7SR5 Reyrolle Security Conformance Self Assessment V2.30

Preface
Table of Contents
Introduction 1
Reyrolle 7SR5 Objectives 2
Security Conformance Self
Assessment
Instructions for Use 3
BDEW Whitepaper Security Requirements 4
V2.30 IEEE 1686:2013 Security Requirements 5
IEC 62443-4-2 Security Requirements 6
Manual
Literature
Glossary
C53000-T7040-C025-1
NOTE
i For your own safety, observe the warnings and safety instructions contained in this document, if available.
Disclaimer of Liability Copyright

Subject to changes and errors. The information given in Copyright © Siemens 2021. All rights reserved.
this document only contains general descriptions and/or The disclosure, duplication, distribution and editing of this
performance features which may not always specifically document, or utilization and communication of the content
reflect those described, or which may undergo modifica- are not permitted, unless authorized in writing. All rights,
tion in the course of further development of the products. including rights created by patent grant or registration of a
The requested performance features are binding only when utility model or a design, are reserved.
they are expressly agreed upon in the concluded contract.
Document version: C53000-T7040-C025-1.01
Edition: 11.2021
Version of the product described: V2.30
Preface
Purpose of the Manual

This document describes the conformance assessment of the following products:
• Reyrolle 7SR5 hardware and firmware released for delivery in October 2019 or later
• Reydisp Manager 2 V2.00 or higher
• Virtual EN100 V1.20 or higher

with relevant parts (product focus) of the security requirements of the:
• BDEW Whitepaper – Requirements for Secure Control and Telecommunication Systems, Version 2.0
• IEEE 1686:2013
• IEC 62443-4-2
as set forth in the subsequent chapters.
Purpose of the Manual
Scope
This document applies to the Reyrolle 7SR5 product line, hardware and firmware versions dated October 2019
or later and Reydisp Manager 2, V2.00 or higher.
These are in detail:
• Reydisp Manager 2
• Reydisp Manager 2 Editors

The above-mentioned applications include neither hardware components nor the operating system nor other
standard software such as Microsoft Office or Adobe Acrobat Reader.
This document only describes product characteristics of Reyrolle 7SR5, Reydisp Manager 2, and Virtual EN100.
It does not describe any system characteristics that result from system-specific networking and parameterizing
of the products into an overall system.
To ensure the proper functioning of Reydisp Manager 2 on the most various operating system platforms
(version + service pack + patches), the corresponding current operating system/application combinations are
tested within the framework of product development.
Each Reydisp Manager 2 installation medium includes a compatibility list created for the individual Reydisp
Manager 2 application (version + service pack + build) on its release date.
The comments described in this document relate to:
• Product development
• Product service
The following fields are not covered in this document:
• System integration (entire system consisting of Reyrolle 7SR5, Reydisp Manager 2, and other automation
components, network components, protection devices, etc.)
• Project planning / implementation
Reyrolle 7SR5, Security Conformance Self Assessment, Manual 3

C53000-T7040-C025-1, Edition 11.2021
Preface
• System service
• Control center operation/system operation
Target Group
This document is primarily intended for persons working in the following areas:
• Sales of systems and equipment
• Project planning/implementation
Security Information
Siemens provides products and solutions with security functions that support the secure operation of plants,
systems, machines and networks. In order to protect plants, systems, machines and networks against cyber-
threats, it is necessary to implement – and continuously maintain – a holistic, state-of-the-art security concept.
Siemens’ products and solutions constitute one element of such a concept. Customers are responsible for
preventing unauthorized access to their plants, systems, machines and networks. Such systems, machines and
components should only be connected to an enterprise network or the internet if and to the extent such a
connection is necessary and only when appropriate security measures (e.g. firewalls and/or network segmen-
tation) are in place.
Siemens’ products and solutions undergo continuous development to make them more secure. Siemens
strongly recommends that product updates are applied as soon as they are available and that the latest
product versions are used. Use of product versions that are no longer supported, and failure to apply the latest
updates may increase customer’s exposure to cyberthreats.
For more information about grid security, visit https://www.siemens.com/gridsecurity
4 Reyrolle 7SR5, Security Conformance Self Assessment, Manual

C53000-T7040-C025-1, Edition 11.2021
Table of Contents
Preface.......................................................................................................................................................... 3
1 Introduction ................................................................................................................................................. 7
2 Objectives..................................................................................................................................................... 9
3 Instructions for Use.................................................................................................................................... 11
4 BDEW Whitepaper Security Requirements................................................................................................. 13

4.1 General Requirements.......................................................................................................14
4.1.1 Secure System Architecture......................................................................................... 14
4.1.2 Patching and Patch Management.................................................................................14
4.1.3 Provision of Security Patches for all System Components.............................................. 15
4.1.4 Support for Deployed System Components.................................................................. 16
4.1.5 Encryption of Sensitive Data during Storage and Transmission..................................... 16
4.1.6 Cryptographic Mechanisms..........................................................................................17
4.1.7 Secure Standard Configuration.................................................................................... 17
4.1.8 Integrity Testing.......................................................................................................... 17
4.1.9 Use of Cloud Services...................................................................................................18
4.1.10 Documentation Requirements..................................................................................... 18
4.2 Project Management......................................................................................................... 19
4.2.1 Contacts...................................................................................................................... 19
4.2.2 Security and Acceptance Testing.................................................................................. 19
4.2.3 Secure Data Storage and Transmission......................................................................... 19
4.2.4 Delivery of Project-Specific Modification.......................................................................20
4.3 Base System ..................................................................................................................... 21
4.3.1 System Hardening....................................................................................................... 21
4.3.2 Malware Protection..................................................................................................... 21
4.3.3 Autonomous User Authentication................................................................................ 22
4.3.4 Virtualization Technologies.......................................................................................... 22
4.4 Network and Communications ......................................................................................... 23
4.4.1 Used Protocols and Technologies................................................................................. 23
4.4.2 Secure Network Structure............................................................................................ 24
4.4.3 Documentation of Network Structure and Configuration.............................................. 24
4.4.4 Secure Remote Access................................................................................................. 25
4.4.5 Wireless Technologies..................................................................................................25
4.5 Application ...................................................................................................................... 26
4.5.1 Role Concepts..............................................................................................................26
4.5.2 User Authentication and Login.....................................................................................26
4.5.3 Authorization of Actions at the User and System Levels................................................ 26

C53000-T7040-C025-1, Edition 11.2021
Table of Contents
4.5.4 Web Applications and Web Services............................................................................. 27

4.5.5 Integrity Testing.......................................................................................................... 27
4.5.6 Logging.......................................................................................................................27
4.6 Development.................................................................................................................... 29
4.6.1 Secure Development Standards, Quality Management and Approval Processes............. 29
4.6.2 Secure Development, Test and Staging Systems, Integrity Testing................................ 30
4.7 Maintenance.....................................................................................................................31
4.7.1 Maintenance Process Requirements............................................................................. 31
4.7.2 Secure Update Processes............................................................................................. 31
4.7.3 Configuration and Change Management, Rollback....................................................... 31
4.7.4 Handling of Vulnerabilities...........................................................................................32
4.8 Data Back-Up and Emergency Planning..............................................................................33
4.8.1 Back-up: Concept, Method, Documentation, Testing.................................................... 33
4.8.2 Emergency Concept and Recovery Plans.......................................................................33
5 IEEE 1686:2013 Security Requirements......................................................................................................35

5.1 Table of Compliance according to Standard IEEE 1686:2013.............................................. 36
6 IEC 62443-4-2 Security Requirements........................................................................................................ 39

6.1 FR 1: Identification and Authentication Control..................................................................40
6.2 FR 2: Use Control.............................................................................................................. 42
6.3 FR 3: System Integrity....................................................................................................... 44
6.4 FR 4: Data Confidentiality.................................................................................................. 46
6.5 FR 5: Restricted Data Flow................................................................................................. 47
6.6 FR 6: Timely Response to Events........................................................................................ 48
6.7 FR 7: Resource Availability................................................................................................. 49
Literature.................................................................................................................................................... 51
Glossary...................................................................................................................................................... 53

C53000-T7040-C025-1, Edition 11.2021
1 Introduction
This document describes the conformance of the Reyrolle 7SR5 and Reydisp Manager 2 products with the
security requirements set forth in the BDEW White Paper – Requirements for Secure Control and Telecom-
munication Systems.

C53000-T7040-C025-1, Edition 11.2021
C53000-T7040-C025-1, Edition 11.2021
2 Objectives
• To protect control systems including subsystems appropriately against security threats during daily opera-
tion, to minimize the consequences of threats to operations, to maintain business operations even in the
event of security related incidents and to restore a defined minimum of service and service quality as
quickly as possible.
• To continuously adapt these systems to changing security threats so that they are adequately protected,
and the residual risk is minimized.
• To provide the basis for the submission of bids.

C53000-T7040-C025-1, Edition 11.2021
C53000-T7040-C025-1, Edition 11.2021
3 Instructions for Use
Chapter 4 BDEW Whitepaper Security Requirements describes the implementation of the requirements speci-
fied in the BDEW White Paper. To facilitate the correlation between the requirements set forth in the BDEW
White Paper and their implementation in Reyrolle 7SR5, Reydisp Manager 2, Virtual EN100, chapter numbers
and names from the BDEW White Paper have been applied to this document.

