EN IEC 62859:2020

SLOVENSKI STANDARD
01-november-2020
Jedrske elektrarne - Merilna in nadzorna oprema - Zahteve za usklajevanje
varnosti in kibernetske varnosti (IEC 62859:2016+A1:2019)
Nuclear power plants - Instrumentation and control systems - Requirements for
coordinating safety and cybersecurity (IEC 62859:2016+A1:2019)
Kernkraftwerke - Leittechnische Systeme - Anforderungen für die Koordinierung von
Sicherheit und IT-Sicherheit (IEC 62859:2016+A1:2019)
Centrales nucléaires de puissance - Systèmes d'instrumentation et de contrôle-
commande - Exigences pour coordonner sûreté et cybersécurité (IEC
62859:2016+A1:2019)
Ta slovenski standard je istoveten z: EN IEC 62859:2020
ICS:
27.120.20 Jedrske elektrarne. Varnost Nuclear power plants. Safety
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EUROPEAN STANDARD EN IEC 62859

NORME EUROPÉENNE
EUROPÄISCHE NORM
August 2020
ICS 27.120.20
English Version
Nuclear power plants - Instrumentation and control systems -
Requirements for coordinating safety and cybersecurity
(IEC 62859:2016 + A1:2019)
Centrales nucléaires de puissance - Systèmes Kernkraftwerke - Leittechnische Systeme - Anforderungen
d'instrumentation et de contrôle-commande - Exigences für die Koordinierung von Sicherheit und IT-Sicherheit
pour coordonner sûreté et cybersécurité (IEC 62859:2016 + A1:2019)
(IEC 62859:2016 + A1:2019)
This European Standard was approved by CENELEC on 2020-07-20. CENELEC members are bound to comply with the CEN/CENELEC
Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.
Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC
Management Centre or to any CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the
same status as the official versions.
CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,
Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the
Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and the United Kingdom.

European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2020 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.
Ref. No. EN IEC 62859:2020 E
European foreword
The text of document 45A/1104/FDIS, future IEC 62859/A1, prepared by SC 45A "Instrumentation,
control and electrical power systems of nuclear facilities" of IEC/TC 45 "Nuclear instrumentation" was
submitted to the IEC-CENELEC parallel vote and approved by CENELEC as EN IEC 62859:2020.
The following dates are fixed:
• latest date by which the document has to be implemented at national (dop) 2021-07-20
level by publication of an identical national standard or by endorsement
• latest date by which the national standards conflicting with the (dow) 2023-07-20
document have to be withdrawn
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CENELEC shall not be held responsible for identifying any or all such patent rights.
As stated in the nuclear safety directive 2009/71/EURATOM, Chapter 1, Article 2, item 2, Member
States are not prevented from taking more stringent safety measures in the subject-matter covered by
the Directive, in compliance with Community law.
In a similar manner, this European standard does not prevent Member States from taking more
stringent nuclear safety and/or security measures in the subject-matter covered by this standard.
Endorsement notice
The text of the International Standard IEC 62859:2016/A1:2019 was approved by CENELEC as a
European Standard without any modification.

In the official version, for Bibliography, the following notes have to be added for the standards
indicated:
IEC 61508-1 NOTE Harmonized as EN 61508-1
IEC 61508-2 NOTE Harmonized as EN 61508-2
IEC 61508-3 NOTE Harmonized as EN 61508-3
IEC 61508-4 NOTE Harmonized as EN 61508-4

