prEN IEC 62351-8:2025

SLOVENSKI STANDARD
01-maj-2025
Upravljanje elektroenergetskega sistema in pripadajoča izmenjava informacij -
Varnost podatkov in komunikacij - 8. del: Kontrola dostopa do
elektroenergetskega sistema na podlagi vlog
Power systems management and associated information exchange - Data and
communications security - Part 8: Role-based access control for power system
management
Energiemanagementsysteme und zugehöriger Datenaustausch – IT-Sicherheit für Daten
und Kommunikation – Teil 8: Rollenbasierte Zugriffskontrolle für
Energiemanagementsysteme
Gestion des systèmes de puissance et échanges d'informations associés - Sécurité des
communications et des données - Partie 8: Contrôle d'accès basé sur les rôles pour la
gestion de systèmes de puissance
Ta slovenski standard je istoveten z: prEN IEC 62351-8:2025
ICS:
29.240.30 Krmilna oprema za Control equipment for electric
elektroenergetske sisteme power systems
35.240.50 Uporabniške rešitve IT v IT applications in industry
industriji
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

57/2752/CDV
COMMITTEE DRAFT FOR VOTE (CDV)
PROJECT NUMBER:
IEC 62351-8 ED2
DATE OF CIRCULATION: CLOSING DATE FOR VOTING:
2025-03-07 2025-05-30
SUPERSEDES DOCUMENTS:
57/2663/CD, 57/2690A/CC
IEC TC 57 : POWER SYSTEMS MANAGEMENT AND ASSOCIATED INFORMATION EXCHANGE
SECRETARIAT: SECRETARY:
Germany Mr Heiko Englert
OF INTEREST TO THE FOLLOWING COMMITTEES: HORIZONTAL FUNCTION(S):
TC 65, TC 69, TC 88
ASPECTS CONCERNED:
SUBMITTED FOR CENELEC PARALLEL VOTING NOT SUBMITTED FOR CENELEC PARALLEL VOTING
Attention IEC-CENELEC parallel voting
The attention of IEC National Committees, members of CENELEC,
is drawn to the fact that this Committee Draft for Vote (CDV) is
submitted for parallel voting.
The CENELEC members are invited to vote through the CENELEC
online voting system.
This document is still under study and subject to change. It should not be used for reference purposes.
Recipients of this document are invited to submit, with their comments, notification of any relevant patent rights of which they are aware
and to provide supporting documentation.
Recipients of this document are invited to submit, with their comments, notification of any relevant “In Some Countries” clau ses to be
included should this proposal proceed. Recipients are reminded that the CDV stage is the final stage for submitting ISC c lauses. (SEE
AC/22/2007 OR NEW GUIDANCE DOC).

TITLE:
Power systems management and associated information exchange - Data and communications security - Part 8:
Role-based access control for power system management

PROPOSED STABILITY DATE: 2026
NOTE FROM TC/SC OFFICERS:
electronic file, to make a copy and to print out the content for the sole purpose of preparing National Committee positions.
You may not copy or "mirror" the file or printed version of the document, or any part of it, for any other purpose without
permission in writing from IEC.

57/2752/CDV – 2 – IEC CDV 62351-8 © IEC 2025
CONTENTS
CONTENTS . 1
FOREWORD . 8
INTRODUCTION . 10
1 Scope . 12
2 Normative references . 13
3 Terms and definitions . 14
4 Abbreviated terms . 17
5 RBAC process model . 18
5.1 Overview of RBAC process model . 18
5.2 Generic RBAC concepts . 18
5.3 Separation of subjects, roles, and permissions . 20
5.3.1 RBAC model . 20
5.3.2 Subject assignment (subject-to-role mapping). 23
5.3.3 Role assignment (role-to-permission mapping) . 23
5.3.4 Permission definition . 23
5.3.5 operationSet assignment (mapping of roles-permission-combinations to
objects) . 23
5.4 Criteria for defining roles. 24
5.4.1 Policies . 24
5.4.2 Subjects, roles, and permissions . 24
5.4.3 Introducing roles reduces complexity . 24
6 Definition of roles and permission assignment . 25
6.1 General . 25
6.2 Pre-defined roles . 25
6.3 Role-to-permission assignment . 26
6.3.1 General . 26
6.3.2 Number of supported permissions by a role . 27
6.3.3 Number of supported roles . 27
6.3.4 Assigning permissions to roles . 27
6.4 Definition of (custom based) roles . 29
6.4.1 General . 29
6.4.2 Encoding of roles based on specific permissions . 30
6.4.3 Encoding of roles using constraints on existing permissions . 35
6.5 Consideration of operational states . 38
6.6 Security Event consideration for the engineering of roles and permissions . 39
7 Simplified role assignment . 40
7.1 General . 40
7.2 Application of roles associated with multiple role definitions (generic roles) . 40
7.3 Illustrative examples . 41
7.3.1 General . 41
7.3.2 Application of pre-defined role “VIEWER” on Device-X for all role
definitions . 41
7.3.3 Application of custom role “OPERATOR-DFR” on Device-Y for all
supported role definitions . 43
7.3.4 Application of pre-defined role “SECADM” for selected role definitions . 43