C53000-T7040-C025-1, Edition 11.2021
C53000-T7040-C025-1, Edition 11.2021
4 BDEW Whitepaper Security Requirements
4.1 General Requirements 14

4.2 Project Management 19
4.3 Base System 21
4.4 Network and Communications 23
4.5 Application 26
4.6 Development 29
4.7 Maintenance 31
4.8 Data Back-Up and Emergency Planning 33

C53000-T7040-C025-1, Edition 11.2021
BDEW Whitepaper Security Requirements
4.1 General Requirements
4.1.1 Secure System Architecture
BDEW ISO/IEC 27002:2013: 9.4.1, 13.1.3, 14.2.5, 14.2.7, 17.2.1

4.1.1 Individual components and the entire system shall be designed and developed to support secure
operations. Secure system design principles include:
Security by design: The entire system and its individual components are designed on the basis of
and with a focus on security. Deliberate attacks and unauthorized actions are explicitly taken into
account while any repercussions arising from a security event are minimized by the system’s
inherent design.
Minimal need-to-know principle: Each component and each user is only assigned the rights they
need to execute a desired action. Applications and network services, for examples, are not run
under administrator privileges, but only with the bare minimum of required system access rights.
Defence-in-depth principle: Security risks are not tackled via single protection measures, but
limited through the implementation of staggered, multi-level and complementary security meas-
ures.
Redundancy principle: The entire system is designed to ensure that the failure of individual
components does not impair security-related functions. The system’s design lowers the likelihood
and impact of issues caused by unrestricted requests for system resources such as e.g. main
memory (RAM) or network bandwidth (so-called resource consumption or DoS attacks).
Reyrolle 7SR5, Reydisp Manager 2 and Virtual EN100 support techniques for the implementation of system
designs that ensure the secure operation of the entire system.
NOTE
i Information for project planning/implementation:

As a basis for secure system design and secure system operation, this includes the following information:
• Typical system configurations
• Secure basic configuration
• Security relevant system settings, parameters and their defaults
• Measures for system hardening
• Traffic matrix (communication interfaces)
• Instructions for security conscious behavior (patch management, anti-virus protection, backup/
restore)
• Explanation of security specific log and audit messages; possible causes; suitable countermeasures
4.1.2 Patching and Patch Management
BDEW ISO/IEC 27002:2013 / 27019:2017: 12.6.1

4.1.2 All system components shall be patchable. The supplier shall support a patch management process
for both the individual components and the entire system, designed to enable the control and
management of security patch testing, installation and documentation.
The operator himself resp. the assigned service provider shall be able to install the security patches
and updates. Patch installations resp. uninstalls shall be authorised by the operator and shall not
occur automatically. Any installation resp. uninstall shall be recorded in a transparent and tamper-
proof way within the system.
The integrity of security patches and updates shall be verifiable using a cryptographic mechanism.

C53000-T7040-C025-1, Edition 11.2021
Reyrolle 7SR5
For Reyrolle 7SR5 products, any firmware can be reloaded and updated individually which ensures the patch
ability of the system.
During the firmware update process, the device is not operational. If an interruption of normal operations is
unacceptable, the use of redundant systems can ensure uninterrupted operation.
For the product development of Reyrolle 7SR5, Siemens has a patch-management process in place according
to all firmware releases, as well as enhancements and bug fixes included. They are documented in a traceable
manner.
Reydisp Manager 2
Reydisp Manager 2 is patched by means of maintenance releases and hotfixes.
For Reydisp Manager 2 product development, Siemens has a patch-management process in place according to
all releases, as well as enhancements and bug fixes included. They are documented in a traceable manner.
Security updates for third-party components used by Reydisp Manager 2 (for example for a Windows operating
system) are also tested within this framework and released for use with Reydisp Manager 2.
Updates are made available by Siemens free of charge. The corresponding installation is usually performed by
the system operator or the service technician responsible for system maintenance.
NOTE
i Information for project planning/implementation, system service:

Appropriate measures such as redundancy, emergency control level, manual operation, etc. must be taken
in order to ensure that the impact of firmware updates for individual system components on the availability
of the entire system is reduced to an absolute minimum.
A patch management process must be agreed with the customer, which defines workflows and responsibil-
ities for the provision, testing, installation and documentation of security patches and updates.
4.1.3 Provision of Security Patches for all System Components
BDEW ISO/IEC 27002:2013 / 27019:2017: 12.5.1, 12.6.1

4.1.3 The supplier shall ensure that security updates are available for all system components throughout
the entire contractually stipulated operating timeframe.
The contractor shall obtain, test and – where necessary – forward updates from the respective
manufacturers for basic components that were not developed by the contractor himself such as the
operating system, libraries or database management systems. All update testing, approval and
delivery shall take place within an adequate, contractually stipulated timeframe.
Depending on the contractual terms, Siemens provides security updates for Reyrolle 7SR5, Reydisp Manager 2,
and Virtual EN100 throughout the entire life cycle of a product.
• Patches are only provided after careful testing.
• Updates must be installed by the operating personnel responsible for the administration of these
systems.
• The installation of patches must be authorized by the system operator and must not be performed auto-
matically.
Reyrolle 7SR5
Updates of basic components not developed by Siemens, for example of operating systems or libraries, are
obtained from the corresponding manufacturers, tested and made available within the scope of new firmware
releases.

C53000-T7040-C025-1, Edition 11.2021
Reydisp Manager 2
Updates of basic components not developed by Siemens are obtained from the corresponding manufacturers
tested and made available within the scope of new firmware releases (maintenance releases, hotfixes). Within
the framework of patch management Siemens also provides a list of released security updates for third-party
components of this type. These components were tested for compatibility with Reydisp Manager 2.
4.1.4 Support for Deployed System Components
BDEW ISO/IEC 27002:2013 / 27019:2017: 12.6.1, 14.2.7

4.1.4 The supplier shall ensure that within the planned and contractually stipulated operating timeframe,
manufacturer support and security updates are available for system components developed by
both the supplier and third-parties (e.g. operating system, database management system etc.). A
binding agreement should cover the discontinuation procedure as well as relevant minimum terms
like e.g. last customer shipping and end of support.
It is ensured that support is available during the scheduled product life-cycle for those system components
that are not developed by Siemens, but are an integral part of Reyrolle 7SR5, Reydisp Manager 2 and Virtual
EN100 products.
NOTE

The end-of-life terms for Reyrolle 7SR5, Reydisp Manager 2, and Virtual EN100 products, including relevant
deadlines such as "last customer shipping" and "end of support", must be considered in the project-contract
signing stage in close consultation with Siemens.
4.1.5 Encryption of Sensitive Data during Storage and Transmission
BDEW ISO/IEC 27002:2013 / 27019:2017: 10.1.1, 12.4.2, 13.1.2, 18.1.3, 18.1.4

4.1.5 Confidential data shall only be stored resp. transmitted encrypted.
With Reydisp Manager 2, version V2.00 or higher, and Reyrolle 7SR5 devices equipped with the EN100
Ethernet communication module with IEC 61850 firmware version V1.00 or higher, the Ethernet connection
between Reydisp Manager 2 and the device is made secure using the HTTPS protocol (Hypertext Transfer
Protocol Secure).
Furthermore the aforementioned Virtual EN100 firmware version also supports HTTPS-secured Web sites as
standard configuration for web-based maintenance and diagnostics of the Virtual EN100 modules.
Reyrolle 7SR5
During parameterization in Reyrolle 7SR5 using Reydisp Manager 2 the numeric passcodes (as “passwords” in
the user documentation) are saved in an encrypted manner as salted hashes in the parameter set and trans-
ferred to the device.
All Reyrolle 7SR5 device types support the storage and handling of passwords as salted hashes.
Reydisp Manager 2
The numeric passcodes are transmitted between Reydisp Manager 2 and the protection devices via the
Siemens-specific Reydisp Manager 2 protocol. Reydisp Manager 2 can set up a connection to the Reyrolle 7SR5
device via several interfaces. With the secure Reydisp Manager 2 engineering option, the passcode hashes are
transported over a DTLS-secured channel as a part of the parameter set from Reydisp Manager 2 to the device.
A private protocol used for communication between Reydisp Manager 2 and the protection device does not
correspond to a published standard (such as IEC 61850 or IEC 60870-5-103).

C53000-T7040-C025-1, Edition 11.2021
NOTE
i Information for project planning/implementation and system service:

The initial password for protection devices is described in the manual of each protection device.
4.1.6 Cryptographic Mechanisms
BDEW ISO/IEC 27002:2013 / 27019:2017: 10.1.1, 10.1.2, 13.1.4 ENR, 18.1.5

4.1.6 When selecting cryptographic mechanisms, national legislation shall be taken into account. Only
approved mechanisms and minimum key sizes shall be used that are considered secure for the
foreseeable future according to state-of-the-art technological knowledge. The supplier shall not
use custom cryptographic algorithms.
Considering device constraints on operational performance in the substation environment, the following
HTTPS (for engineering with Reydisp Manager 2 and Virtual EN100 Web-access) cipher suites are supported:
• TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
• TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
4.1.7 Secure Standard Configuration
BDEW ISO/IEC 27002:2013 / 27019:2017: 9.4.4, 12.5.1, 14.3.1

4.1.7 After initial installation, resp. at start-up or restart, the entire system shall be configured for a
secure operating state. This defined basic configuration shall be documented. Services and func-
tions as well as data that are only needed for development or testing shall be removed demon-
strably resp. permanently deactivated before delivery resp. before the switch to live operations.
In the original delivery state, the devices must be initialized primarily by the customer. Only after that the
devices are ready for operation. For further information on secure standard configuration refer to chapter
4.1.5 Encryption of Sensitive Data during Storage and Transmission.
NOTE
i Information for project planning / implementation:

Reydisp Manager 2 includes neither the hardware nor the operating system nor other standard software
such as Microsoft Office or Adobe Acrobat Reader.
4.1.8 Integrity Testing
BDEW ISO/IEC 27002:2013 / 27019:2017: 12.5.1, 14.2.1, 14.2.4

4.1.8 It shall be possible to check system files, applications, configuration files and application parame-
ters for integrity, for example through cryptographic checksums.
Reyrolle 7SR5
The firmware versions and parameter blocks of Reyrolle 7SR5 are protected by check sums and continuously
subjected to integrity tests during operation. Virtual EN100 (as Ethernet interface of Reyrolle 7SR5) integrity
check is checked; digitally signed firmware and signature verification during firmware update.
Reydisp Manager 2
Reydisp Manager 2 can be used to compare firmware versions and parameter states in the target system and
in the Reydisp Manager 2 project in order to detect any possible changes. Within the same device, the files are
protected against each other by means of different check-sum tests.