Annex ZA
(normative)
Normative references to international publications
with their corresponding European publications
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments)
applies.
NOTE 1  Where an International Publication has been modified by common modifications, indicated by (mod), the relevant
EN/HD applies.
NOTE 2  Up-to-date information on the latest versions of the European Standards listed in this annex is available here:
www.cenelec.eu.
Publication Year Title EN/HD Year
IEC 60709 2004 Nuclear power plants - Instrumentation and EN 60709 2010
control systems important to safety -
Separation
IEC 60880 2006 Nuclear power plants - Instrumentation and EN 60880 2009
control systems important to safety -
Software aspects for computer-based
systems performing category A functions
IEC 61500 2009 Nuclear power plants - Instrumentation and EN 61500 2011
control important to safety - Data
communication in systems performing
category A functions
IEC 61513 2011 Nuclear power plants - Instrumentation and EN 61513 2013
control important to safety - General
requirements for systems
IEC 62138 2004 Nuclear power plants - Instrumentation and EN 62138 2009
control important for safety - Software
aspects for computer-based systems
performing category B or C functions
IEC 62340 -  Nuclear power plants - Instrumentation and EN 62340 -
control systems important to safety -
Requirements for coping with common
cause failure (CCF)
IEC 62566 2012 Nuclear power plants - Instrumentation and EN 62566 2014
control important to safety - Development
of HDL-programmed integrated circuits for
systems performing category A functions
IEC 62646 2016 Nuclear power plants - Control rooms - EN IEC 62646 2019
Computer-based procedures
IEC 62859 ®
Edition 1.0 2016-10
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
Nuclear power plants – Instrumentation and control systems – Requirements for

coordinating safety and cybersecurity

Centrales nucléaires de puissance – Systèmes d'instrumentation et de contrôle-

commande – Exigences pour coordonner sûreté et cybersécurité

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 27.120.20 ISBN 978-2-8322-3719-9

– 2 – IEC 62859:2016 © IEC 2016
CONTENTS
FOREWORD . 4
INTRODUCTION . 6
1 Scope . 8
2 Normative references . 8
3 Terms and definitions . 9
4 Symbols and abbreviations . 11
5 Coordinating safety and cybersecurity at the overall architecture level . 12
5.1 General . 12
5.2 Fundamental and generic principles . 12
5.3 Thematic requirements and recommendations . 13
5.3.1 Delineation of security zones . 13
5.3.2 Provisions for coping with common cause failures (including diversity) . 13
5.3.3 Separation provisions . 14
5.3.4 Data communications . 14
6 Coordinating safety and cybersecurity at the individual system level. 14
6.1 General . 14
6.2 Fundamental and generic principles . 14
6.3 Safety and cybersecurity coordination during the I&C system lifecycle . 15
6.3.1 General . 15
6.3.2 Requirements and planning activities . 15
6.3.3 Design activities . 15
6.3.4 Implementation activities . 16
6.3.5 Verification and validation activities . 16
6.3.6 Installation and acceptance testing activities . 16
6.3.7 Operations and maintenance activities. 16
6.3.8 Change management . 16
6.3.9 Decommissioning activities . 16
6.4 Selected technical aspects of I&C systems constrained by safety and
cybersecurity . 17
6.4.1 General . 17
6.4.2 Logical access control for HMIs of I&C programmable digital systems in
control rooms . 17
6.4.3 Software modification . 17
6.4.4 Logging and audit capability . 18
6.4.5 Use of cryptography by I&C systems . 18
6.4.6 System availability and function continuity . 19
7 Organizational and operational issues . 19
7.1 Governance and responsibilities . 19
7.2 Coordination between safety and cybersecurity staff during operations . 19
7.3 Safety and cybersecurity culture . 19
7.4 Emergency response management . 19
Annex A (informative) Rationale for, and notes related to, the scope of this document . 21
A.1 General . 21
A.2 Inclusion of I&C programmable digital system not important to safety . 21
A.3 Exclusion of physical security, room access control and site security
surveillance systems . 21

IEC 62859:2016 © IEC 2016 – 3 –
A.4 Exclusion of non-malevolent actions and events . 21
A.5 Exclusion of development tools and platforms . 22
Bibliography . 23

– 4 – IEC 62859:2016 © IEC 2016
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
NUCLEAR POWER PLANTS –
INSTRUMENTATION AND CONTROL SYSTEMS –
REQUIREMENTS FOR COORDINATING SAFETY AND CYBERSECURITY

FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC Natio
...