IEC CDV 62351-8 © IEC 2025 – 3 – 57/2752/CDV
8 Definition of access tokens . 45
8.1 General . 45
8.2 Supported profiles . 45
8.3 Role-based access control related Object Identifiers . 45
8.4 General structure of the access tokens . 46
8.4.1 Profile specific mandatory components in the access tokens . 46
8.4.2 Optional access token components . 47
8.4.3 Definition of specific fields . 47
8.5 Access token profiles . 52
8.5.1 General . 52
8.5.2 Profile A: X.509 Public-key certificate . 52
8.5.3 Profile B: X.509 Attribute certificate . 55
8.5.4 Profile C: JSON Web Token – JWT . 59
8.5.5 Profile D: RADIUS provided access token information . 61
8.5.6 Profile E: LDAP provided RBAC information . 64
9 Verification of access tokens . 69
9.1 General . 69
9.2 Multiple access token existence . 69
9.3 Subject authentication . 70
9.4 Access token availability . 70
9.5 Validity period . 70
9.6 Access token integrity . 71
9.7 Issuer . 71
9.8 RoleID . 71
9.9 Revision number . 71
9.10 Area of responsibility . 72
9.11 Role definition . 72
9.12 Revocation state . 72
9.13 Operation . 73
9.14 Sequence number . 73
9.15 Revocation methods . 73
9.15.1 General . 73
9.15.2 Supported methods . 74
10 RBAC access token distribution models . 74
10.1 General . 74
10.2 PUSH model . 74
10.3 PULL model . 76
11 Interaction with backend services for RBAC access token distribution . 77
11.1 General . 77
11.2 Using directory services with LDAP . 77
11.2.1 General . 77
11.2.2 Secure communication . 78
11.2.3 LDAP Directory organization . 79
11.3 Using OAuth to provide JWT token . 80
11.3.1 General . 80
11.3.2 Secure communication . 81
11.4 Using AAA services with RADIUS . 82

57/2752/CDV – 4 – IEC CDV 62351-8 © IEC 2025
11.4.1 General . 82
11.4.2 Secure communication . 82
11.4.3 Peer configuration . 83
11.4.4 RADIUS server organization . 83
11.5 Comparison of backend interaction depending on RBAC profile . 83
12 Access token transport . 84
12.1 General . 84
12.2 Transport in Ethernet-based protocols . 85
12.3 Usage in non-Ethernet based protocols . 85
12.4 Usage in the context of the application protocol . 85
13 Conformity . 86
13.1 General . 86
13.2 Notation . 86
13.3 Mapping to existing authorization mechanisms. 86
13.4 Conformance to access token format . 86
13.5 Conformance to access token content . 87
13.6 Access token distribution . 88
13.7 Role information. 89
13.8 Role information exchange . 89
13.9 Security events . 89
Annex A (informative) Security Events . 91
A.1 General . 91
A.2 Mapping of general access token security events . 91
A.3 Mapping of access token security events specific for profile A, B, and C . 92
A.4 Mapping of security events related to backend service interaction . 92
A.5 Mapping of security events related to RBAC engineering and maintenance . 92
Annex B (informative) Role definition from previous revisions/editions of IEC 62351-8 . 94
B.1 Scope of annex . 94
B.2 Role definition from IEC/TS 62351-8:2011 . 94
B.3 Role definition from IEC/IS 62351-8:2020 . 95
Annex C (informative) Informative example for specific role definition . 97
C.1 Scope of annex . 97
C.2 Use case description . 97
C.3 XACML definition example . 97
C.4 Role description . 98
C.5 Permission group description . 99
C.6 Permission description . 100
C.7 Request syntax for PDP . 103
Annex D (informative) Examples for LDAP interaction . 105
D.1 Import of new LDAP schema for “IEC6351-RoleStructure” . 105
D.2 Import of new LDAP schema for “roles” . 105
Annex E (informative) General application of RBAC access token . 106
E.1 General . 106
E.2 Session-based approach . 106
E.3 Message-based approach . 108
Bibliography . 109