C53000-T7040-C025-1, Edition 11.2021
The integrity of the application data is ensured by the mechanisms on operating system level.
4.1.9 Use of Cloud Services
BDEW ISO/IEC 27002:2013 / 27019:2017: 15.1.1, 15.1.2, 15.2.1

4.1.9
Where cloud services are used, the following requirements apply:
a) Agreements shall be made with the cloud service provider about security-related processes for
cloud infrastructure operations.
b) Functions for the control of Critical Infrastructures, where manipulations could threaten the
energy supply, shall not be realized in external cloud services.
c) Downtime of a cloud service resp. access to this service shall not lead to significant restrictions
of the system’s defined basic function. Cloud service disruptions or outages shall also be
considered in the emergency concept and restoration plans (see 4.8.2).
This requirement is not relevant for Reyrolle 7SR5, Reydisp Manager 2, and Virtual EN100 as they are not using
any cloud services.
4.1.10 Documentation Requirements
BDEW ISO/IEC 27002:2013 / 27019:2017: 7.2.2, 12.1.1, 14.1.1, 14.2.7

4.1.10
At the latest, the client shall receive project-specific documentation at the system’s handover.
For individual components and entire systems, the documentation shall cover a description of all
security-related system settings and parameters as well as their standard values. Furthermore, the
documentation shall list and briefly describe security-specific implementation details (like the
employed cryptographic mechanisms).
The documentation shall also comprise additional information on the entire system’s system archi-
tecture. This includes the system’s basic and fundamental structure as well as interactions between
all involved components. In particular, this part of the documentation shall highlight security-
related or sensitive system components as well as their mutual dependencies and interactions.
For Reyrolle 7SR5, Reydisp Manager 2, and Virtual EN100, the high-level design and the fundamental system
structure are described in typical system configurations in the Reyrolle 7SR5 device manuals.
NOTE
i Information for project planning / implementation:

These typical system configurations serve as examples and do not cover all possible system configurations.
They can be used only as a starting basis for the design and documentation of the entire system.

C53000-T7040-C025-1, Edition 11.2021
4.2 Project Management
4.2.1 Contacts
BDEW ISO/IEC 27002:2013 / 27019:2017: 6.1.1, 6.1.5, 15.1.2

4.2.1 The supplier shall define a contact who is responsible for IT security during the tender process and
the system development phase as well as throughout the planned operations and maintenance
timeframe.
NOTE
i This requirement is not relevant to product development or product service.

This information must be taken into consideration within the scope of project planning/implementation
and in system service.
An IT security specialist has been appointed by Siemens within the framework of the product development
process.
4.2.2 Security and Acceptance Testing
BDEW ISO/IEC 27002:2013 / 27019:2017: 14.2.7, 14.2.8, 14.2.9, 15.2.1

4.2.2 Prior to delivery, the entire system’s components and key functions shall be subjected to security
and stress testing by the contractor – in a representative configuration and by an organizational
unit independent of the development team. The actual procedure shall be discussed and agreed in
coordination with the client. The results of these tests as well as the associated documentation
(software versions, test configuration etc.) shall be made available to the client.
In addition, the client shall have the right to undertake these tests himself or to have them carried
out by an external service provider. The type and scope of the acceptance tests shall be defined by
the client. For these tests, the client resp. the assigned service provider shall be given system
access with a maximum of technologically possible access rights.
In Reyrolle 7SR5, Reydisp Manager 2 and Virtual EN100 products, the individual system components (for
example firmware, hardware, communication) and the key functions of an integral Reyrolle 7SR5/Reydisp
Manager 2 system are subjected to extensive function, security and stress testing by departments inde-
pendent of the development teams, using representative test configurations.
The test results and the relevant documentation (software versions, test configurations, etc.) are managed.
4.2.3 Secure Data Storage and Transmission
BDEW ISO/IEC 27002:2013 / 27019:2017: 6.2.1, 8.3.3, 10.1.1, 13.2.2, 13.2.3, 13.2.4, 14.3.1
4.2.3 Confidential client data that is required or processed during the development and maintenance
process shall be encrypted during transmission via insecure connections. When saved on mobile
storage media or systems, such data shall only be stored encrypted. The amount and duration of
data storage shall be limited to a contractually specified minimum.
This requirement is not relevant because no customer data is captured for product development.
NOTE

This requirement is not relevant to the products and must be taken into consideration during project plan-
ning/implementation and product/system service. No contractor data is captured for product development.
This requirement is not relevant because no customer data is captured for product development.

C53000-T7040-C025-1, Edition 11.2021
NOTE
i Information for project planning / implementation and system service:

ning / implementation and product / system service. This requirement is not relevant because no customer
data is captured for product development.
4.2.4 Delivery of Project-Specific Modification
BDEW ISO/IEC 27002:2013 / 27019:2017: 14.2.7

4.2.4 For custom projects and project- resp. client-specific expansions, adjustments and engineering
services, all project-specific parameterizations, changes and adaptations shall be comprehensively
documented and supplied to the client in full.
NOTE
i Siemens precludes a source code escrow. As a rule, an escrowed source code is not subject to maintenance
and hardly usable if needed in the event of insolvency.

C53000-T7040-C025-1, Edition 11.2021
4.3 Base System
4.3 Base System
4.3.1 System Hardening
BDEW ISO/IEC 27002:2013 / 27019:2017: 9.4.4, 12.6.2, 13.1.2, 14.2.4, 14.2.10 ENR
4.3.1 All components of the base system shall be permanently hardened according to recognized best
practice guidelines and the latest service packs and security patches shall be installed. Unnecessary
users, default users, software, network protocols and services shall be uninstalled or – where an
uninstall isn’t possible – permanently deactivated and protected from accidental reactivation. The
entire system’s secure basic configuration shall be reviewed and documented.
Maintenance releases, hotfixes and firmware including security patches are made available for Reyrolle 7SR5,
Reydisp Manager 2, and Virtual EN100 products in a timely manner.
Hardening information for Reyrolle 7SR5, Reydisp Manager 2, and Virtual EN100 products is provided
in /4/ IEEE 1686 – IEEE Standard for Intelligent Electronic Devices Cyber Security Capabilities. Additionally, the
Secure Substation manual covers hardening of substations including protection, substation automation and
networking components.
NOTE

Reydisp Manager 2 includes neither hardware components nor the operating system nor other standard
software such as Microsoft Office or Adobe Acrobat Reader. Basic security and hardening of the operating
system and of other default software must be designed, implemented and maintained within the scope of
system development, project planning/implementation and system service.
4.3.2 Malware Protection
BDEW ISO/IEC 27002:2013 / 27019:2017: 12.2.1

4.3.2 All networked systems shall be equipped with malware protection at the appropriate location.
Alternatively to malware protection provided on all system components, the supplier can submit a
comprehensive malware protection concept that provides equal protection.
Where the use of a pattern-based solution is intended, these pattern files shall be updateable in a
timely and automated manner. Such updates shall not take place via direct connection to update
servers on external networks like the internet. For terminal systems, the time of updates needs to
be configurable.
The Reyrolle 7SR5 device is based on a Siemens-specific operating system. No special anti-malware programs
are available. Furthermore, the Reyrolle 7SR5 device is equipped with an internal firewall for protection from
attacks from the network. The firewall is enabled by default in order to enhance the standard level of protec-
tion.
All the files which can be loaded into the Reyrolle 7SR5 device are provided with a check sum which protects
them against suspicious changes by malware. Authentication/authorization between Reydisp Manager 2 and
the device prevents other applications than Reydisp Manager 2 being able to access the configuration (IEC
60870-5-103).
NOTE

Reydisp Manager 2 includes neither the hardware nor the operating system nor other standard software
such as Microsoft Office or Adobe Acrobat Reader. The malware protection must be designed, implemented
and maintained within the framework of system development, project planning/implementation and
system service. Recommendations are available with regard to compatibility-tested anti-malware programs
for Reydisp Manager 2.

C53000-T7040-C025-1, Edition 11.2021
4.3 Base System
4.3.3 Autonomous User Authentication
BDEW ISO/IEC 27002:2013 / 27019:2017: 9.2.1, 9.2.2, 9.4.2

4.3.3 Data required for user identification and authentication shall not be obtained exclusively from
outside the process network.
Reyrolle 7SR5 devices have no user management because all the parameters are defined via Reydisp Manager
2. The system operator or the system maintenance technician in charge are responsible for setting up user
management on the Reydisp Manager 2 computer. The setup of user management must be considered
accordingly during system planning and configuration.
4.3.4 Virtualization Technologies
BDEW ISO/IEC 27002:2013 / 27019:2017: 12.1.3, 12.3.1, 12.6.1, 13.1.3, 17.2.1

4.3.4
The following requirements govern the use of virtualization technologies:
a) Virtualized components assigned to different security or trust zones (e.g. internal components
and DMZ components) shall not be operated on the same virtualization servers. It shall not be
possible to bypass the network segmentation of segregated security zones via virtualization
servers.
b) Networks used for management and administration services as well as data storage of the
virtualization infrastructure shall be segregated from other networks by firewalls with only the
minimum of required network services enabled in a restrictive manner. Access to the manage-
ment and administration services and the above-mentioned networks shall be restricted to
administrators only.
c) The virtualization layer, the management and administration interfaces as well as the associ-
ated infrastructure shall be configured, secured and hardened identically and according to
manufacturer recommendations. They shall also be included in the patch management and
backup concept.
d) The virtualization servers shall have sufficient resources for operating all of the virtualized
components they are running. This is especially important for high-load operating situations.
e) Any outage of virtualization servers or of other components of the virtualization infrastructure
shall have no negative impact on the defined availability requirements. Disruptions and
outages of the virtualization environment shall also be covered and considered in the emer-
gency concept and restoration plans (see 4.8.2 Emergency Concept and Recovery Plans).
Reyrolle 7SR5, Reydisp Manager 2, and EN100 do not support virtualization technology.

