system resources against unauthorized access; the process of using system resources is based on security policies and based on this policy only
Authorized entities (users, programs, processes, or other systems) are allowed.
[IEC 62443-1-1, definition 3.2.2]
3.1.3
Availability availability
Data or resources can be authorized entities to access and use features.
[GB/T 20984-2007, Definition 3.3]
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 33009.3-2016_English be delivered?Answer: Upon your order, we will start to translate GB/T 33009.3-2016_English as soon as possible, and keep you informed of the progress. The lead time is typically 3 ~ 5 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of GB/T 33009.3-2016_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 33009.3-2016_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.
|