iTeh Standards logo
EURUSD
Your shopping cart is empty.
IEC

IEC TR 63486:2024

(Main)

Nuclear facilities - Instrumentation, control and electrical power systems - Cybersecurity risk management approaches

Nuclear facilities - Instrumentation, control and electrical power systems - Cybersecurity risk management approaches

IEC TR 63486:2024 provides a cybersecurity framework for digital I&C programmable systems [2]. IEC 62645 [1] aligns strongly with the information security management system (ISMS) elements detailed within ISO/IEC 27001:2013 [2]. The ISO/IEC ISMS structure corresponds to the “I&C digital programmable system cybersecurity program” in the context (as defined in 5.2.1 of IEC 62645:2019 [1]).
The scope of this document is to capture the national and international cyber-risk approaches employed to manage cybersecurity risks associated with Instrumentation and Control (I&C) and Electrical Power Systems (EPS) at a Nuclear Power Plant (NPP).
This document summarizes an evaluation of cyber-risk approaches that are in use by nuclear facility operators to manage cybersecurity risks.
The scope of this document generally follows the exclusions of IEC 62645 which are:
- Non-malevolent actions and events such as accidental failures, human errors (except those stated above, such as impacting the performance of cybersecurity controls), and natural events. In particular, good practices for managing applications and data, including backup and restoration related to accidental failure, are out of scope.
This document summarizes key insights of the international and cyber-risk approaches used at NPPs regarding the application of ISO/IEC 27005:2018 [5]. The evaluation is based on 11 challenges to cybersecurity risk management and their applicability to NPP risk management. The challenges are detailed in Clause 7. This document also relates the risk management elements of IEC 62645 and IEC 63096.

General Information

Status
Published
Publication Date
12-Sep-2024
ICS
27.100 - Power stations in general
27.120.20 - Nuclear power plants. Safety
Technical Committee
SC 45A - Instrumentation, control and electrical power systems of nuclear facilities
Current Stage
PPUB - Publication issued
Start Date
13-Sep-2024
Completion Date
19-Jul-2024
Ref Project

Overview - IEC TR 63486:2024 (Nuclear facilities - Cybersecurity risk management approaches)

IEC TR 63486:2024 provides a consolidated cybersecurity risk management framework tailored for digital Instrumentation & Control (I&C) programmable systems and Electrical Power Systems (EPS) at Nuclear Power Plants (NPPs). The technical report summarizes international and national cyber‑risk approaches used by nuclear facility operators and maps those approaches to established information security guidance such as ISO/IEC 27005:2018 and the I&C cybersecurity program concepts in IEC 62645. The document evaluates practical applicability through a set of identified cyber‑risk challenges and presents cross‑references and implementation insights (see Clauses 6–7 and informative Annexes).

Key topics and technical focus

  • Scope and limitations
    • Focuses on malevolent cybersecurity risks to I&C and EPS at NPPs.
    • Excludes non‑malevolent events (accidental failures, ordinary human error, natural events) and routine backup/restore practices.
  • Risk management mapping
    • Aligns ISMS structure elements (ISO/IEC 27001) and information risk guidance (ISO/IEC 27005) with nuclear I&C cybersecurity program requirements defined in IEC 62645.
  • Eleven NPP cyber‑risk challenges
    • The report analyzes 11 challenges (e.g., interdependencies, vulnerability uncertainty, adversary characterization, multi‑unit aggregation, information volume) and assesses how ISO/IEC 27005 approaches address them.
  • Risk assessment and treatment
    • Reviews ISO/IEC 27005 processes: context, identification, analysis, evaluation, treatment, communication, monitoring, and review as applied to NPP I&C and EPS.
  • Informative annexes
    • Annex A: national (Chinese) approach summary.
    • Annex B: cyber‑informed engineering considerations for nuclear systems.

Practical applications - who uses IEC TR 63486:2024

  • NPP operators and asset owners - to align plant cybersecurity programs for I&C and EPS with international risk‑management practices.
  • I&C / EPS engineers and system integrators - to evaluate vulnerabilities and integrate risk treatment options compatible with nuclear safety constraints.
  • Cybersecurity practitioners and risk analysts - for mapping ISO/IEC 27005 risk processes to nuclear control environments.
  • Regulators, auditors, and policy makers - to assess operator risk‑management approaches and harmonize regulatory expectations.
  • Vendors and suppliers - to design products and services that meet nuclear cybersecurity program requirements.

Related standards and keywords

  • Related: IEC 62645, IEC 63096, ISO/IEC 27001, ISO/IEC 27005.
  • SEO keywords: IEC TR 63486:2024, nuclear cybersecurity, NPP I&C cybersecurity, EPS cybersecurity, cyber risk management, IEC 62645, ISO/IEC 27005, information security for nuclear facilities.

IEC TR 63486:2024 is a practical reference for aligning nuclear‑grade I&C and EPS cybersecurity risk processes with international ISMS and risk‑assessment best practices.

IEC TR 63486:2024 - Nuclear facilities - Instrumentation, control and electrical power systems - Cybersecurity risk management approaches Isbn:9782832293805IEC TR 63486:2024 - Nuclear facilities - Instrumentation, control and electrical power systems - Cybersecurity risk management approaches Isbn:9782832293805
PreviousNext
Technical report
IEC TR 63486:2024 - Nuclear facilities - Instrumentation, control and electrical power systems - Cybersecurity risk management approaches Isbn:9782832293805
English language
160 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