C53000-T7040-C025-1, Edition 11.2021
4.4 Network and Communications
4.4.1 Used Protocols and Technologies
BDEW ISO/IEC 27002:2013 / 27019:2017: 9.4.1, 9.4.2, 10.1.1, 10.1.2, 12.9.1 ENR, 13.1.1, 13.1.2,
4.4.1 13.1.3, 13.1.4 ENR
a) In general, only secure communication standards and protocols that include integrity protec-
tion, authentication and, if applicable, encryption shall be used if and where the technology
allows. This is a non-negotiable requirement for any protocols used for remote administration
and parameterization and shall also be taken into account where non-standard resp. propri-
etary protocols are used.
b) It shall be possible to integrate the entire system and any associated network components into
the overall company’s network concept. Central administration for relevant network configura-
tion parameters like IP addresses shall be possible. For administration and monitoring secure
protocols that ensure integrity protection, authentication and encryption shall be used.
Network components shall be hardened, unnecessary services and protocols deactivated and
management interfaces protected via ACLs.
c) Network components provided by the supplier shall be capable of integrating into a central
inventory and patch management.
d) Where the technology allows it, WAN connections shall use the IP protocol and unencrypted
application protocols shall be secured by encryption on the lower network layers (e.g. via TLS
encryption or encrypted VPN technology).
e) Where network infrastructure components are shared (e.g. by the use of VLAN or MPLS tech-
nologies), the network with the highest protection requirement level shall indicate the respec-
tive hardware and parameterization requirements. The shared use of network components
shall only be shared in case of different protection requirements when this shared use can in
no way decrease the protection level or availability.
Reyrolle 7SR5, Reydisp Manager 2, and Virtual EN100
a) Standard protocols such as IEC 61850 are used for the transmission of process data. Neither authentica-
tion nor encryption is provided for these protocols. Integrity checks are performed by means of CRC or
check sums.
b) Integration into the network design is possible and related recommendations and notes are provided
in /3/ Secure Substation Manual – System Hardening for Substation Automation and Protection. For a
description of secure protocols supported, refer to 4.1.5 Encryption of Sensitive Data during Storage
and Transmission.
NOTE

Reydisp Manager 2 is based on the Microsoft Windows operating system. Administration, monitoring and
hardening of the operating system are not part of Reydisp Manager 2; tested and released patches for
Reydisp Manager 2 are available in the Reydisp Manager 2 HotFix resp. Service Pack.
c) Network components are not included in the scope of delivery of Reyrolle 7SR5.
NOTE

Reydisp Manager 2 is based on the Microsoft Windows operating system. Inventory and patch management
of the operating system are not part of Reydisp Manager 2; tested and released patches for Reydisp
Manager 2 are available in the Reydisp Manager 2 HotFix resp. Service Pack.

C53000-T7040-C025-1, Edition 11.2021
d) IP-based communication between Reydisp Manager 2 and the Reyrolle 7SR5/Compact Virtual EN100
communication module can be secured with the HTTPS and DTLS protocol. In addition, the setup of VPN
connections can be considered in the system design.
e) Engineering and maintenance operations over UDP and HTTP protocol are only supported in the Virtual
EN100 communication module for backward compatibility and can be activated after disabling their
secure variants. For further information refer to 4.1.7 Secure Standard Configuration and 4.1.5 Encryp-
tion of Sensitive Data during Storage and Transmission.
NTP over UDP is supported for time synchronization. Other communication protocols such as IEC 61850
are set up according to the corresponding standards.
NOTE

The NTP protocol (Network Time Protocol) used for time synchronization on the operating system level is
based on UDP.
4.4.2 Secure Network Structure
BDEW ISO/IEC 27002:2013 / 27019:2017: 9.4.1, 12.9.1 ENR, 13.1.1, 13.1.2, 13.1.3, 13.1.4 ENR, 13.1.5
4.4.2 ENR
a) Vertical network segmentation: Where applicable and technologically feasible, the system’s
underlying network structure shall be divided into zones with different functions and protec-
tion requirements. Where the technology allows it, these network zones shall be separated by
firewalls, filtering routers or gateways. Communications with other networks shall only occur
via the communication protocols approved by the client and in compliance with the applicable
security guidelines.
b) Horizontal network segmentation: Where applicable and technically feasible, the system’s
underlying network structure shall also be subdivided horizontally, into independent zones
(e.g. according to sites) that are also separated by firewalls, filtering routers or gateways.
NOTE

This requirement is not relevant to the products and must be taken into consideration during system design
and project planning/implementation.
4.4.3 Documentation of Network Structure and Configuration
BDEW 4.4.3 ISO/IEC 27002:2013 / 27019:2017: 8.1.1

The following shall be documented: network design and configuration; all physical, virtual
and logical network connections and the employed protocols, IP addresses and ports; and
any network perimeters that are part of the system or interact with it. Any changes, e.g.
via updates, shall be included in the documentation as part of the overall change manage-
ment. This documentation shall also cover information on normal and maximum expected
data transmission rates, to allow for limiting data transmission rates on the network
components to prioritize traffic and prevent DoS issues, where necessary.
NOTE
i Information for system development and project planning/implementation:

This requirement is not relevant to the products and must be taken into consideration during system design
and project planning/implementation. For more detailed information refer to /3/ Secure Substation Manual
– System Hardening for Substation Automation and Protection.

C53000-T7040-C025-1, Edition 11.2021
4.4.4 Secure Remote Access
BDEW ISO/IEC 27002:2013 / 27019:2017: 9.1.2, 9.4.1, 9.4.2

4.4.4 a) It shall be possible to administrate, maintain and configure all components via an out-of-band
network, e.g. via local access, a serial port, a network or direct control of the input devices
(KVM).
b) Any remote access shall take place via centrally administrated access servers that are under
control of the system operator. These access servers shall be operated within a DMZ and
ensure isolation of the process network. Here, two factor authentications is mandatory.
c) Strictly no direct dial in access to terminal devices.
d) Any remote access shall be logged centrally; recurring failed attempts shall be reported.
e) All remote access options shall be documented.
NOTE
i Information for system design, product/system service and control center/system operation:
This requirement is considered by the operators. Reydisp Manager 2 does not influence in which network
environment it is used. For more detailed information refer to /3/ Secure Substation Manual – System Hard-
ening for Substation Automation and Protection.
4.4.5 Wireless Technologies
BDEW ISO/IEC 27002:2013 / 27019:2017: 10.1.1, 13.1.1, 13.1.2, 13.1.3

4.4.5 Short-range wireless technologies (e.g. Wi-Fi, Bluetooth, ZigBee, RFID etc.) shall only be used after
assessment of the related risks, under consideration of the following minimum-security measures
and after consultation with and approval by the client:
• Wireless transmission technology shall to be secured with state-of-the-art measures.

• Wi-Fi technology shall only be operated in dedicated network segments that are separated by
firewalls and application proxies.
• Wi-Fi networks shall be configured in a way that ensures that existing Wi-Fi networks are not
affected, disrupted or impaired.
Since Reyrolle 7SR5 devices are not equipped with wireless technologies, this requirement is not relevant for
Reyrolle 7SR5.
NOTE

If wireless technologies are used in a system solution, appropriate measures must be taken at the level of
the transmission equipment (for example wireless modem).
Since Reydisp Manager 2 devices are not equipped with wireless technologies, this requirement is not relevant
for Reydisp Manager 2.
NOTE

If wireless technologies are used on a Reydisp Manager 2 PC, appropriate measures must be taken with
regard to the device hardware and/or operating system.

C53000-T7040-C025-1, Edition 11.2021
4.5 Application
4.5 Application
4.5.1 Role Concepts
BDEW ISO/IEC 27002:2013 / 27019:2017: 6.1.2, 9.2.1, 9.2.3, 9.2.6, 9.4.1

4.5.1 The entire system shall support granular access control to data and resources. To this end, it shall
support user concept that covers at least the following user roles:
• Administrator: User who installs, maintains and manages the system. Among others, this
gives the administrator the right to change security and system configurations.
• User: User who operates the system according to the intended usage scenario, including the
right to change operationally relevant settings.
• Read-only user: User permitted to access the system status and pre-defined operating data
without the right to make any changes.
The standard access rights shall reflect a secure system configuration. Only the administrator role
shall be able to read and change security-related system settings and configuration values. Regular
system use shall only require user or read-only user rights. It shall be possible to deactivate user
accounts individually without having to remove them from the system.
Reyrolle 7SR5 and Reydisp Manager 2 offer limited support for user/role functions (refer to 4.5.3 Authorization
of Actions at the User and System Levels).
4.5.2 User Authentication and Login
BDEW ISO/IEC 27002:2013 / 27019:2017: 9.3.1, 9.4.2, 9.2.1, 9.2.2, 9.4.3, 12.4.1
4.5.2
The application shall use personal users to identify and authenticate each individual user; group
accounts require special permission by the client and shall only be used in narrowly defined excep-
tional cases.
a) Without successful user authentication, the system shall only allow a range of narrowly
defined actions.
b) The system shall support a state-of-the-art password policy.
c) Where technologically possible, strong two factor authentication shall be employed, e.g. via
tokens or smart cards.
d) Data required for user identification and authentication shall not be obtained exclusively from
outside the process network.
e) Any successful or failed login attempts shall be centrally logged. It shall also be possible to
centrally alarm in case of unsuccessful login attempts.
Reyrolle 7SR5 and Reydisp Manager 2 offer limited support for user/role functions (refer to 4.5.3 Authorization
of Actions at the User and System Levels).
4.5.3 Authorization of Actions at the User and System Levels
BDEW ISO/IEC 27002:2013 / 27019:2017: 9.4.1, of.4.4

4.5.3 Certain security-related or safety-critical actions shall require prior authorization of the requesting
user resp. the requesting system component. Such actions might also include a read-out of process
data points or configuration parameters.
Reyrolle 7SR5 and Reydisp Manager 2 do not support user authentication.