IEC CDV 62351-8 © IEC 2025 – 5 – 57/2752/CDV
Figure 1 – Generic framework for access control . 19
Figure 2 – Diagram of RBAC with static and dynamic separation of duty (enhanced
version of ANSI INCITS 359-2004) . 20
Figure 3 – Subjects, roles, permissions, and operations . 22
Figure 4 – Referencing Documents . 26
Figure 5 – Relation of Roles and Permissions . 27
Figure 7 – XACML structure . 31
Figure 16 – Schematic view of authorization based on RBAC PUSH model . 75
Figure 17 – Schematic view of authorization based on RBAC PULL model . 77
Figure 18 – RBAC model using OAuth workflow applying JWT . 81
Figure 19 – Session based RBAC approach (simplified IEC 62351-4 end-to-end
security) . 108

Table 1 – Pre-defined roles . 25
Table 2 – Template for role-to-permission mapping . 28
Table 4 – Evaluation Context . 35
Table 7 – Access token: meta information . 46
Table 8 – Access token: user role information . 47
Table 9 – Optional access token components . 47
Table 10 – AoR fields and format . 51
Table 11 – Informative example: AoR handling on IED . 52
Table 12 – Mapping between ID and attribute certificate . 58
Table 13 – RBAC profile comparison . 84
Table 14 – Conformance to access token format . 87
Table 15 – Access token: meta information . 87
Table 16 – Access token: user role information . 88
Table 17 – Optional access token components . 88
Table 18 – Generic Role support . 88
Table 19 – Conformance to access token distribution . 89
Table 20 – Support of pre-defined roles . 89
Table A.3 – Security event logs related to backend service interaction. 92
Table A.4 – Security event logs related to RBAC engineering and maintenance . 92
Table B.1 – List of pre-defined role-to-permission assignment (2011 version) . 94
Table B.2 – List of pre-defined role-to-permission assignment (2021 version) . 95
Table C.1 – Permission assignment . 97

57/2752/CDV – 6 – IEC CDV 62351-8 © IEC 2025
Document history
Any person intervening in the present document is invited to complete the table below before
sending the document elsewhere. The purpose is to allow all actors to see all changes
introduced and the intervening persons.
Any important message to IEC editors should also be included in the table below.
Name of Document received Brief description of the Document sent
intervening changes introduced
From Date To Date
person
Steffen Fries IEC 2023-05-26 Initial Version
- Restructuring of clause 6 to distinguish between
common roles and their mapping to different
protocols/data models (e.g., IEC 61850, IEC
60870).
- Restructuring of the interaction with repositories
into PULL/PUSH and the different approaches to
Steffen Fries 2023-08-08 WG15 2023-08-08
distribute access tokens (LDAP, RADIUS,
OAuth2, …)
- Preparation to include definition of permissionSets
from IEC 61850-90-19
- Inclusion of role revision information from previous
versions of the standard
- Incorporated feedback from web meetings in
08/2023 to fine-grained access control
- Incorporated draft for IEEE 1815 (DNP3 related
Steffen Fries 2023-09-12 WG15 2023-09-12
permissions) with associated questions
- Alignment with approach from IEC 61850 RBAC TF
(changed terminology, refinement of approach)
- Accepted all changes after WG15 meeting in
10/2023
- Introduced split into generic RBAC in clause 6 and
data model specific part in clause 7 to be moved to
Steffen Fries 2023-11-27 WG15 2023-11-27
referencing standards and adopted remaining parts
of the document
- Addressed comments received from version
distributed prior to WG15 meeting in 10/2023
- Addressed comments from December 2023 web
meetings to the current working draft (most
importantly, consistent explanation of
mandatory/optional fields in access token,
roleDefinition handling, number range adjustments
in the description of RoleID).
- Align text and prepared clause 7 to be transferred to
Steffen Fries 2023-12-08 WG15 2023-12-08
referencing standards (alignment with remaining
text). Clause 7 will be deleted in the next WD
version
- Updated secure communication part for Profile D
(RADIUS)
- Introduced skeleton for new Profile E using LDAP
objects mapped to the access token components.