IEC TR 63486 ®
Edition 1.0 2024-09
TECHNICAL
REPORT
colour
inside
Nuclear facilities – Instrumentation, control and electrical power systems –
Cybersecurity risk management approaches
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.
IEC Secretariat Tel.: +41 22 919 02 11
3, rue de Varembé info@iec.ch
CH-1211 Geneva 20 www.iec.ch
Switzerland
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.
About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigendum or an amendment might have been published.
IEC publications search - webstore.iec.ch/advsearchform IEC Products & Services Portal - products.iec.ch
The advanced search enables to find IEC publications by a Discover our powerful search engine and read freely all the
variety of criteria (reference number, text, technical publications previews, graphical symbols and the glossary.
committee, …). It also gives information on projects, replaced With a subscription you will always have access to up to date
and withdrawn publications. content tailored to your needs.
IEC Just Published - webstore.iec.ch/justpublished
Electropedia - www.electropedia.org
Stay up to date on all new IEC publications. Just Published
The world's leading online dictionary on electrotechnology,
details all new publications released. Available online and once
containing more than 22 500 terminological entries in English
a month by email.
and French, with equivalent terms in 25 additional languages.
Also known as the International Electrotechnical Vocabulary
IEC Customer Service Centre - webstore.iec.ch/csc
(IEV) online.
If you wish to give us your feedback on this publication or need
further assistance, please contact the Customer Service
Centre: sales@iec.ch.
IEC TR 63486 ®
Edition 1.0 2024-09
TECHNICAL
REPORT
colour
inside
Nuclear facilities – Instrumentation, control and electrical power systems –
Cybersecurity risk management approaches
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
ICS 27.120.20; 27.100 ISBN 978-2-8322-9380-5
– 2 – IEC TR 63486:2024  IEC 2024
CONTENTS
FOREWORD . 13
INTRODUCTION . 15
1 Scope . 17
1.1 General . 17
1.2 Framework . 20
1.3 Limitations . 20
2 Normative references . 20
3 Terms and definitions . 20
4 Abbreviated terms . 25
5 IEC 62645 risk management elements . 27
5.1 General . 27
5.2 Assignment of security degrees in the management of risk . 27
5.3 Safety correlation . 28
6 NPP cyber risk management challenges and analyses . 28
6.1 General . 28
6.2 Challenge 1: Aggregate risk of multiple units / locations. 31
6.3 Challenge 2: Complexity of interdependencies and interactions . 32
6.4 Challenge 3: Incident likelihood determination . 32
6.5 Challenge 4: Unknown or lacking sufficient detail for pre-developed
components . 32
6.6 Challenge 5: Differences in cyber-risk management . 33
6.7 Challenge 6: Lack of abstract analysis methods . 33
6.8 Challenge 7: Uncertainty in vulnerability / Susceptibility analysis . 33
6.9 Challenge 8: Adversary characterization uncertainty . 34
6.10 Challenge 9: Excessive information volume . 34
6.11 Challenge 10: Lack of a common and comprehensive risk management
process . 34
6.12 Challenge 11: Advanced security capabilities incompatibility . 35
7 Cyber-risk approaches versus challenges by ISO/IEC 27005 . 35
7.1 General . 35
7.2 ISO/IEC 27005:2018, 7.1 General considerations . 35
7.2.1 Summary . 35
7.2.2 Applicable challenges . 36
7.2.3 Summary of key approaches . 36
7.2.4 Cross-reference table (Table 4) . 37
7.3 ISO/IEC 27005:2018, 7.2 Basic criteria . 37
7.3.1 Summary . 37
7.3.2 Applicable challenges . 37
7.3.3 Key approaches . 38
7.3.4 Cross-reference table (Table 6) . 40
7.4 ISO/IEC 27005:2018, 7.3 Scope and boundaries . 40
7.4.1 Summary . 40
7.4.2 Applicable challenges . 40
7.4.3 Key approaches . 41
7.4.4 Cross-reference table (Table 8) . 42
7.5 ISO/IEC 27005:2018, 7.4 Organization for information security risk
management . 42

7.5.1 Summary . 42
7.5.2 Applicable challenges . 42
7.5.3 Key approaches . 43
7.5.4 Cross-reference table (Table 10) . 43
7.6 ISO/IEC 27005:2018, 8.1 General description of information security risk

assessment. 44
7.6.1 Summary . 44
7.6.2 Applicable challenges . 44
7.6.3 Key approaches . 44
7.6.4 Cross-reference table (Table 12) . 45
7.7 ISO/IEC 27005:2018, 8.2 Risk identification . 45
7.7.1 Summary . 45
7.7.2 Applicable challenges . 46
7.7.3 Key approaches . 46
7.7.4 Cross-reference table (Table 14) . 48
7.8 ISO/IEC 27005:2018, 8.3 Risk analysis . 48
7.8.1 Summary . 48
7.8.2 Applicable challenges . 49
7.8.3 Key approaches . 49
7.8.4 Cross-reference table (Table 16) . 51
7.9 ISO/IEC 27005:2018, 8.4 Risk evaluation . 51
7.9.1 Summary . 51
7.9.2 Applicable challenges . 51
7.9.3 Key approaches . 52
7.9.4 Cross-reference table (Table 18) . 53
7.10 ISO/IEC 27005:2018, 9.1 General description of risk treatment . 54
7.10.1 Summary . 54
7.10.2 Applicable challenges . 54
7.10.3 Key approaches . 54
7.10.4 Cross-reference table (Table 20) . 55
7.11 ISO/IEC 27005:2018, 9.2 Risk modification . 55
7.11.1 Summary . 55
7.11.2 Applicable challenges . 56
7.11.3 Key approaches . 56
7.11.4 Cross-reference table (Table 22) . 57
7.12 ISO/IEC 27005:2018, 9.3 Risk retention . 58
7.12.1 Summary . 58
7.12.2 Applicable challenges . 58
7.12.3 Key approaches . 58
7.12.4 Cross-reference table (Table 23) . 59
7.13 ISO/IEC 27005:2018, 9.4 Risk avoidance . 59
7.13.1 Summary . 59
7.13.2 Applicable challenges . 59
7.13.3 Key approaches . 60
7.13.4 Cross-reference table (Table 25) . 60
7.14 ISO/IEC 27005:2018, 9.5 Risk sharing . 60
7.14.1 Summary . 60
7.14.2 Applicable challenges . 60
7.14.3 Key approaches . 61