IEC 61850-firmware versions for Virtual EN100 modules support a maintenance password for protecting activi-
ties such as firmware update and password management from unauthorized access. These firmware versions
also support a connection password that can be set to prevent unauthorized remote access to the device using

C53000-T7040-C025-1, Edition 11.2021
4.5 Application
Reydisp Manager 2 over IP. Both of these passwords can be managed only over the Virtual EN100 HTTPS-
secured Web interface. Both of the passwords support 8 to 24 ASCII characters that must include upper-case
and lower-case letters, numbers, and special characters. If non-ASCII characters are used in these passwords,
then a password length restriction of 8 to 24 characters applies.
The Virtual EN100 maintenance and connection passwords can only be reset locally through the HMI interface
of the Reyrolle 7SR5 device.
4.5.4 Web Applications and Web Services
BDEW ISO/IEC 27002:2013 / 27019:2017: 14.2.5

4.5.4
For web applications, web interfaces and web services, the recommendations of the OWASP TOP
10 and OWASP Application Security Verification Standard projects as well as the BSI Guideline on
the Development of Secure Web Applications shall be applied.
Any deviations from these guidelines require justification and prior approval by the client.
For further information on Web security in the Virtual EN100 communication modules equipped with
IEC 61850 firmware, refer to 4.1.5 Encryption of Sensitive Data during Storage and Transmission and
4.5.3 Authorization of Actions at the User and System Levels.
4.5.5 Integrity Testing
BDEW ISO/IEC 27002:2013 / 27019:2017: 14.2.5

4.5.5 The integrity of data processed as part of security-related activities shall be verified prior to
processing (e.g. checked for plausibility, correct syntax and value range).
Parameter sets are only transferred from the Reydisp Manager 2 to the Reyrolle 7SR5 if the previous automatic
check (plausibility, value range and dependency of the parameters) has been successful. If the check fails, the
user is notified by messages and can correct the corresponding parameters.
The individual elements of the parameter set are protected internally and against each other by means of
check sums.
4.5.6 Logging
BDEW ISO/IEC 27002:2013 / 27019:2017: 12.4.1, 12.4.2, 12.4.3, 12.4.4, 18.1.3

4.5.6 a) The entire system shall have a uniform system time as well as an option for synchronizing this
system time with an external secure time source.
b) The system shall log user actions as well as security-related actions, events and errors in a
format that is suitable for later and central processing. For a configurable minimum time
period, these logs shall record date and time, the users and systems involved as well as the
actual event and result.
c) Log files shall be stored centrally at a freely configurable location. A mechanism for the auto-
mated transfer of the log file to central components shall be available.
d) The log file shall be protected from subsequent modification.
e) Older entries shall be overwritten on the log file overflow. The system shall send an alert
before the log storage runs out of space.
f) It shall be possible to include security-related log messages in a pre-existing alarm manage-
ment.

C53000-T7040-C025-1, Edition 11.2021
4.5 Application
Reyrolle 7SR5
a) Reyrolle 7SR5 provides SNTP for time synchronization.

b) The Reyrolle 7SR5 protection device provides an operational message buffer in which basically applica-
tion-relevant events are stored in chronological order with time stamp. The information included does
not contain the documentation of the users involved or security-relevant events under aspects of cyber-
security. Protection-device events relevant for operation are recorded in this buffer, e.g. state changes
during a fault in the power-supply network, with a time resolution of 1 ms.
c) With Reydisp Manager 2, events can be routed to the configurable location by enabling the SYSLOG
Server and entering the IP address and Port. Single events in the device-internal security log buffer
cannot be deleted or modified. The device-internal security log mechanism in Reyrolle 7SR5 is imple-
mented as a ring buffer with a capacity of 2048 events.
d) Security-relevant events are stored in a separate non-volatile security log buffer. This buffer cannot be
deleted from the device. A complete listing of the different security-relevant log-entry types can be
found in the 7SR5 Security manual V02.20.
e) Browsing to Reyrolle 7SR5 allows security log files to be read from the device and can be stored at a
freely configurable location. Older entries are overwritten when the storage capacity is reached. An
alert is not currently provided when the storage log runs out of space. An entry is put in the log when
the log reaches 80 % capacity.
f) An automated transfer of security-relevant events and alarms to 2 central syslog servers is supported.

C53000-T7040-C025-1, Edition 11.2021
4.6 Development
4.6 Development
4.6.1 Secure Development Standards, Quality Management and Approval Processes
BDEW ISO/IEC 27002:2013 / 27019:2017: 9.4.5, 14.2.2, 14.2.3, 14.2.4, 14.2.5, 14.2.6, 14.2.7, 14.2.8,
4.6.1 14.2.9, 14.3.1
a) The system shall be developed by reliable and professionally trained employees. Where the
development or parts thereof are subcontracted to a third party, this requires written permis-
sion by the client. The subcontractor shall meet at least the same security requirements as the
supplier.
b) The supplier shall develop the system in line with recognized development standards and
quality management/assurance processes. As part of the development process, the following
security-related development steps require special attention:
• Definition of the security requirements

• Threat modeling and risk analysis
• Deduction of requirements for system design and implementation
• Secure programming
• Requirement testing
• Security checks before commissioning
c) Testing shall be subject to the dual control principle: Development and testing shall be carried
out by different people. Testing plans and procedures as well as expected and actual test
results shall to be documented and comprehensible. It shall be ensured that they can be
reviewed by the client as needed.
d) The supplier shall have a documented development security process in place that covers phys-
ical, organizational and personal security and protects the system’s integrity and confiden-
tiality. The effectiveness of the above-stated process may be verified by an external audit.
e) The supplier shall have a programming guideline in place that explicitly covers security-related
requirements, e.g. avoiding insecure programming techniques and functions or the verifica-
tion of input data to avoid buffer overflow errors. Where possible, security-enhancing
compiler options and libraries shall be used.
f) The approval of the system resp. of updates/security patches needs to follow a specified and
documented approval process.
a) Reyrolle 7SR5, Reydisp Manager 2, and Virtual EN100 are developed by trustworthy and trained
employees. For example, the entire development team is trained in secure coding.
b) Siemens develops Reyrolle 7SR5, Reydisp Manager 2, and Virtual EN100 in accordance with the recog-
nized CMMI development and quality assurance process. Our strict QA processes cover the practices
recommended by IEEE Std. C37.231.
c) Development and tests are performed by different persons. Test plans and procedures as well as
expected and actual test results are documented and comprehensible.
d) Siemens maintains a documented development security process for Reyrolle 7SR5, Reydisp Manager 2,
and Virtual EN100 which covers physical, organizational, and personnel security and protects the integ-
rity and confidentiality of the system. The effectiveness of the above-mentioned process can be
checked by an external audit.
e) Siemens has set up a programming guideline for Reyrolle 7SR5, Reydisp Manager 2, and Virtual EN100
which explicitly addresses security-relevant requirements: For example, insecure programming
methods and functions are avoided. Data input is verified, e.g. to prevent buffer overflow errors. Where
possible, security enhancing compiler options and libraries are used.
f) The approval of new firmware releases for Reyrolle 7SR5 devices and new releases of the Reydisp
Manager 2 product is based on a specified and documented approval process. This also applies to
security patches for the two products.

C53000-T7040-C025-1, Edition 11.2021
4.6 Development
4.6.2 Secure Development, Test and Staging Systems, Integrity Testing
BDEW ISO/IEC 27002:2013 / 27019:2017: 9.4.5, 12.1.4, 14.2.7, 14.3.1

4.6.2 a) Development shall take place on secure systems; the development environment, source code
and binary data all shall be protected from external access. All development systems shall be
hardened according to recognized state-of-the-art and best practice specifications. Up-to-date
malware protection shall be employed on the systems and all the latest security patches shall
be installed.
b) Development and testing of the system, updates, extensions and security patches shall take
place in a testing environment that is separated from the productive system.
c) No source code (except for interpreted scripting languages) shall be stored on productive
systems.
d) It shall be possible to check the integrity of source code and binary data for unauthorized
changes, for example via secure checksums.
e) A version history that tracks any changes to the software shall be kept for all employed soft-
ware.
Reyrolle 7SR5
a) Product development for Reyrolle 7SR5 devices are conducted on secure systems. The development
environment, the source code and binaries are protected against unauthorized access. The develop-
ment computers are always kept updated through the use of continuously updated anti-virus scanners
and central update mechanisms for operating system and application patches. Furthermore, the
Siemens-internal information security guidelines that are implemented across all businesses in adher-
ence to the ISO 27001 standard.
b) Testing of the Reyrolle 7SR5 system and testing of updates, enhancements and security patches are
conducted in an environment that is separated from the product development systems.
c) The source codes for Reyrolle 7SR5 are only available from Siemens. No source code is stored on or
made available to live systems.
d) The integrity of Reyrolle 7SR5 firmware and parameter binaries is verified in the target system to detect
unauthorized changes. Reydisp Manager 2 is installed using a signed installer, so as to protect the integ-
rity of the application.
e) For Reyrolle 7SR5 devices, a version history for the entire software is maintained and allows all software
changes to be traced.
Reydisp Manager 2
a) Product development for Reydisp Manager 2 is conducted on secure systems. The development envi-
ronment, the source code and binaries are protected against unauthorized access. The development
computers are always kept updated through the use of continuously updated anti-virus scanners and
central update mechanisms for operating system and application patches.
b) Product development and testing of Reydisp Manager 2 and updates, enhancements and security
patches are conducted in an environment that is separated from the live system.
c) The source code for Reydisp Manager 2 is only available from Siemens. No source code is stored on or
made available to live systems.
d) Since Reydisp Manager 2 is installed using an Installer, the Installer's security mechanisms are available
to protect the integrity of the application.
e) The version history maintained for the entire software of the Reydisp Manager 2 product allows all soft-
ware changes to be traced.