IEC CDV 62351-8 © IEC 2025 – 7 – 57/2752/CDV
Name of Document received Brief description of the Document sent
intervening changes introduced
From Date To Date
person
- Updated clause 11.2 on LDAP interactions to reflect
LDAPS and provide recommendations regarding
startTLS (also in PICS clause)
- Included introduction to PULL/PUSH distribution
models in clause 10.1
- Rewrite of clause 12 on access token transport
- Enhancement of security event messages in
Annex A
- Update of Profile C (JWT token in clause 8.5.4 and
corresponding backend infrastructure interaction in
Steffen Fries 2024-01-19 WG15 2024-01-19
clause 11.3)
- Finalization of Profile E using LDAP based on TF
results in clause 8.5.6
- Moved clause 7 mappings to referencing standards
(clause may be deleted completely)
- Updated conformity clause 13 to reflect changes in
this edition.
- Further editorial improvements and clarifications
throughout the document
Changes based on WG15 meeting 01/2024
- RoleID reserved number range set to 255
- LDAP interaction with backend, LDAPS mandatory,
startTLS optional
- Inclusion of generic permission mapping to allow for
simplification in administration for handling different
data models in clause 7
- Clarification on PoP tokens for future use in Profile
C (clause 8.5.4)
Steffen Fries 2024-02-19 WG15 2024-02-19
- Update Profile C (8.5.4) and transport (11.3)
- Enhancement of Profile E with LDAP group option
(NCs asked regarding preferences)
- Included format conventions for role names,
roleDefinition, and AoR. Included informative
examples for AoR handling in clause 8.4.3.9
- Disallowed SHA-1 and RSA 1024 for Profiles A, B,
and C as announced in Ed.1
Steffen Fries  CD submission to IEC IEC 2024-02-29
CD comment resolution incorporated (for changes see
Steffen Fries  WG15 2024-08-26
comment resolution document)
Further late comments received, see revised comment
Steffen Fries  resolution for details. WG15 2024-10-04
Additional editorial improvements.
Final comment resolution included after alignment
during WG15 10/2024 meeting
Steffen Fries  WG15 2024-11-08
Removed Annex F with planned changes for this
edition.
Steffen Fries  CDV submission to IEC IEC 2024-12-20

57/2752/CDV – 8 – IEC CDV 62351-8 © IEC 2025
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
POWER SYSTEMS MANAGEMENT
AND ASSOCIATED INFORMATION EXCHANGE –
DATA AND COMMUNICATIONS SECURITY –

Part 8: Role-based access control for power system management

FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote international
co-operation on all questions concerning standardization in the electrical and electronic fields. To this end and
in addition to other activities, IEC publishes International Standards, Technical Specifications, Technical Reports,
Publicly Available Specifications (PAS) and Guides (hereafter referred to as "IEC Publication(s)"). Their
preparation is entrusted to technical committees; any IEC National Committee interested in the subject dealt with
may participate in this preparatory work. International, governmental and non-governmental organizations liaising
with the IEC also participate in this preparation. IEC collaborates closely with the International Organization for
Standardization (ISO) in accordance with conditions determined by agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence between
any IEC Publication and the corresponding national or regional publication shall be clearly indicated in the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of patent
rights. IEC shall not be held responsible for identifying any or all such patent rights.
International Standard IEC 62351-8 has been prepared by IEC technical committee 57: Power
systems management and associated information exchange.
The text of this standard is based on the following documents:
Enquiry draft Report on voting
57/xxxx/FDIS 57/xxxx/RVD
Full information on the voting for the approval of this standard can be found in the report on
voting indicated in the above table.
This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.

