Passer aux informations produits
1 de 12

PayPal, credit cards. Download editable-PDF & invoice in 1 second!

GB/T 33009.1-2016 English PDF (GBT33009.1-2016)

GB/T 33009.1-2016 English PDF (GBT33009.1-2016)

Prix habituel $150.00 USD
Prix habituel Prix promotionnel $150.00 USD
Promotion Épuisé
Frais d'expédition calculés à l'étape de paiement.
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GB/T 33009.1-2016
Historical versions: GB/T 33009.1-2016
Preview True-PDF (Reload/Scroll if blank)

GB/T 33009.1-2016: Industrial automation and control system security -- Distributed control system (DCS) -- Part 1: Protection requirements
GB/T 33009.1-2016
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 25.040
N 10
Industrial automation and control system security -
Distributed control system (DCS) -
Part 1. Protection requirements
ISSUED ON. OCTOBER 13, 2016
IMPLEMENTED ON. MAY 01, 2017
Issued by. General Administration of Quality Supervision, Inspection and
Quarantine of the People's Republic of China;
Standardization Administration of the People's Republic of
China.
3. No action is required - Full-copy of this standard will be automatically and
immediately delivered to your EMAIL address in 0~60 minutes.
Table of Contents
Foreword ... 4 
1 Scope .. 6 
2 Normative references ... 6 
3 Terms, definitions, abbreviations ... 7 
3.1 Terms and definitions ... 7 
3.2 Abbreviations ... 11 
4 DCS security overview .. 11 
4.1 DCS system overview ... 11 
4.2 DCS protection overall requirements and principles ... 14 
5 Physical access control requirements .. 17 
6 Process monitoring network security ... 18 
6.1 Zone division ... 18 
6.2 Access and use control .. 19 
6.3 Intrusion prevention ... 21 
6.4 Identification and certification ... 22 
6.5 Security audit ... 23 
6.6 Resource control ... 24 
6.7 Data security ... 25 
7 Field control layer network security ... 27 
7.1 Zone division ... 27 
7.2 Access and use control .. 27 
7.3 Intrusion prevention ... 29 
7.4 Identity authentication and certification ... 30 
7.5 Security audit ... 30 
7.6 Resource control ... 31 
7.7 Data security ... 31 
8 Field equipment layer network security ... 32 
8.1 Zone division ... 32 
8.2 Access and use control .. 33 
8.3 Intrusion prevention ... 33 
8.4 Identity authentication and certification ... 34 
8.5 Security audit ... 34 
8.6 Data security ... 35 
References ... 36 
Foreword
GB/T 33009 “Industrial automation and control system security - Distributed
control system (DCS)” and GB/T 33008 “Industrial automation and control
system security - Programmable logic controller (PLC)” and other standards
together constitute the industrial automation and control systems network
security series standard.
GB/T 33009 “Industrial automation and control system security - Distributed
control system (DCS)” is divided into 4 parts.
- Part 1. Protection requirements;
- Part 2. Management requirements;
- Part 3. Assessment guidelines;
- Part 4. Risk and vulnerability detection requirements.
This part is part 1 of GB/T 33009.
This part was drafted in accordance with the rules given GB/T 1.1-2009.
This part was proposed by China Machinery Industry Federation.
This part shall be under the jurisdiction of the National Industrial Process
Measurement, Control and Automation Standardization Technical Committee
(SAC/TC 124) and the National Information Security Standardization Technical
Committee (SAC/TC 260).
The drafting organizations of this part. Zhejiang University, Zhejiang Institute of
Control Technology Co., Ltd., Machinery Industry Instrumentation Technology
Institute of Economics, Chongqing University of Posts and Telecommunications,
Chinese Academy of Sciences Shenyang Institute of Automation, Southwest
University, Fujian Institute of Technology, Hangzhou Institute of Technology,
Beijing Venus Information Security Technology Co., Ltd., China Electronics
Standardization Institute, State Grid Smart Grid Research Institute, China
Nuclear Power Engineering Co., Ltd., Shanghai Automation Instrumentation
Co., Ltd., Dongtu Technology Co., Ltd., Tsinghua University, Siemens (China)
Limited, Schneider Electric (China) Co., Ltd., Beijing Iron and Steel Design and
Research Institute, Huazhong University of Science and Technology, Beijing
Austin Technology Co., Ltd., Rockwell Automation (China) Co., Ltd., China
Instrument Society, Ministry of Industry and Information Technology Electronics
Five Research Institute, Beijing Haitai Fangyuan Science and Technology Co.,
Ltd., Qingdao Tofino Information Security Technology Co., Ltd., Beijing Guodian
Zhoushen Control Technology Co., Ltd., Beijing Lihua Huakang Technology Co.,
Industrial automation and control system security -
Distributed control system (DCS) -
Part 1. Protection requirements
1 Scope
This part of GB/T 33009 specifies the security capabilities, protection technical
requirements, and division of security protection zones of the distributed control
system in the operation and maintenance process, AND proposes specific
requirements for the key protection items, protection equipment, and protection
techniques of the process monitoring layer, field control layer and field
equipment layer.
This part applies to all the key infrastructure areas related to the security
protection of distributed control systems such as electricity, petroleum,
chemicals, water conservancy, metallurgy, building materials and so on, to
guide the business users to improve the security of the distributed control
system in service and newly established, which can also be used as the system
security design guide for the distributed control system manufacturer and
integrator.
2 Normative references
The following documents are essential to the application of this document. For
the dated documents, only the versions with the dates indicated are applicable
to this document; for the undated documents, only the latest version (including
all the amendments) are applicable to this document.
GB/T 20984-2007 Information security technology - Risk assessment
specification for information security
GB/T 30976.1-2014 Industrial control system security - Part 1. Assessment
specification
[GB/T 20984-2007, Definition 3.5]
3.1.6
Control system security
The goal is to protect the control system availability, integrity, and,
confidentiality, also including real-time, reliability and stability.
3.1.7
Human machine interface
A set of methods that employees (users) can interact with specific machines,
equipment, computer programs, or other complex tools (systems).
Note. In many cases, these include video or computer terminals, buttons,
audible feedback, flashing lights, and so on. The human machine interface
provides methods that include. input (allowing the user to control the
machine), output (allowing the machine to notify the user).
3.1.8
Identification
The process of identifying and discerning an assessment element.
[GB/T 30976.1-2014, Definition 3.1.2]
3.1.9
Security risk
The occurrence of security incident and its influence onto organizations due
to the threat use of vulnerability in man-made or natural systems and their
management systems.
[GB/T 20984-2007, Definition 3.6]
3.1.10
Integrity
Characteristics that ensure that information and information systems are not
altered or broken by unauthorized persons, including data integrity and
system integrity.
[GB/T 20984-2007, Definition 3.10]
3.1.21
Threat
Potential causes of unwanted accidents that can cause harm to the system
or organization.
[GB/T 20984-2007, Definition 3.17]
3.1.22
Vulnerability
Defects or weaknesses in system design, implementation, or operation and
management, which can be exploited to compromise system integrity or
security policies.
[GB/T 30976.1-2014, Definition 3.1.1]
3.2 Abbreviations
The following abbreviations apply to this document.
DCS. Distributed Control System
MES. Man...
Afficher tous les détails