C53000-T7040-C025-1, Edition 11.2021
4.7 Maintenance
4.7 Maintenance
4.7.1 Maintenance Process Requirements
BDEW ISO/IEC 27002:2013 / 27019:2017: 9.1.2, 9.2.1, 9.2.2, 15.1.1, 15.1.2

4.7.1 a) Any remote and on-site access shall only be carried out by a predefined and properly trained
group of people and only originating from secured systems. Access systems and IT infrastruc-
tures used for remote and on-site access need to be hardened according to recognized state-
of-the-art standards and best practice specifications. Up-to-date malware protection shall be
employed and all the latest security patches shall be installed.
b) A pre-defined maintenance process shall be established to ensure that maintenance personnel
only receives access to the systems, services and data as well as the respective physical prem-
ises that are actually required to carry out the related maintenance activities.
c) Interactive remote access shall occur via personalized accounts and using two factor authenti-
cation. Special user IDs shall be established for automated processes – these shall only be able
to execute specific functions and not have interactive access.
d) Technical measures shall ensure that remote access is only possible if and where the respon-
sible operator has explicitly approved this access. Each remote access session by external
service providers shall require individual approval and disconnection. Sessions shall automati-
cally disconnect after a reasonable amount of time. Access systems used for remote access, in
particular, shall be logically or physically isolated from other networks during remote access.
Here, a physical separation is preferable to logical uncoupling.
NOTE
i Information for product/system service and control center/system operation:

This requirement is not relevant to the products and must be taken into consideration during product/
system service and control center/system operation.
4.7.2 Secure Update Processes
BDEW ISO/IEC 27002:2013 / 27019:2017: 12.5.1, 14.2.2, 14.2.3, 14.2.7, 14.2.9

4.7.2 The provision and installation of updates, extensions and patches needs to occur according to a
defined process and in coordination with the client.
NOTE

Product updates for Reyrolle 7SR5, Reydisp Manager 2, and Virtual EN100 are made available by Siemens.
Systems updates must be defined depending on the individual system and governed by contract.
4.7.3 Configuration and Change Management, Rollback
BDEW ISO/IEC 27002:2013 / 27019:2017: 12.1.2, 12.5.1, 12.6.2, 12.9.1 ENR, 14.2.2, 14.2.9
4.7.3 a) The system shall be developed and operated with a configuration and change management in
place.
b) The system shall support rollback to a pre-defined number of configuration states.

C53000-T7040-C025-1, Edition 11.2021
4.7 Maintenance
a) Reyrolle 7SR5, Reydisp Manager 5, and Virtual EN100 products are developed on the basis of a configu-
ration and change management process.
b) See NOTE below.
NOTE

Rollback to older firmware versions of a Reyrolle 7SR5 system configuration can be performed firmware-
specifically.
Regular backups created within the scope of project planning/implementation and product/system service
enable convenient rollback to older parameter versions of a system configuration.
This requirement must be considered for project planning/implementation and system service.
4.7.4 Handling of Vulnerabilities
BDEW ISO/IEC 27002:2013 / 27019:2017: 12.6.1, 16.1.2, 16.1.3

4.7.4 The supplier shall have a documented vulnerability handling process in place. Within this process,
all concerned – including external parties – shall be able to report actual or potential vulnerabili-
ties. In addition, the supplier shall stay up-to-date on current security issues that might affect the
system or individual components. The vulnerability handling process defines how and in what
timeframe a known or reported vulnerability shall be reviewed, classified, remedied and reported
to all affected clients, including respective recommended measures. When the supplier finds out
about a vulnerability, he shall inform the client in a timely manner and under consideration of the
necessary confidentially restrictions, even when no patch to fix the issue is available yet.
For Reyrolle 7SR5, Reydisp Manager 2, and Virtual EN100, Siemens has set up a documented process to
address security vulnerabilities. Based on this process all the parties involved, and also external parties, can
report actual and potential security vulnerabilities for Reyrolle 7SR5, Reydisp Manager 2, and Virtual EN100.
For Reyrolle 7SR5, Reydisp Manager 2, and Virtual EN100, up-to-date information on security problems is
available even if a patch for the elimination of the problem has not yet become available.
This information is published in the form of security advisories on the Siemens ProductCERT Website (https://
www.siemens.com/cert/advisories).

C53000-T7040-C025-1, Edition 11.2021
4.8 Data Back-Up and Emergency Planning
4.8 Data Back-Up and Emergency Planning
4.8.1 Back-up: Concept, Method, Documentation, Testing
BDEW ISO/IEC 27002:2013 / 27019:2017: 12.1.1, 12.3.1

4.8.1 Documented and tested procedures for data back-up and recovery of the individual components
resp. the entire system and the respective configurations shall exist. There shall be the possibility
for central back-up of the configuration parameters of distributed components. After relevant
system updates, the documentation and procedures shall be updated and retested accordingly.
Backups must be created by the customer for systems set up using Reydisp Manager 2.
For Reyrolle 7SR5, Reydisp Manager 2, and Virtual EN100, procedures are available for the backup and
recovery of the individual applications, the entire system and the corresponding configuration. The data-
backup procedure is made available via configuration management (CM).
NOTE
i Information for project planning/implementation and system operation:

Concepts and procedures must be created within the framework of system development in order to enable
the backup and restoration of the entire system including e.g. the automation of the backup process.
Within the framework of project planning/implementation, it must be defined which persons are respon-
sible for which system operation tasks and when the transfer of responsibility takes place (e.g. site accept-
ance test, end of test operation, end of the warranty period, etc.).
Backup and restoration procedures must be tested at cyclical intervals during system operation and the
status of backup creation must be continuously monitored.
4.8.2 Emergency Concept and Recovery Plans
BDEW ISO/IEC 27002:2013 / 27019:2017: 17.1.1, 17.2.1

4.8.2
The supplier shall provide documented and tested procedures and recovery plans – including
expected restoration times – for relevant emergency and crisis scenarios. After relevant system
updates, this documentation and these procedures shall be updated and retested as part of the
approval process for release changes.
NOTE
i Information for project planning/implementation and system operation:

ning/implementation and system service.

C53000-T7040-C025-1, Edition 11.2021
C53000-T7040-C025-1, Edition 11.2021
5 IEEE 1686:2013 Security Requirements
5.1 Table of Compliance according to Standard IEEE 1686:2013 36

C53000-T7040-C025-1, Edition 11.2021
IEEE 1686:2013 Security Requirements
5.1 Table of Compliance according to Standard IEEE 1686:2013

Clause Clause/Subclause Title Status Comment
Number
5 IED cyber-security features Acknowledge –
5.1 Electronic access control Exception 4.5.3 Authorization of Actions at the User and
System Levels
5.1.2 Password defeat mechanism Exception 4.5.3 Authorization of Actions at the User and
System Levels
5.1.3 Number of individual users Exception 4.5.3 Authorization of Actions at the User and
System Levels
5.1.4 Password construction Exception 4.5.3 Authorization of Actions at the User and
System Levels
5.1.5 IED access control Acknowledge –
5.1.5.1 Authorization levels by password Exception 4.5.1 Role Concepts
5.1.5.2 Authorization using role-based access Exception 4.5.1 Role Concepts
control (RBAC)
5.1.6 IED main security functions Acknowledge –
a) View data Exception 4.5.1 Role Concepts
b) View configuration settings Exception 4.5.1 Role Concepts
c) Force values Comply 4.5.1 Role Concepts
d) Configuration change Comply 4.5.1 Role Concepts
e) Firmware change Comply 4.5.1 Role Concepts
f) ID/password or RBAC management Exception 4.5.1 Role Concepts and 4.5.2 User Authentication
and Login
g) Audit trail Exception 4.5.6 Logging
5.1.7 Password display Comply 4.5.3 Authorization of Actions at the User and
System Levels
5.1.8 Access timeout Exception 4.5.2 User Authentication and Login
5.2 Audit trail Acknowledge –
5.2.1 Audit trail background Exception 4.5.6 Logging
5.2.2 Storage capability Exception 4.5.6 Logging
5.2.3 Storage record Exception 4.5.6 Logging
a) Event record number Comply 4.5.6 Logging
b) Time and date Comply 4.5.6 Logging
c) User identification Exception 4.5.6 Logging
d) Event type Comply 4.5.6 Logging
5.2.4 Audit trail event types Acknowledge –
a) Log in Comply 4.5.6 Logging
b) Manual log out Exception Currently manual user logout is not supported.
c) Timed log out Exception Currently timed logout event is not logged.
d) Value forcing Comply 4.5.6 Logging
e) Configuration access Comply 4.5.6 Logging
f) Configuration change Comply 4.5.6 Logging
g) Firmware change Comply 4.5.6 Logging
h) ID/password creation or modification Exception 4.5.1 Role Concepts and 4.5.2 User Authentication
and Login
i) Password deletion Exception 4.5.1 Role Concepts and 4.5.2 User Authentication
and Login

