Power systems management and associated information exchange - Data and communications security - Part 7: Network and system management (NSM) data object models (IEC 62351-7:2025)

IEC 62351-7:2025 defines network and system management (NSM) data object models that are specific to power system operations. These NSM data objects will be used to monitor the health of networks and systems, to detect possible security intrusions, and to manage the performance and reliability of the information infrastructure. The goal is to define a set of abstract objects that will allow the remote monitoring of the health and condition of IEDs (Intelligent Electronic Devices), RTUs (Remote Terminal Units), DERs (Distributed Energy Resources) systems and other systems that are important to power system operations.
Power systems operations are increasingly reliant on information infrastructures, including communication networks, IEDs, and self-defining communication protocols. Therefore, management of the information infrastructure has become crucial to providing the necessary high levels of security and reliability in power system operations.
The telecommunication infrastructure that is in use for the transport of telecontrol and automation protocols is already subject to health and condition monitoring control, using the concepts developed in the IETF Simple Network Management Protocol (SNMP) standards for network management. However, power system specific devices (like teleprotection, telecontrol, substation automation, synchrophasors, inverters and protections) need instead a specific solution for monitoring their health.
The NSM objects provide monitoring data for IEC protocols used for power systems (IEC 61850, IEC 60870-5-104) and device specific environmental and security status. As a derivative of IEC 60870-5-104, IEEE 1815 DNP3 is also included in the list of monitored protocols. The NSM data objects use the naming conventions developed for IEC 61850, expanded to address NSM issues. For the sake of generality these data objects, and the data types of which they are comprised, are defined as abstract models of data objects.
In addition to the abstract model, in order to allow the integration of the monitoring of power system devices within the NSM environment in this part of IEC 62351, a mapping of objects to the SNMP protocol of Management Information Base (MIBs) is provided.
The objects that are already covered by existing MIBs are not defined here but are expected to be compliant with existing MIB standards. For example protocols including EST, SCEP, RADIUS, LDAP, GDOI are not in scope.
This edition of IEC 62351-7 cancels and replaces IEC 62351-7 published in 2017. This new edition constitutes a technical revision and includes the following significant technical changes with respect to IEC 62351-7:
a) Reviewed and enriched the NSM object data model;
b) UML model adopted for NSM objects description;
c) SNMP protocol MIBs translation included as Code Components

Datenmodelle, Schnittstellen und Informationsaustausch für Planung und Betrieb von Energieversorgungsunternehmen – Daten- und Kommunikationssicherheit - Teil 7: Datenobjektmodelle für Netzwerk- und Systemmanagement (NSM) (IEC 62351-7:2025)

Gestion des systèmes de puissance et échanges d'informations associés - Sécurité des communications et des données - Partie 7: Modèles d’objets de données de gestion de réseaux et de systèmes (NSM) (IEC 62351-7:2025)