– 4 – IEC TR 63486:2024  IEC 2024
7.14.4 Cross-reference table (Table 27) . 61
7.15 ISO/IEC 27005:2018, Clause 10 Information security risk acceptance . 61
7.15.1 Summary . 61
7.15.2 Applicable challenges . 62
7.15.3 Key approaches . 62
7.15.4 Cross-reference table (Table 29) . 63
7.16 ISO/IEC 27005:2018, Clause 11 Information security risk communication and
consultation . 63
7.16.1 Summary . 63
7.16.2 Applicable challenges . 63
7.16.3 Key approaches . 64
7.16.4 Cross-reference table (Table 31) . 65
7.17 ISO/IEC 27005:2018, Clause 12 Security risk monitoring and review . 65
7.17.1 Summary . 65
7.17.2 Applicable challenges . 65
7.17.3 Key approaches . 66
7.17.4 Cross-reference table (Table 33) . 67
7.18 Overall summary of approaches to challenges . 67
8 Conclusions . 68
Annex A (informative) Chinese approach . 71
A.1 Summary of general approach . 71
A.2 ISO/IEC 27005:2018, 7.1 Context establishment . 71
A.3 ISO/IEC 27005:2018, 7.2 Basic criteria . 72
A.4 ISO/IEC 27005:2018, 8.1 General description of information security risk
assessment. 72
A.5 ISO/IEC 27005:2018, 8.2 Risk identification . 72
A.6 ISO/IEC 27005:2018, 8.3 Risk analysis . 74
A.7 ISO/IEC 27005:2018, 8.4 Risk evaluation . 74
A.8 ISO/IEC 27005:2018, 9.1 General description of risk treatment . 74
A.9 ISO/IEC 27005:2018, 9.2 Risk modification . 75
A.10 ISO/IEC 27005:2018, 9.3 Risk retention . 75
A.11 ISO/IEC 27005:2018, Clause 10 Information security risk acceptance . 75
A.12 ISO/IEC 27005:2018, Clause 12 Security risk monitoring and review . 76
Annex B (informative) Cyber informed engineering . 77
B.1 Summary of general approach . 77
B.2 ISO/IEC 27005:2018, 7.1 General considerations . 78
B.3 ISO/IEC 27005:2018, 7.2 Basic criteria . 78
B.4 ISO/IEC 27005:2018, 7.3 Scope and boundaries . 79
B.5 ISO/IEC 27005:2018, 8.1 General description of information security risk
assessment. 79
B.6 ISO/IEC 27005:2018, 8.2 Risk identification . 79
B.7 ISO/IEC 27005:2018, 8.3 Risk analysis . 80
B.8 ISO/IEC 27005:2018, 9.2 Risk modification . 80
B.9 ISO/IEC 27005:2018, 9.4 Risk avoidance . 81
B.10 ISO/IEC 27005:2018, 9.5 Risk sharing . 81
B.11 ISO/IEC 27005:2018, Clause 11 Information security risk communication and
consultation . 81
B.12 ISO/IEC 27005:2018, Clause 12 Security risk monitoring and review . 82
B.13 Reference documents . 82

Annex C (informative) French approach . 83
C.1 Summary of general approach . 83
C.2 EBIOS . 83
C.2.1 General . 83
C.2.2 EBIOS 2010. 83
C.2.3 EBIOS RM . 85
C.2.4 Mapping between modules/workshops from EBIOS methods and
challenges . 86
C.3 ISO/IEC 27005:2018, 7.2 Basic criteria . 87
C.4 ISO/IEC 27005:2018, 7.3 Scope and boundaries . 87
C.5 ISO/IEC 27005:2018, 7.4 Organization for information security risk
management . 88
C.6 ISO/IEC 27005:2018, 8.2 Risk identification . 88
C.7 ISO/IEC 27005:2018, 8.3 Risk analysis . 89
C.8 ISO/IEC 27005:2018, 8.4 Risk evaluation . 89
C.9 ISO/IEC 27005:2018, 9.1 General description of risk treatment . 90
C.10 ISO/IEC 27005:2018, 9.2 Risk modification . 90
C.11 ISO/IEC 27005:2018, 9.3 Risk retention . 91
C.12 ISO/IEC 27005:2018, 9.4 Risk avoidance . 92
C.13 ISO/IEC 27005:2018, Clause 10 Information security risk acceptance . 92
C.14 ISO/IEC 27005:2018, Clause 11 Information security risk communication and

consultation . 93
C.15 ISO/IEC 27005:2018, Clause 12 Security risk monitoring and review . 93
Annex D (informative) German approach . 95
D.1 Summary of general approach . 95
D.2 ISO/IEC 27005:2018, 7.1 General considerations . 95
D.3 ISO/IEC 27005:2018, 7.2 Basic criteria . 95
D.4 ISO/IEC 27005:2018, 7.3 Scope and boundaries . 96
D.5 ISO/IEC 27005:2018, 8.1 General description of information security risk
assessment. 96
D.6 ISO/IEC 27005:2018, 8.2 Risk identification . 96
D.7 ISO/IEC 27005:2018, 8.3 Risk analysis . 97
D.8 ISO/IEC 27005:2018, 8.4 Risk evaluation . 97
D.9 ISO/IEC 27005:2018, 9.1 General description of risk treatment . 97
D.10 ISO/IEC 27005:2018, 9.2 Risk modification . 97
D.11 ISO/IEC 27005:2018, 9.3 Risk retention . 98
D.12 ISO/IEC 27005:2018, 9.4 Risk avoidance . 98
D.13 ISO/IEC 27005:2018, 9.5 Risk sharing . 98
D.14 ISO/IEC 27005:2018, Clause 10 Information security risk acceptance . 98
D.15 ISO/IEC 27005 :2018,Clause 11 Information security risk communication and
consultation . 99
D.16 ISO/IEC 27005:2018, Clause 12 Security risk monitoring and review . 99
Annex E (informative) Harmonized threat and risk assessment (Canada) . 100
E.1 ISO/IEC 27005:2018, 7.2 Basic criteria . 100
E.2 ISO/IEC 27005:2018, 7.3 Scope and boundaries . 100
E.3 ISO/IEC 27005:2018, 7.4 Organization for information security risk
management . 101
E.4 ISO/IEC 27005:2018, 8.1 General description of information security risk
assessment. 101
E.5 ISO /IEC 27005:2018, 8.2 Risk identification . 102