IEC CDV 62351-8 © IEC 2025 – 9 – 57/2752/CDV
Recipients of this document are invited to submit, with their comments, notification of any
relevant patent rights of which they are aware and to provide supporting documentation.
This document includes code components, i.e., components that are intended to be directly
processed by a computer. Such content is any text found between the markers BEGINS> and , or otherwise is clearly labelled in this standard as a code
component.
The purchase of this document carries a copyright license for the purchaser to sell software
containing code components from this document directly to end users and to end users via
distributors, subject to IEC software licensing conditions, which can be f ound at:
http://www.iec.ch/CCv1.
In the case of any discrepancy between the document and the code components, the code
components take precedence.
In this document, the following print types are used:
Encoding in ASN.1 or XACML: couriernew
A list of all the parts in the IEC 62351 series, published under the general title Power systems
management and associated information exchange, can be found on the IEC website.
The committee has decided that the contents of this publication will remain unchanged until the
stability date indicated on the IEC web site under "http://webstore.iec.ch" in the data related to
the specific publication. At this date, the publication will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
IMPORTANT – The 'colour inside' logo on the cover page of this publication indicates
that it contains colours which are considered to be useful for the correct understanding
of its contents. Users should therefore print this document using a colour printer.

57/2752/CDV – 10 – IEC CDV 62351-8 © IEC 2025
1 INTRODUCTION
2 This document provides a standard for access control in power systems. The power system
3 environment supported by this document is enterprise-wide and extends beyond traditional
4 borders to include external providers, suppliers, and other energy partners. Driving factors are
5 the liberalization of the energy sector to include many more stakeholders, the increasingly
6 decentralized generation of energy, and the need to control access to sensitive data of
7 resources and stakeholders.
8 The power system sector is continually improving the delivery of energy by leveraging technical
9 advances in computer-based applications. Utility operators, energy brokers and end-users are
10 increasingly accessing multiple applications to deliver, transmit and consume energy in a
11 personalized way. These disparate applications are naturally connected to a common network
12 infrastructure that typically supports protection equipment, substation automation protocols,
13 inter-station protocols, remote access, and business-to-business services. Consequently,
14 secure access to these distributed and often loosely coupled applications is even more
15 important than access to an application running on a stand-alone device.
16 Secure access to computer-based applications involves authentication of the user to the
17 application. After authentication, the types of interactions that user can perform with the
18 application is then determined. The use of local mechanisms for authorization creates a
19 patchwork of approaches difficult to uniformly administer across the breadth of a power system
20 enterprise. Each application decides with its own logic the authorization process. However, if
21 applications can use a network to help manage access, a database can serve as a trusted
22 source of user’s group or role affiliation. Thus, the access to a shared user base can be
23 controlled centrally. Each application can then examine the permissions listed for a subject and
24 corresponding role and determine their level of authorization.
25 This document defines role-based access control (RBAC) for enterprise-wide use in power
26 systems. It supports a distributed or service-oriented architecture where security is a distributed
27 service and applications are consumers of distributed services.
28 In this document, the role of a user is contained in a data structure called "access token" for
29 that user and is provided to the accessed resource. Access tokens are created and administered
30 by a (possibly federated) identity management tool. All access tokens have a lifetime and are
31 subject to expiration. Prior to verification of the access token itself, the user who tries to get
32 access is authenticated by the resource. The resource has a trust relation to the access token
33 management. The access token may be provided as self-contained object by the user or a
34 central repository or as data structure by a central repository. Specifically, the self -contained
35 access token enable local verification of the access token’s validity at remote sites without the
36 need to access a centralized repository.
37 Different access token formats are supported as five defined profiles. These access tokens may
38 be bound to a specific transport or to a specific application in conjunction with different types
39 of repositories, holding the access tokens. Common to all profiles is the information contained,
40 to allow a migration from one profile to another.
41 As RBAC is being adopted for several protocols and data models this document has been
42 changed accordingly. In its current version it focuses on the general definition of RBAC,
43 mandatory to be supported roles and options for assigning roles to permissions. The actual
44 assignment of roles to permissions and consequently the binding of RBAC related information
45 to objects, is addressed in the referencing standards, which directly relate to the target data