C53000-T7040-C025-1, Edition 11.2021

Number
j) Audit log access Comply 4.5.6 Logging
k) Time/data change Comply 4.5.6 Logging
l) Alarm incident Comply 4.5.6 Logging
5.3 Supervisory monitoring and control Acknowledge –
5.3.1 Overview of supervisory monitoring and Comply 4.4.1 Used Protocols and Technologies
control
5.3.2 Events Exception 4.5.6 Logging
5.3.3 Alarms Acknowledge –
a) Unsuccessful login attempt Exception Every unsuccessful login attempt will be logged.
b) Reboot Comply 4.5.6 Logging
c) Attempted use of unauthorized configu- Exception Currently checked, but not logged
ration software
d) Invalid configuration or firmware down- Exception Currently checked, but not logged
load
e) Invalid configuration or firmware file Exception Currently checked, but not logged
f) Time signal out of tolerance Exception Currently checked, but not logged
g) Invalid field hardware changes Exception Currently checked, but not logged
5.3.4 Alarm point change detect Exception 4.5.6 Logging
5.3.5 Event and alarm grouping Comply Security items are grouped as events or alarms.
5.3.6 Supervisory permissive control Exception Currently not supported
5.4 IED cyber-security features Acknowledge –
5.4.1 IED functionality compromise Exception Refer to note in chapter 4.1.2 Patching and Patch
Management
5.4.2 Specific cryptographic features Acknowledge –
a) Web server functionality Comply Reyrolle 7SR5 supports HTTPS
b) File transfer functionality Exception File-transfer functionality is not supported.
c) Text-oriented terminal connections Exception Text-oriented terminal connection is not supported.
d) SNMP network management Comply Reyrolle 7SR5 V2.20 onwards supports V3.
e) Network time synchronization Comply 4.4.1 Used Protocols and Technologies
f) Secure tunnel functionality Exception Device does not support any tunneling function-
ality.
5.4.3 Cryptographic techniques Exception 4.1.6 Cryptographic Mechanisms and 4.1.8 Integ-
rity Testing
5.4.4 Encrypting serial communications Exception Serial communication for remote access is not
supported.
5.4.5 Protocol-specific security features Exception 4.4.1 Used Protocols and Technologies
Not every supported protocol is available with
security controls.
5.5 IED configuration software Acknowledge –
5.5.1 Authentication Exception 4.4.1 Used Protocols and Technologies
Currently the device checks if the configuration
software is the official software from Siemens. It is
not possible for the device to currently verify if the
software instance has been authorized by the user.
5.5.2 Digital signature Exception 4.3.2 Malware Protection
5.5.3 ID/password control Exception 4.5.3 Authorization of Actions at the User and
System Levels
5.5.4 ID/password-controlled features Exception 4.5.1 Role Concepts

C53000-T7040-C025-1, Edition 11.2021

Number
5.5.4.1 View configuration data Exception 4.5.1 Role Concepts
Currently, the ability to restrict viewing of configu-
ration data is supported via the implementation of
confirmation Ids.
5.5.4.2 Change configuration data Acknowledge –
a) Full access Exception This mode is supported. However, user assignment
levels are currently not supported.
b) Change tracking Exception Currently not supported
c) Use monitoring Exception Currently not supported
d) Download to IED Exception Currently not logged
5.6 Communication port access Comply 4.4.1 Used Protocols and Technologies
5.7 Firmware quality control Exception 4.6.1 Secure Development Standards, Quality
Management and Approval Processes

C53000-T7040-C025-1, Edition 11.2021
6 IEC 62443-4-2 Security Requirements
Legend:
n.a.
exception
comply
partial
exceed
CR Component requirement which is common to all types of components

SAR Software application requirement
EDR Embedded device requirement
HDR Host device requirement
NDR Network device requirement
6.1 FR 1: Identification and Authentication Control 40

6.2 FR 2: Use Control 42
6.3 FR 3: System Integrity 44
6.4 FR 4: Data Confidentiality 46
6.5 FR 5: Restricted Data Flow 47
6.6 FR 6: Timely Response to Events 48
6.7 FR 7: Resource Availability 49

C53000-T7040-C025-1, Edition 11.2021
IEC 62443-4-2 Security Requirements
6.1 FR 1: Identification and Authentication Control

Security Level Comment
1 2 3 4
CR 1.1 Human user identification No access control for logging into the Web UI, only
and authentication control for uploading/downloading
RE (1) Unique identification and Not implemented
authentication The general password applies for all users.
RE (2) Multifactor authentication Not implemented
for all interfaces
CR 1.2 Software process and Supports X.509 certificate-based authentication of the
device identification and device by Reydisp Manager 2 tools.
authentication
RE (1) Unique identification and X.509 certificates and key materials for unique identifi-
authentication cation and authentication by a unique entropy.
CR 1.3 Account management Not implemented
Password support for authenticated engineering
access and maintenance access exists.
CR 1.4 Identifier management Not implemented
CR 1.5 Authenticator manage- User access to the device by Reydisp Manager 2 can be
ment protected by passwords. Password rules are imple-
mented. Users must set the password for access to
security-related topics, i.e. Security log. Users can
change the password periodically as per their policies.
Passwords are stored and transmitted in a secure
manner.
RE (1) Hardware security for Not implemented
authenticators
NDR 1.6 Wireless access manage-
ment
RE (1) Unique identification and
authentication
CR 1.7 Strength of password- Password complexity rules are implemented for local
based authentication user management. These rules are predefined and
cannot be modified.
RE (1) Password generation and Not implemented
lifetime restrictions for
human users
RE (2) Password lifetime restric- Not implemented
tions for all users (human,
software process, or
device
CR 1.8 Public key infrastructure Not implemented
certificates
CR 1.9 Strength of public key- As part of the DTLS handshake of the engineering
based authentication connection establishment Reydisp Manager 2 checks
the status of the offered DTLS server certificate. Like-
wise, the HTTPS Web browser access involves checks of
the server certificate of the device.
Mutual authentication is not supported for HTTPS and
DTLS connections.

C53000-T7040-C025-1, Edition 11.2021

1 2 3 4
RE (1) Hardware security for Not implemented
public key-based authenti-
cation
CR 1.10 Authenticator feedback Password text is hidden from the user while it is being
typed and submitted. If incorrect credentials are
entered, general feedback is displayed to the user
stating that the password is possibly incorrect.
CR 1.11 Unsuccessful login For security-related topics, the passwords support
attempts limiting the number of failed login attempts (prede-
fined), exceeding which the user is blocked for a
predefined time period.
CR 1.12 System use notification
NDR Access via untrusted

1.13 networks
RE (1) Explicit access request
approval
CR 1.14 Strength of symmetric key-
based authentication
RE (1) Hardware security for
symmetric key-based
authentication

C53000-T7040-C025-1, Edition 11.2021
6.2 FR 2: Use Control

1 2 3 4
CR 2.1 Authorization enforce- A fixed role for permission assignment and password
ment protection has been implemented.
RE (1) Authorization enforce- Not implemented
ment for all users Only human authorization is implemented.
(humans, software
processes, and devices)
RE (2) Permission mapping to Not implemented
roles
RE (3) Supervisor override Not implemented
RE (4) Dual approval Not implemented
CR 2.2 Wireless use control
CR 2.3 Use control for portable

and mobile devices
SAR 2.4 Mobile code
EDR 2.4
HDR 2.4
NDR 2.4
RE (1) Mobile code authenticity
check
CR 2.5 Session lock Not implemented
Sessions not supported
CR 2.6 Remote session termina- Not implemented
tion Sessions not supported
CR 2.7 Concurrent session Not implemented
control Sessions not supported
CR 2.8 Auditable events
CR 2.9 Audit storage capacity A circular buffer with a capacity of 2048 events is
supported. Old log entries are overwritten by new log
entries once the buffer is full.
RE (1) Warn when audit record A security warning message is logged when the buffer
storage capacity threshold capacity reaches 80 %.
reached
CR 2.10 Response to audit
processing failures
CR 2.11 Timestamps Timestamps are implemented according to the syslog
format.
RE (1) Time synchronization NTP Client is implemented.
RE (2) Protection of time source Not implemented

integrity The time is only accepted from the specified NTP
server. Time-synchronization sources can be disabled
if not required.
CR 2.12 Non-repudiation Not implemented.
RE (1) Non-repudiation for all Not implemented

users

C53000-T7040-C025-1, Edition 11.2021

1 2 3 4
EDR 2.13 Use of physical diagnostic Not implemented
HDR 2.13 and test interfaces
NDR 2.13
RE (1) Active monitoring

C53000-T7040-C025-1, Edition 11.2021
6.3 FR 3: System Integrity

1 2 3 4
CR 3.1 Communication integrity TLS 1.2 for HTTPS and DTLS are used.
RE (1) Communication authenti- Partially implemented.

cation Reydisp Manager 2 and the Web-browser clients can
authenticate the information received from the device
due to the usage of DTLS and HTTPS. Mutual authenti-
cation is not supported.
SAR 3.2 Protection from malicious Firmware is digitally signed, and signature is verified
DER 3.2 code at the time of reception. Firmware with invalid signa-
tures is rejected.
HDR 3.2 Protection from malicious
code
RE (1) Report version of code
protection
CR 3.3 Security functionality veri- Siemens offers a freely available security substation
fication manual for a tested and recommended secure config-
uration. There are no known Reydisp Manager 2
incompatibilities with the various security verification
mechanisms.
RE (1) Security functionality veri- There are no known incompatibilities with the various
fication during normal security verification mechanisms.
operation
CR 3.4 Software and information Signed software and firmware components and CRC
integrity checks.
RE (1) Authenticity of software Partially implemented
and information Signed software and firmware components, but no
configuration checks.
RE (2) Automated notification of Partially implemented
integrity violations Notification is provided for firmware components, but
not for the configuration.
CR 3.5 Input validation All data entered in the front end is checked by the
back end.
CR 3.6 Deterministic output User programmable settings are available to take the
device out of service if the number of unexpected
restarts in a given period is exceeded.
CR 3.7 Error handling
CR 3.8 Session integrity
CR 3.9 Protection of audit infor- All events in the Security log are stored and are read
mation only. A password protects from unauthorized access.
RE (1) Audit records on write-
once media
EDR 3.10 Support for updates
HDR 3.10
NDR 3.10
RE (1) Update authenticity and Only signed software components are accepted.
integrity

C53000-T7040-C025-1, Edition 11.2021

1 2 3 4
EDR 3.11 Physical tamper resistance Currently not implemented
HDR 3.11 and detection
NDR 3.11
RE (1) Notification of a
tampering attempt
EDR 3.12 Provisioning product
HDR 3.12 supplier roots of trust
NDR 3.12
EDR 3.13 Provisioning asset owner Currently not implemented
HDR 3.13 roots of trust
NDR 3.13
EDR 3.14 Integrity of the boot Integrity checks are performed during boot up.
HDR 3.14 process
NDR 3.14
RE (1) Authenticity of the boot Not implemented
process

C53000-T7040-C025-1, Edition 11.2021
6.4 FR 4: Data Confidentiality
6.4 FR 4: Data Confidentiality

1 2 3 4
CR 4.1 Information confiden- Data in transit is protected by TLS and HTTPS. Pass-
tiality words are stored as salted hashes.
CR 4.2 Information persistence
RE (1) Erase of shared memory

resources
RE (2) Erase verification
CR 4.3 Use of cryptography

Report version of code
protection

C53000-T7040-C025-1, Edition 11.2021
6.5 FR 5: Restricted Data Flow
6.5 FR 5: Restricted Data Flow

1 2 3 4
CR 5.1 Network segmentation The subnet to which the device is a part can be
configured.
NDR 5.2 Zone boundary protection
RE (1) Deny all, permit by excep-

tion
RE (2) Island mode
RE (3) Fail close
NDR 5.3 General-purpose person-

to-person communication
restrictions
CR 5.4 Application partitioning

C53000-T7040-C025-1, Edition 11.2021
6.6 FR 6: Timely Response to Events
6.6 FR 6: Timely Response to Events

1 2 3 4
CR 6.1 Audit log accessibility Security log (unstructured messages for human read-
able)
RE (1) Programmatic access to Audit logs can be sent to a centralized system.
audit logs Supported in V2.20 onwards.
CR 6.2 Continuous monitoring Syslog can be monitored by 3rd party products. SIEM
systems can analyze the standardized Syslog
messages. Supported in V2.20 onwards.