– 6 – IEC TR 63486:2024  IEC 2024
E.6 ISO/IEC 27005:2018, 8.3 Risk analysis . 104
E.7 ISO/IEC 27005:2018, 8.4 Risk evaluation . 104
E.8 ISO/IEC 27005:2018, 9.1 General description of risk treatment . 104
E.9 ISO/IEC 27005:2018, 9.2 Risk modification . 105
E.10 ISO/IEC 27005:2018, 9.3 Risk retention . 105
E.11 ISO/IEC 27005:2018, 9.4 Risk avoidance . 105
E.12 ISO/IEC 27005:2018, Clause 10 Information security risk acceptance . 105
E.13 ISO/IEC 27005:2018, Clause 11 Information security risk communication and
consultation . 106
E.14 ISO/IEC 27005:2018, 12 Security risk monitoring and review . 106
E.15 Reference document . 107
Annex F (informative) HAZCADS approach . 108
F.1 Summary of general approach . 108
F.2 ISO/IEC 27005:2018, 7.1 General considerations . 109
F.3 ISO/IEC 27005:2018, 7.2 Basic criteria . 110
F.4 ISO/IEC 27005:2018,7.3 Scope and boundaries . 110
F.5 ISO/IEC 27005:2018, 8.1 General description of information security risk
assessment. 111
F.6 ISO/IEC 27005:2018, 8.2 Risk identification . 111
F.7 ISO/IEC 27005:2018, 8.3 Risk analysis . 112
F.8 ISO/IEC 27005:2018, 8.4 Risk evaluation . 113
F.9 ISO/IEC 27005:2018, 9.1 General description of risk treatment . 113
F.10 ISO/IEC 27005:2018, 9.2 Risk modification . 113
F.11 ISO/IEC 27005:2018, Clause 11 Information security risk communication and
consultation . 113
F.12 Reference documents . 114
Annex G (informative) IAEA computer security risk management . 115
G.1 Summary of general approach . 115
G.2 ISO/IEC 27005:2018, 7.1 General considerations . 116
G.3 ISO/IEC 27005:2018, 7.2 Basic criteria . 116
G.4 ISO/IEC 27005:2018, 7.3 Scope and boundaries . 117
G.5 ISO/IEC 27005:2018, 7.4 Organization for information security risk
management . 118
G.6 ISO/IEC 27005:2018, 8.1 General description of information security risk
assessment. 118
G.7 ISO/IEC 27005:2018, 8.2 Risk identification . 118
G.8 ISO/IEC 27005:2018, 8.3 Risk analysis . 119
G.9 ISO/IEC 27005:2018, 8.4 Risk evaluation . 120
G.10 ISO/IEC 27005:2018, 9.1 General description of risk treatment . 120
G.11 ISO/IEC 27005:2018, 9.2 Risk modification . 121
G.12 ISO/IEC 27005:2018, 9.3 Risk retention . 121
G.13 ISO/IEC 27005:2018, 9.4 Risk avoidance . 121
G.14 ISO/IEC 27005:2018, 9.5 Risk sharing . 121
G.15 ISO/IEC 27005:2018, Clause 10 Information security risk acceptance . 122
G.16 ISO/IEC 27005:2018, Clause 11 Information security risk communication and
consultation . 122
G.17 ISO/IEC 27005:2018, Clause 12 Security risk monitoring and review . 122
Annex H (informative) IEC 62443 . 123
H.1 Summary of general approach . 123
H.2 ISO/IEC 27005:2018, 7.1 General considerations . 124

H.3 ISO/IEC 27005:2018, 7.2 Basic criteria . 125
H.4 ISO/IEC 27005:2018, 7.3 Scope and boundaries . 125
H.5 ISO/IEC 27005:2018,7.4 Organization for information security risk
management . 125
H.6 ISO/IEC 27005:2018, 8.1 General description of information security risk

assessment. 126
H.7 ISO/IEC 27005:2018, 8.2 Risk identification . 126
H.8 ISO/IEC 27005:2018, 8.3 Risk analysis . 127
H.9 ISO/IEC 27005:2018, 8.4 Risk evaluation . 128
H.10 ISO/IEC 27005:2018, 9.1 General description of risk treatment . 128
H.11 ISO/IEC 27005:2018, 9.2 Risk modification . 128
H.12 ISO/IEC 27005:2018, 9.3 Risk retention . 129
H.13 ISO/IEC 27005:2018, 9.4 Risk avoidance . 129
H.14 ISO/IEC 27005:2018, 9.5 Risk sharing . 129
H.15 ISO/IEC 27005:2018, Clause 10 Information security risk acceptance . 129
H.16 ISO/IEC 27005:2018, Clause 11 Information security risk communication and
consultation . 129
H.17 ISO/IEC 27005:2018, Clause 12 Security risk monitoring and review . 130
Annex I (informative) Russian approach . 131
I.1 Summary of general approach . 131
I.2 ISO/IEC 27005:2018, 7.1 General considerations . 132
I.3 ISO/IEC 27005:2018, 7.2 Basic criteria . 132
I.4 ISO/IEC 27005:2018, 7.3 Scope and boundaries . 133
I.5 ISO/IEC 27005:2018, 7.4 Organization for information security risk
management . 133
I.6 ISO/IEC 27005:2018, 8.2 Risk identification . 134
I.7 ISO/IEC 27005:2018, 8.3 Risk analysis . 134
I.8 ISO/IEC 27005:2018, 8.4 Risk evaluation . 135
I.9 ISO/IEC 27005:2018, 9.1 General description of risk treatment . 135
I.10 ISO/IEC 27005:2018, 9.2 Risk modification . 136
I.11 ISO/IEC 27005:2018, 9.3 Risk retention . 136
I.12 ISO/IEC 27005:2018, 9.4 Risk avoidance . 136
I.13 ISO/IEC 27005:2018, Clause 10 Information security risk acceptance . 137
I.14 ISO/IEC 27005:2018, Clause 11 Information security risk communication and
consultation . 137
I.15 ISO/IEC 27005:2018, Clause 12 Security risk monitoring and review . 138
I.16 Reference documents . 138
Annex J (informative) US NRC . 139
J.1 Summary of general approach . 139
J.2 ISO/IEC 27005:2018, 7.1 Context establishment . 139
J.3 ISO/IEC 27005:2018, 7.2 Basic criteria . 140
J.4 ISO/IEC 27005:2018, 8.1 General description of information security risk
assessment. 140
J.5 ISO/IEC 27005:2018, 8.2 Risk identification . 141
J.6 ISO/IEC 27005:2018, 8.3 Risk analysis . 142
J.7 ISO/IEC 27005:2018, 8.4 Risk evaluation . 142
J.8 ISO/IEC 27005:2018, 9.1 General description of risk treatment . 143
J.9 ISO/IEC 27005:2018, 9.2 Risk modification . 144
J.10 ISO/IEC 27005:2018, 9.3 Risk retention . 144
J.11 ISO/IEC 27005:2018, Clause 10 Information security risk acceptance . 145