IEC 62351-7:2025 définit des modèles d'objets de données de gestion de réseaux et de systèmes (NSM) spécifiques aux opérations des systèmes de puissance. Ces objets de données NSM servent à surveiller la bonne santé des réseaux et des systèmes afin de détecter les intrusions de sécurité potentielles, et de gérer les performances et la fiabilité de l'infrastructure d'information. L'objectif est de définir un ensemble d'objets abstraits qui permet de surveiller à distance la bonne santé des appareils électroniques intelligents (IED), des terminaux à distance (RTU), des systèmes de ressources énergétiques décentralisées (DER) et des autres systèmes importants pour les opérations des systèmes de puissance.
Les opérations des systèmes de puissance reposent de plus en plus sur les infrastructures d'information, y compris les réseaux de communication, les IED et les protocoles de communication autodéfinis. Par conséquent, la gestion de l'infrastructure d'information est essentielle pour fournir les niveaux élevés nécessaires de sécurité et de fiabilité dans les opérations des systèmes de puissance.
L'infrastructure de télécommunication utilisée pour le transport des protocoles de téléconduite et d'automatisation est déjà soumise à la conduite de la surveillance de la bonne santé, en appliquant les concepts développés dans les normes de l'IETF concernant le protocole simple de gestion de réseau (SNMP, Simple Network Management Protocol), spécifiques à la gestion de réseau. Toutefois, une solution spécifique est nécessaire pour surveiller la bonne santé des dispositifs spécifiques aux systèmes de puissance (comme la téléprotection, la téléconduite, l'automatisation des postes, les synchrophaseurs, les onduleurs et les protections).
Les objets NSM fournissent des données de surveillance pour les protocoles IEC utilisés pour les systèmes de puissance (IEC 61850, IEC 60870-5-104), ainsi que des données d'environnement et d'état de sécurité spécifiques aux dispositifs. Dérivée de l'IEC 60870 5 104, l'IEEE 1815 DNP3 est également intégrée dans la liste des protocoles surveillés. Les objets de données NSM utilisent les conventions d'appellation développées pour l'IEC 61850, étendues pour traiter les questions liées à la NSM. À des fins de généralité, ces objets de données et les types de données dont ils sont constitués, sont définis comme modèles abstraits d'objets de données.
Outre le modèle abstrait, la présente partie de l'IEC 62351 fournit une mise en correspondance des objets pour la base d'informations de gestion (MIB) associée au protocole SNMP, afin de permettre l'intégration de la surveillance des dispositifs de puissance dans l'environnement NSM.
Les objets déjà couverts par les MIB existantes ne sont pas définis ici, mais sont réputés être conformes aux normes MIB existantes. Par exemple, les protocoles comprenant EST, SCEP, RADIUS, LDAP, GDOI, ne relèvent pas du domaine d'application de la présente partie de l'IEC 62351
Cette édition de l'IEC 62351-7 annule et remplace l'IEC 62351-7 parue en 2017. Cette nouvelle édition constitue une révision technique et inclut les modifications techniques majeures suivantes par rapport à l'IEC 62351-7:
a) revue et enrichissement du modèle de données d'objets NSM;
b) adoption du modèle UML pour la description des objets NSM;
c) traduction des MIB de protocole SNMP inclus comme composantes de code

Upravljanje elektroenergetskega sistema in pripadajoča izmenjava informacij - Varnost podatkov in komunikacij - 7. del: Podatkovni modeli pri upravljanju omrežij in sistemov (NSM) (IEC 62351-7:2025)

General Information

Status
Published
Public Enquiry End Date
29-Apr-2024
Publication Date
18-Feb-2026
ICS
29.240.30 - Control equipment for electric power systems
 
35.240.50 - IT applications in industry
Technical Committee
PSE - Power systems management
Current Stage
6060 - National Implementation/Publication (Adopted Project)
Start Date
05-Feb-2026
Due Date
12-Apr-2026
Completion Date
19-Feb-2026
Mandate
M/490 - Standardisation mandate to the European Standardisation Organisations (ESOs) to support European Smart Grid deployment
Ref Project
EN IEC 62351-7:2026 - Power systems management and associated information exchange - Data and communications security - Part 7: Network and System Management (NSM) data object models

Relations

Replaces
SIST EN 62351-7:2018 - Power systems management and associated information exchange - Data and communications security - Part 7: Network and System management (NSM) data object models
Effective Date
01-Apr-2026
Refers
SIST EN 13858:2004 - Corrosion protection of metals - Non-electrolytically applied zinc flake coatings on iron or steel components
Effective Date
09-Feb-2026
Refers
SIST EN IEC 62351-3:2023 - Power systems management and associated information exchange - Data and communications security - Part 3: Communication network and system security - Profiles including TCP/IP (IEC 62351-3:2023)
Effective Date
03-Feb-2026
Refers
SIST EN IEC 62351-5:2023 - Power systems management and associated information exchange - Data and communications security - Part 5: Security for IEC 60870-5 and derivatives (IEC 62351-5:2023)
Effective Date
03-Feb-2026
Refers
SIST EN IEC 62351-8:2020 - Power systems management and associated information exchange - Data and communications security - Part 8: Role-based access control for power system management
Effective Date
03-Feb-2026
Refers
SIST EN IEC 62351-4:2019 - Power systems management and associated information exchange - Data and communications security - Part 4: Profiles including MMS and derivatives
Effective Date
03-Feb-2026
Refers
SIST EN IEC 62351-9:2023 - Power systems management and associated information exchange - Data and communications security - Part 9: Cyber security key management for power system equipment (IEC 62351-9:2023)
Effective Date
03-Feb-2026
Referred By
SIST EN 62351-3:2015/A2:2020 - Power systems management and associated information exchange - Data and communications security - Part 3: Communication network and system security - Profiles including TCP/IP
Effective Date
03-Feb-2026
Referred By
SIST-TP CLC IEC/TR 62541-2:2021 - OPC unified architecture - Part 2: Security Model (IEC/TR 62541-2:2020)
Effective Date
03-Feb-2026

