security profile for openadr - Open Smart Grid - OpenSG - UCA ...
security profile for openadr - Open Smart Grid - OpenSG - UCA ...
security profile for openadr - Open Smart Grid - OpenSG - UCA ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
4 860 Security Controls<br />
861<br />
862<br />
863<br />
864<br />
865<br />
866<br />
867<br />
868<br />
869<br />
870<br />
871<br />
872<br />
873<br />
874<br />
875<br />
876<br />
877<br />
878<br />
879<br />
880<br />
This section defines the set of recommended <strong>security</strong> controls <strong>for</strong> <strong>Open</strong>ADR systems and<br />
components as that satisfy the functionality of the roles and use cases delineated earlier in<br />
this document. Many of the <strong>security</strong> controls in this document are inspired by and<br />
intended to cover the technical requirements found in NIST IR 7628 as applied to<br />
Demand Response technology and related systems. The controls presented herein may<br />
then, in turn, be satisfied by communications protocol definition-level standards and<br />
manufacturing specifications. This section defines the controls, and assigns the controls<br />
to roles.<br />
4.1 Scope of Security Controls<br />
The scope of network topology of <strong>Open</strong>ADR systems defined in this document is limited<br />
to the interactions between a paired DR Controlling Entity and DR Resource over a<br />
public (Internet) or private network. The Network Architecture at these points should<br />
follow best practices <strong>for</strong> securing internal systems. The specific practices are out of scope<br />
of this document. Numerous documents on best practices are available on the NIST<br />
Computer Security Resource Center (http://csrc.nist.gov/publications/index.html), and are<br />
summarized in “Generally Accepted Principles and Practices <strong>for</strong> Securing In<strong>for</strong>mation<br />
Technology Systems” (http://csrc.nist.gov/publications/nistpubs/800-14/800-14.pdf).<br />
Securing internal systems is also addressed by corporate or other organizational policies<br />
that are also out of scope. The process <strong>for</strong> tailoring <strong>security</strong> controls to an organization<br />
SECURITY PROFILE FOR OPENADR<br />
Version – 0.02<br />
<strong>UCA</strong> International Users Group December 15, 2011<br />
50