– 8 – IEC TR 63486:2024  IEC 2024
J.12 ISO/IEC 27005:2018, Clause 11 Information security risk communication and
consultation . 146
J.13 ISO/IEC 27005:2018, Clause 12 Security risk monitoring and review . 147
Annex K (informative) United Kingdom . 148
K.1 Summary of general approach . 148
K.2 ISO/IEC 27005:2018, 7.2 Basic criteria . 148
K.3 ISO/IEC 27005:2018,7.3 Scope and boundaries . 149
K.4 ISO/IEC 27005:2018, 7.4 Organization for information security risk
management . 151
K.5 ISO/IEC 27005:2018, 8.1 General description of information security risk
assessment. 151
K.6 ISO/IEC 27005:2018, 8.2 Risk identification . 152
K.7 ISO/IEC 27005:2018, 8.3 Risk analysis . 152
K.8 ISO/IEC 27005:2018, 8.4 Risk evaluation . 153
K.9 ISO/IEC 27005:2018, 9.1 General description of risk treatment . 154
K.10 ISO/IEC 27005:2018, 9.2 Risk modification . 154
K.11 ISO/IEC 27005:2018, 9.3 Risk retention . 155
K.12 ISO/IEC 27005:2018, Clause 10 Information security risk acceptance . 155
K.13 ISO/IEC 27005:2018, Clause 11 Information security risk communication and
consultation . 155
K.14 ISO/IEC 27005:2018, Clause 12 Security risk monitoring and review . 156
Bibliography . 157

Figure 1 – Overview of the Hierarchy of IEC SC 45A Standards Related to Cyber
Security . 19
Figure 2 – Technical Report Development Approach . 31
Figure C.1 – EBIOS 2010 Process Overview . 84
Figure C.2 – EBIOS Risk Manager Overview [11] . 85
Figure E.1 – HTRA Risk Formula (Figure B-4 of [8]) . 102
Figure F.1 – Overview of HAZCADS Method (See Reference documents, EPRI 2018) . 109
Figure H.1 – Parts of the ISA/IEC 62443 Series [39] . 124
Figure I.1 – Overview the Relation of the FSTEC Approach for Risk Assessment and
ISO/IEC 27005 . 131
Figure K.1 – UK IS/DBSy approach: Example InfoSec model . 150

Table 1 – Risk management challenges . 28
Table 2 – Cyber-risk approaches . 30
Table 3 – ISO/IEC 27005 Clause 7.1: Applicable challenges . 36
Table 4 – ISO/IEC 27005 Clause 7.1: Cross reference table . 37
Table 5 – ISO/IEC 27005 Clause 7.2: Applicable challenges . 38
Table 6 – ISO/IEC 27005 Clause 7.2: Cross reference table . 40
Table 7 – ISO/IEC 27005 Clause 7.3: Applicable challenges . 40
Table 8 – ISO/IEC 27005 Clause 7.3: Cross reference table . 42
Table 9 – ISO/IEC 27005 Clause 7.4: Applicable challenges . 43
Table 10 – ISO/IEC 27005 Clause 7.4: Cross reference table . 43
Table 11 – ISO/IEC 27005 Clause 8.1: Applicable challenges . 44
Table 12 – ISO/IEC 27005 Clause 8.1: Cross reference table . 45

Table 13 – ISO/IEC 27005 Clause 8.2: Applicable challenges . 46
Table 14 – ISO/IEC 27005 Clause 8.2: Cross reference table . 48
Table 15 – ISO/IEC 27005 Clause 8.3: Applicable challenges . 49
Table 16 – ISO/IEC 27005 Clause 8.3: Cross reference table . 51
Table 17 – ISO/IEC 27005 Clause 8.4: Applicable challenges . 52
Table 18 – ISO/IEC 27005 Clause 8.4: Cross reference table . 53
Table 19 – ISO/IEC 27005 Clause 9.1: Applicable challenges . 54
Table 20 – ISO/IEC 27005 Clause 9.1: Cross reference table . 55
Table 21 – ISO/IEC 27005 Clause 9.2: Applicable challenges . 56
Table 22 – ISO/IEC 27005 Clause 9.2: Cross reference table . 57
Table 23 – ISO/IEC 27005 Clause 9.3: Cross reference table . 59
Table 24 – ISO/IEC 27005 Clause 9.4: Applicable challenges . 60
Table 25 – ISO/IEC 27005 Clause 9.4: Cross reference table . 60
Table 26 – ISO/IEC 27005 Clause 9.5: Applicable challenges . 61
Table 27 – ISO/IEC 27005 Clause 9.5: Cross reference table . 61
Table 28 – ISO/IEC 27005 Clause 10: Applicable challenges . 62
Table 29 – ISO/IEC 27005 Clause 10: Cross reference table . 63
Table 30 – ISO/IEC 27005 Clause 11: Applicable challenges . 63
Table 31 – ISO/IEC 27005 Clause 11: Cross reference table . 65
Table 32 – ISO/IEC 27005 Clause 12: Applicable challenges . 66
Table 33 – ISO/IEC 27005 Clause 12: Cross reference table . 67
Table 34 – Summary of approaches to challenges . 68
Table A.1 – Chinese approach: Challenges addressed . 71
Table A.2 – Chinese approach: Insights for ISO/IEC Clause 7.1 . 71
Table A.3 – Chinese approach: Insights for ISO/IEC Clause 7.2 . 72
Table A.4 – Chinese approach: Insights for ISO/IEC Clause 8.1 . 72
Table A.5 – Chinese approach: Insights for ISO/IEC Clause 8.2 . 73
Table A.6 – Chinese approach: Insights for ISO/IEC Clause 8.3 . 74
Table A.7 – Chinese approach: Insights for ISO/IEC Clause 8.4 . 74
Table A.8 – Chinese approach: Insights for ISO/IEC Clause 9.1 . 75
Table A.9 – Chinese approach: Insights for ISO/IEC Clause 9.2 . 75
Table A.10 – Chinese approach: Insights for ISO/IEC Clause 9.3 . 75
Table A.11 – Chinese approach: Insights for ISO/IEC Clause 10. 75
Table A.12 – Chinese approach: Insights for ISO/IEC Clause 1
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

Loading comments...