C53000-T7040-C025-1, Edition 11.2021
6.7 FR 7: Resource Availability
6.7 FR 7: Resource Availability

1 2 3 4
CR 7.1 Denial of service protec- Dedicated processor core for protection functionality
tion to mitigate DoS cases.
RE (1) Manage communication Not implemented
load from component
CR 7.2 Resource management Not implemented
CR 7.3 Control system backup Backup can be fulfilled with minimal impact of availa-
bility.
RE (1) Backup integrity verifica- Not implemented
tion
CR 7.4 Control system recovery
and reconstitution
CR 7.5 Emergency power
CR 7.6 Network and security Siemens offers a freely available secure substation
configuration settings manual for a network and security setup. All needed
communication ports and services are documented in
the device user manual.
RE (1) Machine-readable Not implemented
reporting of current
security settings
CR 7.7 Least functionality Only required ports are opened at the device startup.
All needed communication ports and services are
documented.
CR 7.8 Control system compo- Installed firmware versions can be retrieved via IEC
nent inventory 61850.

C53000-T7040-C025-1, Edition 11.2021
C53000-T7040-C025-1, Edition 11.2021
Literature
/1/ BDEW: Whitepaper – Anforderungen an sichere Steuerungs- und Telekommunikationssysteme (Requirements

for Secure Control and Telecommunication Systems)
Version 2.0
/2/ BDEW: Ausführungshinweise zur Anwendung des Whitepaper – Anforderungen an sichere Steuerungs- und
Telekommunkationssysteme (Common Directions for the Application of the BDEW White Paper)
Version 2.0
/3/ Secure Substation Manual – System Hardening for Substation Automation and Protection
Version 1.2
/4/ IEEE 1686 – IEEE Standard for Intelligent Electronic Devices Cyber Security Capabilities
Revision 2013

C53000-T7040-C025-1, Edition 11.2021
C53000-T7040-C025-1, Edition 11.2021
Glossary
AAA Server
An AAA Server (Authentication, Authorization and Accounting) is a system that manages fundamental system
access functions, i.e., authentication, authorization and use, as well as the related accounting.
Authentication
Procedure used to verify the identity of a person.
BDEW
Bundesverband der Energie- und Wasserwirtschaft (German Federal Association of Energy and Water Manage-
ment)
BDEW White Paper

BDEW White Paper – Requirements for Secure Control and Telecommunication Systems
This document defines fundamental security measures and requirements for IT-based control, automation and
telecommunication systems, taking the general technical and operational conditions into consideration.
CIP
Critical Infrastructure Protection
CRC
Cyclic Redundancy Check
CRL
Certificate Revocation List
cRSP
Common Remote Service Platform
DMZ
De-Militarized Zone
DoS
Denial of Service
In digital data processing, this is the term used to denote the consequence of the overloading of infrastructure
systems. This can be caused by inadvertent overloading of – or by a deliberate attack on – a host (server), a
computer, or other components in a data network.
EICAR
European Institute for Computer Antivirus Research

C53000-T7040-C025-1, Edition 11.2021
Glossary
EST
Enrollment over Secure Transport
GPO
Group Policy Object
HSM
Hardware Security Module
Identifier
Symbol, unique within its security domain, that identifies, indicates, or names an entity which makes an asser-
tion or claim of identity.
IDS
Intrusion Detection System
IEC
International Electrotechnical Commission, standards organization; communication standard for substations
and protection equipment
IEEE
Institute of Electrical and Electronics Engineers, organization for electronic and electrical engineering
Malware
or malicious code = malicious software
MBSA
Microsoft Baseline Security Analyzer
Mesh topology
Network setup where each node is interconnected to every other node.
NERC
North American Electric Reliability Corporation
NTP
Network Time Protocol
OTP
One Time Password
Patch
A patch (also referred to as a "bug fix") is a small program that repairs bugs (flaws) in generally large applica-
tion programs.
PKI
Public Key Infrastucture

C53000-T7040-C025-1, Edition 11.2021
Glossary
RBAC
Role-Based Access Control
RODC
Read-Only Domain Controller
SDA
Secondary Distribution Automation
SIEM
Security Information and Event Management
SiESTA
Siemens Extensible Security Testing Appliance
SSL
Secure Sockets Layer -> TLS
TLS
Transport Layer Security
TLS, more widely known under its old name of Secure Sockets Layer (SSL), is a hybrid encryption protocol for
the secure transmission of data in the Internet. Since version 3.0 the SSL protocol has been developed further
and standardized under its new name of TLS. Thus, version 1.0 of TLS corresponds to version 3.1 of SSL.

C53000-T7040-C025-1, Edition 11.2021
C53000-T7040-C025-1, Edition 11.2021

7SR5 Reyrolle Security Conformance Self Assessment V2.30

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

7SR5 Reyrolle Security Conformance Self Assessment V2.30

Uploaded by

Copyright:

Available Formats

Preface

Disclaimer of Liability Copyright

Purpose of the Manual

• Reydisp Manager 2 V2.00 or higher

• Virtual EN100 V1.20 or higher

Purpose of the Manual

• Reydisp Manager 2 Editors

• Project planning / implementation

Reyrolle 7SR5, Security Conformance Self Assessment, Manual 3

• Control center operation/system operation

• Sales of systems and equipment

4 Reyrolle 7SR5, Security Conformance Self Assessment, Manual

3 Instructions for Use.................................................................................................................................... 11

4 BDEW Whitepaper Security Requirements................................................................................................. 13

Reyrolle 7SR5, Security Conformance Self Assessment, Manual 5

4.5.4 Web Applications and Web Services............................................................................. 27

5 IEEE 1686:2013 Security Requirements......................................................................................................35

6 IEC 62443-4-2 Security Requirements........................................................................................................ 39

6 Reyrolle 7SR5, Security Conformance Self Assessment, Manual

Reyrolle 7SR5, Security Conformance Self Assessment, Manual 7

• To provide the basis for the submission of bids.

Reyrolle 7SR5, Security Conformance Self Assessment, Manual 9

Reyrolle 7SR5, Security Conformance Self Assessment, Manual 11

4.1 General Requirements 14

Reyrolle 7SR5, Security Conformance Self Assessment, Manual 13

4.1 General Requirements

4.1.1 Secure System Architecture

BDEW ISO/IEC 27002:2013: 9.4.1, 13.1.3, 14.2.5, 14.2.7, 17.2.1

i Information for project planning/implementation:

• Typical system configurations

• Secure basic configuration

• Security relevant system settings, parameters and their defaults

• Measures for system hardening

• Traffic matrix (communication interfaces)

4.1.2 Patching and Patch Management

BDEW ISO/IEC 27002:2013 / 27019:2017: 12.6.1

14 Reyrolle 7SR5, Security Conformance Self Assessment, Manual

i Information for project planning/implementation, system service:

4.1.3 Provision of Security Patches for all System Components

BDEW ISO/IEC 27002:2013 / 27019:2017: 12.5.1, 12.6.1

• Patches are only provided after careful testing.

Reyrolle 7SR5, Security Conformance Self Assessment, Manual 15

4.1.4 Support for Deployed System Components

BDEW ISO/IEC 27002:2013 / 27019:2017: 12.6.1, 14.2.7

i Information for project planning/implementation:

4.1.5 Encryption of Sensitive Data during Storage and Transmission

BDEW ISO/IEC 27002:2013 / 27019:2017: 10.1.1, 12.4.2, 13.1.2, 18.1.3, 18.1.4

16 Reyrolle 7SR5, Security Conformance Self Assessment, Manual

i Information for project planning/implementation and system service:

4.1.6 Cryptographic Mechanisms

BDEW ISO/IEC 27002:2013 / 27019:2017: 10.1.1, 10.1.2, 13.1.4 ENR, 18.1.5

4.1.7 Secure Standard Configuration

BDEW ISO/IEC 27002:2013 / 27019:2017: 9.4.4, 12.5.1, 14.3.1

i Information for project planning / implementation:

4.1.8 Integrity Testing

BDEW ISO/IEC 27002:2013 / 27019:2017: 12.5.1, 14.2.1, 14.2.4

Reyrolle 7SR5, Security Conformance Self Assessment, Manual 17

4.1.9 Use of Cloud Services

BDEW ISO/IEC 27002:2013 / 27019:2017: 15.1.1, 15.1.2, 15.2.1

4.1.10 Documentation Requirements

BDEW ISO/IEC 27002:2013 / 27019:2017: 7.2.2, 12.1.1, 14.1.1, 14.2.7

i Information for project planning / implementation:

18 Reyrolle 7SR5, Security Conformance Self Assessment, Manual

4.2 Project Management