46 model. The existing definition of the IEC 61850 specific roles and permissions has been moved
47 to IEC 61850-90-19. Likewise for IEC 60807-5-101/-104 the specifics are handled in IEC 60870-
48 5-7. Moreover, IEEE 1815 specifics will be handled in the context of DNP3SAv6. This document
49 provides information about the role to permission assignment of previous versions of this
50 standard in the appendix.
IEC CDV 62351-8 © IEC 2025 – 11 – 57/2752/CDV
51 This standard is maintained. Technical issues identified after publication will be handled via the
52 TISSUE-DB to keep correctness and interoperability. Approved technical issues will be
53 published as INF document and further handled in either an amendment, a revision, or a new
54 edition of this document.
57/2752/CDV – 12 – IEC CDV 62351-8 © IEC 2025
56 POWER SYSTEMS MANAGEMENT
57 AND ASSOCIATED INFORMATION EXCHANGE –
58 DATA AND COMMUNICATIONS SECURITY –
60 Part 8: Role-based access control for power system management
64 1 Scope
65 The scope of this part of IEC 62351 is to facilitate role-based access control (RBAC) for power
66 system management. RBAC assigns human users, automated systems, and software
67 applications (collectively called "subjects" in this document) to specified "roles", and restricts
68 their access to only those resources, which the security policies identify as necessary for their
69 roles.
70 As electric power systems become more automated and cyber security concerns become more
71 prominent, it is becoming increasingly critical to ensure that access to data (read, write, control,
72 etc.) is restricted. As in many aspects of security, RBAC is not just a technology; it is a way of
73 running a business. RBAC is not a new concept; in fact, it is used by many operating systems
74 to control access to system resources. Specifically, RBAC provides an alternative to the all -or-
75 nothing super-user model in which all subjects have access to all data, including control
76 commands.
77 RBAC is a primary method to meet the security principle of least privilege, which states that no
78 subject should be authorized more permissions than necessary for performing that subject’s
79 task. With RBAC, authorization is separated from authentication. RBAC enables an organization
80 to subdivide super-user capabilities and package them into special user accounts termed roles
81 for assignment to specific individuals according to their associated duties. This subdivision
82 enables security policies to determine who or what systems are permitted access to which data
83 in other systems. RBAC provides thus a means of reallocating system controls as defined by
84 the organization policy. In particular, RBAC can protect sensitive system operations from
85 inadvertent (or deliberate) actions by unauthorized users. Clearly RBAC is not confined to
86 human users though; it applies equally well to automated systems and software applications,
87 i.e., software parts operating independent of user interactions.
88 The following interactions are in scope:
89 – local (direct wired) access to the object by a human user, a local and automated computer
90 agent, or a built-in human machine interface (HMI) or panel;
91 – remote (via dial-up or wireless media) access to the object by a human user;
92 – remote (via dial-up or wireless media) access to the object by a remote automated computer
93 agent, e.g., another object at another substation, a distributed energy resource at an end -
94 user’s facility, or a control centre application.
95 While this document defines a set of mandatory roles to be supported, the exchange format for
96 defined specific or custom roles is also in scope of this document. Moreover, additionally to the
97 definition of custom roles based on associated permissions, this document also includes options
98 how to assign permissions to objects in a general way. Referencing documents will provide a
99 mapping to a concrete data model to ensure an interoperability for standard roles used in
100 different data models as well as for custom defined roles. Referencing documents may be
101 standards like IEC/PAS 61850-90-19 or IEC 60870-5-7 or also definitions by an operator.
102 Out of scope for this document are all topics, which are not directly related to the definition of
103 roles and access tokens for local and remote access, especially administrative or organizational
104 tasks, such as:
IEC CDV 62351-8 © IEC 2025 – 13 – 57/2752/CDV
105 – definition of usernames and password definitions/policies;
106 – management of keys and/or key exchange;
107 – engineering process of roles;
108 – assignment of roles;
109 – selection of trusted certification authorities issuing credentials (access tokens);
110 – defining the tasks of a security officer;
111 – integrating local policies in RBAC;
112 NOTE Specifically, the management of certificates is addressed in IEC 62351-9.
113 Existing standards (see ANSI INCITS 359-2004, IEC 62443 (all parts), and IEEE 802.1X-2020)
114 in process control industry and access control (RFC 2904 and RFC 2905) are not sufficient for
115 addressing specifics of power system automation as none of them specify either the exact role
116 name and associated permissions or the format of the access tokens nor the detailed
117 mechanism by which access tokens are transferred to and authenticated by the target system.
118 This is addressed in this document by defining the access token format, distribution and
119 verification based on existing technology.
120 Throughout the document security events are defined. These security events are intended to
121 support the error handling and thus to increase sy
...