Frequently Asked Questions

IEC TR 63486:2024 is a technical report published by the International Electrotechnical Commission (IEC). Its full title is "Nuclear facilities - Instrumentation, control and electrical power systems - Cybersecurity risk management approaches". This standard covers: IEC TR 63486:2024 provides a cybersecurity framework for digital I&C programmable systems [2]. IEC 62645 [1] aligns strongly with the information security management system (ISMS) elements detailed within ISO/IEC 27001:2013 [2]. The ISO/IEC ISMS structure corresponds to the “I&C digital programmable system cybersecurity program” in the context (as defined in 5.2.1 of IEC 62645:2019 [1]). The scope of this document is to capture the national and international cyber-risk approaches employed to manage cybersecurity risks associated with Instrumentation and Control (I&C) and Electrical Power Systems (EPS) at a Nuclear Power Plant (NPP). This document summarizes an evaluation of cyber-risk approaches that are in use by nuclear facility operators to manage cybersecurity risks. The scope of this document generally follows the exclusions of IEC 62645 which are: - Non-malevolent actions and events such as accidental failures, human errors (except those stated above, such as impacting the performance of cybersecurity controls), and natural events. In particular, good practices for managing applications and data, including backup and restoration related to accidental failure, are out of scope. This document summarizes key insights of the international and cyber-risk approaches used at NPPs regarding the application of ISO/IEC 27005:2018 [5]. The evaluation is based on 11 challenges to cybersecurity risk management and their applicability to NPP risk management. The challenges are detailed in Clause 7. This document also relates the risk management elements of IEC 62645 and IEC 63096.

IEC TR 63486:2024 provides a cybersecurity framework for digital I&C programmable systems [2]. IEC 62645 [1] aligns strongly with the information security management system (ISMS) elements detailed within ISO/IEC 27001:2013 [2]. The ISO/IEC ISMS structure corresponds to the “I&C digital programmable system cybersecurity program” in the context (as defined in 5.2.1 of IEC 62645:2019 [1]). The scope of this document is to capture the national and international cyber-risk approaches employed to manage cybersecurity risks associated with Instrumentation and Control (I&C) and Electrical Power Systems (EPS) at a Nuclear Power Plant (NPP). This document summarizes an evaluation of cyber-risk approaches that are in use by nuclear facility operators to manage cybersecurity risks. The scope of this document generally follows the exclusions of IEC 62645 which are: - Non-malevolent actions and events such as accidental failures, human errors (except those stated above, such as impacting the performance of cybersecurity controls), and natural events. In particular, good practices for managing applications and data, including backup and restoration related to accidental failure, are out of scope. This document summarizes key insights of the international and cyber-risk approaches used at NPPs regarding the application of ISO/IEC 27005:2018 [5]. The evaluation is based on 11 challenges to cybersecurity risk management and their applicability to NPP risk management. The challenges are detailed in Clause 7. This document also relates the risk management elements of IEC 62645 and IEC 63096.

IEC TR 63486:2024 is classified under the following ICS (International Classification for Standards) categories: 27.100 - Power stations in general; 27.120.20 - Nuclear power plants. Safety. The ICS classification helps identify the subject area and facilitates finding related standards.

You can purchase IEC TR 63486:2024 directly from iTeh Standards. The document is available in PDF format and is delivered instantly after payment. Add the standard to your cart and complete the secure checkout process. iTeh Standards is an authorized distributor of IEC standards.

IEC TR 63486:2024は、原子力施設における計装、制御、および電力システムに関連するサイバーセキュリティリスク管理アプローチに焦点を当てた重要な標準です。この標準の範囲は、原子力発電所(NPP)におけるI&CおよびEPSのサイバーセキュリティリスクを管理するために使用される国家及び国際的なリスクアプローチを包括的にまとめています。 このドキュメントは、原子力施設オペレーターが採用するサイバーリスクアプローチの評価を要約しており、サイバーセキュリティリスクを効果的に管理するための実務的な指針を提供しています。IEC 62645に強く整合しており、ISO/IEC 27001:2013の情報セキュリティ管理システム(ISMS)の要素と一致している点が大きな強みです。特に、ISO/IEC 27005:2018に基づくリスク管理要素を関連付け、サイバーセキュリティリスク管理に関する11の課題を明確に定義している点は、この標準の重要な特長です。 また、IEC TR 63486:2024は、サイバーセキュリティコントロールの性能に影響を与えるような人的エラーや悪意のない行動を除外しており、より明確な範囲設定を行っています。救助と復旧に関する良好な実践も範囲外であるため、文書は特定のアプローチに集中し、サイバーセキュリティリスクを特定の条件下で適切に管理する方法を探求しています。 この標準は、原子力施設におけるサイバーセキュリティに関して、国際的かつ現実的なアプローチを示しており、特に国際的な基準と整合性を保ちながら構築されているため、その関連性と重要性は極めて高いと言えます。

IEC TR 63486:2024는 원자력 시설의 사이버 보안 리스크 관리 접근 방식을 다루며, 디지털 I&C 프로그램 시스템을 위한 사이버 보안 프레임워크를 제공합니다. 이 표준은 국제적으로도 제정된 ISO/IEC 27001:2013 정보 보안 관리 시스템(ISMS) 요소와 강하게 연계되어 있으며, 이는 사이버 보안 프로그램을 구축하기 위한 기본적인 구조를 제공합니다. 본 문서의 범위는 원자력 발전소(NPP)의 계측 및 제어(I&C) 시스템과 전력 시스템(EPS)과 관련된 사이버 보안 리스크를 관리하기 위해 사용되는 국가 및 국제 사이버 리스크 접근 방식을 포괄하고 있습니다. 또한, 이 문서는 원자력 시설 운영자가 사이버 보안 리스크를 관리하는 데 사용하고 있는 사이버 리스크 접근 방식에 대한 평가를 요약하고 있습니다. IEC 63486:2024는 사이버 보안 리스크 관리에 대한 11가지 도전 과제를 기준으로 하여, 각 과제가 원자력 발전소의 위험 관리에 어떻게 적용되는지를 분석합니다. 이러한 평가를 통해, 사이버 리스크 관리의 어려움과 효과적인 관리 전략이 무엇인지에 대한 통찰을 제공합니다. 문서에서는 IEC 62645의 제외 사항을 명확히 하고 있으며, 인위적이지 않은 사건이나 인간의 오류와 같은 요인들은 사이버 보안 리스크 관리의 범위에서 제외됩니다. 이로 인해, 원자력 발전소의 실제 사이버 보안 관리에 실질적으로 중요한 정보와 적용 가능한 전략에 집중할 수 있습니다. 결국 IEC TR 63486:2024는 사이버 보안 리스크 관리의 국제 표준을 준수하면서 NPP에서의 운용 및 보안 체계에 대한 체계적이고 포괄적인 지침을 제시합니다. 이 표준은 사이버 보안 환경의 복잡성을 관리하는 데 필요한 도구와 원칙을 제공하여, 원자력 시설의 안전하고 신뢰할 수 있는 운영에 기여할 수 있는 강력한 기준을 형성합니다.

IEC TR 63486:2024 provides a comprehensive framework for cybersecurity risk management specifically tailored for digital Instrumentation and Control (I&C) programmable systems used in Nuclear Power Plants (NPPs). The inherent strength of this standard lies in its alignment with ISO/IEC 27001:2013, ensuring that the cybersecurity measures are robust and adhere to internationally recognized information security management system (ISMS) elements. The scope of IEC TR 63486:2024 is particularly relevant in today’s context where cybersecurity threats in critical infrastructure, such as nuclear facilities, are escalating. By capturing national and international approaches to cyber-risk management, the standard facilitates a holistic understanding of the existing frameworks that nuclear facility operators can utilize to mitigate cybersecurity risks. One of the key strengths of this document is its systematic evaluation of 11 specific challenges associated with cybersecurity risk management, which are particularly pertinent to the operational context of NPPs. This detailed analysis provides operators with actionable insights that can be directly applied to enhance their cybersecurity posture. The inclusion of ISO/IEC 27005:2018 within the framework further strengthens the relevance of this standard, as it provides a structured approach to risk management that can be adapted to meet the unique challenges faced by operators of nuclear facilities. Moreover, the exclusion criteria outlined, which address non-malevolent actions such as accidental failures and natural events, ensure that the focus remains strictly on intentional cybersecurity threats. This allows for a more concentrated approach to creating effective cybersecurity strategies that specifically target vulnerabilities related to I&C and electrical power systems. Overall, IEC TR 63486:2024 is a critical resource for nuclear facility operators, providing essential guidelines and a structured approach to cybersecurity risk management that is aligned with international standards. Its relevance cannot be overstated, given the increasing importance of cybersecurity in ensuring the safety and integrity of nuclear power operations. The standard serves as a vital tool in the ongoing effort to protect sensitive infrastructure from cyber threats, ultimately enhancing the resilience of the nuclear sector.

This May Also Interest You

IEC
IEC 61800-9-2:2023(Main)
Adjustable speed electrical power drive systems (PDS) - Part 9-2: Ecodesign for motor systems - Energy efficiency determination and classification

IEC 61800-9-2:2023 specifies energy efficiency indicators of power electronics (complete drive modules (CDM), input or output sub drive modules (SDM), power drive systems (PDS) and motor starters, all used for motor driven equipment.
It defines IE and IES classes, their limit values and provides test procedures for the classification of the overall losses of the motor system.
Furthermore, this document proposes a methodology for the implementation of the best energy efficiency solution of drive systems. This depends on the architecture of the motor driven system, on the speed/torque profile and on the operating points over time of the driven load equipment. It provides a link for the energy efficiency evaluation and classification of the extended product.
This edition includes the following significant technical changes with respect to the previous edition:
a) Additional IES Classes defined to IES5;
b) Removed reference motor loss data and now point to IEC 60034-30-2;
c) Expanded and modified factors in Clause 6 for CDMs;
d) Annex C is now the Mathematical Model for CDM Losses;
e) Moved the mathematical model for the CDM to Annex C;
f) Added Sub Drive Input Module and Sub Drive Output Modules to Annex B;
g) Annex D is now the Converter Topology (old Annex C);
h) Annex E is now the Interpolation of Motor Losses (Old Annex D);
i) Annex E expanded to include various motor connections and updated interpolation method;
j) New Annex E for determination of Interpolation Coefficients;
k) Annex F is the old Annex E;
l) New Annex J Explanation of Correction Factors for the Reference Losses in Table 8.

  • Standard
    268 pages
    English language
    sale 15% off
  • Standard
    276 pages
    English and French language
    sale 15% off
IEC
IEC 62541-22:2025(Main)
OPC unified architecture - Part 22: Base Network Model

IEC 62541-22:2025 specifies an OPC UA Information Model for a basic set of network related components used in other Information Models.
The initial version of this document defines parameter sets for TSN Talkers and Listeners as well as network interfaces and ports as shown in Figure 1. A future version of this document is expected to have a broader scope of other network technologies than Ethernet only.

  • Standard
    39 pages
    English language
    sale 15% off
  • Standard
    39 pages
    French language
    sale 15% off
  • Standard
    78 pages
    English and French language
    sale 15% off
IEC
IEC 62541-8:2025(Main)
OPC unified architecture - Part 8: Data access

IEC 62541-8:2025 defines the information model associated with Data Access (DA). It particularly includes additional VariableTypes and complementary descriptions of the NodeClasses and Attributes needed for Data Access, additional Properties, and other information and behaviour.
The complete address space model, including all NodeClasses and Attributes is specified in IEC 62541‑3. The services to detect and access data are specified in IEC 62541‑4.
Annex A specifies how the information received from OPC COM Data Access (DA) Servers is mapped to the Data Access model.
This fourth edition cancels and replaces the third edition published in 2020. This edition constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous edition:
a) addition of a "Quantity Model" which can be referenced from EngineeringUnit Properties. The model defines quantities and assigned units. In addition it provides alternative units and the conversion to them.
b) addition of rules for ValuePrecision Property:
- can also be used for other subtypes like Duration and Decimal.
- rules have been added when ValuePrecision has negative values.

  • Standard
    92 pages
    English language
    sale 15% off
  • Standard
    94 pages
    French language
    sale 15% off
  • Standard
    186 pages
    English and French language
    sale 15% off
IEC
IEC 60966-4-4:2025(Main)
Radio frequency and coaxial cable assemblies - Part 4-4: Semi-rigid coaxial cable - Detail specification - Frequency range up to 6 000 MHz, type 50-5 multi-channel cables

IEC 60966-4-4:2025, which is a Detail Specification, relates to multi-channel semi-rigid cable assemblies composed of type 50-5 semi-rigid coaxial cables with foamed polyethylene dielectric (see Annex A) and connectors such as type 7-16 (IEC 61169-4), type 4.1-9.5 (IEC 61169-11), type N (IEC 61169-16), type S7-16 (IEC 61169-53), type 4.3-10 (IEC 61169-54), type L32 (IEC 63138-4), type 2.2-5 (IEC 61169-66), type NEX10 (IEC 61169-71), type MQ4 (IEC 63138-2) or type MQ5 (IEC 63138-3). It gives subfamily detail requirements and severities.
This document applies to the semi-rigid cable assemblies for mobile communication, in particular for the cable assemblies used between main feeder and antennas or between main feeder and equipment system or between remote radio heads and antennas. The operating frequency is up to 6 000 MHz.

  • Standard
    14 pages
    English language
    sale 15% off
  • Standard
    14 pages
    French language
    sale 15% off
  • Standard
    28 pages
    English and French language
    sale 15% off
IEC
IEC 62541-23:2025(Main)
OPC unified architecture - Part 23: Common ReferenceTypes

IEC 62541-23:2025 defines ReferenceTypes commonly used in industrial Information Models. They are more specific than the ReferenceTypes in IEC 62541‑3 which are an inherent part of the OPC UA Address Space Model.

  • Standard
    24 pages
    English language
    sale 15% off
  • Standard
    25 pages
    French language
    sale 15% off
  • Standard
    49 pages
    English and French language
    sale 15% off
IEC
IEC 60749-26:2025(Main)
Semiconductor devices - Mechanical and climatic test methods - Part 26: Electrostatic discharge (ESD) sensitivity testing - Human body model (HBM)

IEC 60749-26:2025 establishes the procedure for testing, evaluating, and classifying components and microcircuits in accordance with their susceptibility (sensitivity) to damage or degradation by exposure to a defined human body model (HBM) electrostatic discharge (ESD). The purpose of this document is to establish a test method that will replicate HBM failures and provide reliable, repeatable HBM ESD test results from tester to tester, regardless of component type. Repeatable data will allow accurate classifications and comparisons of HBM ESD sensitivity levels. ESD testing of semiconductor devices is selected from this test method, the machine model (MM) test method (see IEC 60749‑27) or other ESD test methods in the IEC 60749 series. Unless otherwise specified, this test method is the one selected.
This edition includes the following significant technical changes with respect to the previous edition:
a) new definitions have been added;
b) text has been added to clarify the designation of and allowances resulting from “low parasitics”. The new designation includes the maximum number of pins of a device that can pass the test procedure.

  • Standard
    50 pages
    English language
    sale 15% off
  • Standard
    55 pages
    French language
    sale 15% off
  • Standard
    105 pages
    English and French language
    sale 15% off
IEC
IEC 61800-9-2:2023/AMD1:2025(Amendment)
Amendment 1 - Adjustable speed electrical power drive systems (PDS) - Part 9-2: Ecodesign for motor systems - Energy efficiency determination and classification
  • Standard
    4 pages
    English language
    sale 15% off
  • Standard
    4 pages
    French language
    sale 15% off
  • Standard
    8 pages
    English and French language
    sale 15% off
IEC
IEC 62541-6:2025(Main)
OPC unified architecture - Part 6: Mappings

IEC 62541-6:2025 specifies the mapping between the security model described in IEC 62541‑2, the abstract service definitions specified in IEC 62541‑4, the data structures defined in IEC 62541‑5 and the physical network protocols that can be used to implement the OPC UA specification.
This fourth edition cancels and replaces the third edition published in 2020. This edition constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous edition:
a) addition of support for ECC to UA Secure Conversation;
b) use of the AuthorityKeyIdentifier extension in Certificate Revocation Lists;
c) enhancement of JSON mapping of Unions;
d) addition of Decimal data type encoding.
e) description of ECC keyUsage rules;
f) addition of Media assigned by IANA to UANodeSet definition;
g) addition of requirements for user and issuer Certificates;
h) addition of rules which specify what happens when DateTime precision is lost;
i) addition of rules to allow for the truncation of strings containing embedded nulls.
J) definition of a normative string representation for NodeId, ExpandedNodeId and QualifiedName for JSON mapping.
k) requirement that TAI times be converted to UTC;
l) new possibility to omit Symbol if unknown in JSON encoding;
m) addition of fields needed to support RolePermissions to the UANodeSet

  • Standard
    138 pages
    English language
    sale 15% off
  • Standard
    150 pages
    French language
    sale 15% off
  • Standard
    288 pages
    English and French language
    sale 15% off
IEC
IEC TS 63283-2:2025(Main)
Industrial-process measurement, control and automation - Smart manufacturing - Part 2: Use cases

IEC TS 63283-2: 2025 has the goal of analyzing the impact of smart manufacturing on the daily operation of an industrial facility. It focusses on the perspective of automation and control of the production system, but also on the supporting processes of ordering, supply chain management, design, engineering and commissioning, operational technology, life cycle management, maintenance management, and resource management.
These recommendations are accomplished on the basis of several carefully selected use cases that are familiar to manufacturing industry. Therefore, each use case is described, followed by an analysis of the possible influence of smart manufacturing and the assessment of the impact on existing and future standardization.
This first edition cancels and replaces the first edition of IEC TR 63283-2 published in 2022. This edition constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous edition:
a) additional use cases (Clause 6);
b) clustering of the requirements for standardization (Clause 7);
c) consolidation of the use cases contributing to the cluster “Computing infrastructure” (Clause 8 and Annex D);
d) consolidation of the business context of the use cases (Annex C).

  • Technical specification
    204 pages
    English language
    sale 15% off
IEC
IEC 62541-11:2025(Main)
OPC Unified Architecture - Part 11: Historical Access

IEC 62541-11: 2025 defines the Information Model associated with Historical Access (HA). It particularly includes additional and complementary descriptions of the NodeClasses and Attributes needed for Historical Access, additional standard Properties, and other information and behaviour. The complete AddressSpace Model including all NodeClasses and Attributes is specified in IEC 62541‑3. The predefined Information Model is defined in IEC 62541‑5. The Services to detect and access historical data and events, and description of the ExtensibleParameter types are specified in IEC 62541‑4. This document includes functionality to compute and return Aggregates like minimum, maximum, average etc. The Information Model and the concrete working of Aggregates are defined in IEC 62541‑13. Conventions for Historical Access Clients are informatively provided in Annex A.
This fourth edition cancels and replaces the third edition published in 2020. This edition constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous edition:
a) a functionality has been added to support retrieving of modified events;
b) an Event has been added to indicate when a backfill occurred;
c) a new ReferenceType that can be used to indicate an external node has been defined;
d) the text has been improved to better explain the concept of annotation and remove conflicting explanations;
e) a default historian configuration (and where to find it) has been defined;
f) HistoricalEventConfigurationType, which provides general configuration information about the historical Event storage, has been added;
g) the text has been updated and optional fields have been added to HA configuration object to allow configuration to be defined for periodic data collection, not just for exception-based collection;
h) an ObjectType that can be used for external event collection has been provided as well as an example how historians can be configured.

  • Standard
    229 pages
    English language
    sale 15% off