Overview

kSIST FprEN IEC 62351-7:2025 is an essential standard published by the CLC that focuses on power systems management and associated information exchange, with a specific emphasis on data and communications security. This part 7 of the IEC 62351 series defines the Network and System Management (NSM) data object models tailored for power system operations. It provides a structured framework to monitor the health, security, and performance of networks and critical power system components such as Intelligent Electronic Devices (IEDs), Remote Terminal Units (RTUs), and Distributed Energy Resources (DERs).

In response to the growing digitalization in power system infrastructure, including communication networks and automation protocols, IEC 62351-7:2026 sets out abstract data models to ensure reliable remote monitoring and management of information infrastructure. This standard enhances overall operational security, enabling the detection of intrusions and coordination of resilience strategies.

Key Topics

Network and System Management (NSM) Data Models

  • Abstract object models designed for managing power system devices.
  • Enable remote surveillance of device condition including CPU, memory, and environmental status.
  • Adopt IEC 61850 naming conventions expanded for NSM-specific issues.

Protocols and Communication

  • Supports monitoring protocols like IEC 61850, IEC 60870-5-104, and IEEE 1815 DNP3.
  • Provides mapping of NSM objects to the Simple Network Management Protocol (SNMP) using Management Information Bases (MIBs).
  • Addresses the need for specialized monitoring of power system devices beyond existing network monitoring protocols such as SNMP.

Security and Intrusion Detection

  • Incorporates detection functions for unauthorized access, denial-of-service (DoS) attacks, and buffer overflow attacks.
  • Describes Intrusion Detection Systems (IDS) tailored for power systems.
  • Outlines guidelines for end-to-end security monitoring.

UML Modeling and SNMP Integration

  • Utilizes Unified Modeling Language (UML) to describe NSM objects.
  • Translates UML object models into SNMP MIBs for network management system compatibility.
  • Provides code components and mappings to facilitate implementation.

System and Network Health Monitoring

  • Covers device-specific data such as CPU usage, storage, interface performance, and clock synchronization status.
  • Includes environmental monitoring objects capturing physical health indicators.
  • Supports managing communication networks through configuration monitoring and failure detection.

Applications

kSIST FprEN IEC 62351-7:2025 is highly applicable in the secure and reliable operation of modern power systems by enabling:

  • Remote Monitoring of Power Infrastructure: Utilities and operators can remotely track the status and health of critical devices like IEDs, RTUs, and DERs.
  • Cybersecurity Defense: By embedding intrusion detection and secure communication monitoring, it strengthens defenses against cyber threats targeting the power grid.
  • Network Performance Management: Real-time detection of communication link degradation or failures ensures continuous data exchange necessary for grid stability.
  • Standardized Device Management: Using a harmonized data model supports interoperability across vendors and systems, facilitating integration in complex power system environments.
  • Compliance and Risk Mitigation: Utilities can meet regulatory security requirements related to power system communication and control infrastructures.

This standard is particularly relevant for electric utilities, grid operators, telecontrol engineers, cybersecurity professionals, and vendors providing equipment and software solutions for power system automation and security.

Related Standards

  • IEC 61850: Communication networks and systems for power utility automation.
  • IEC 60870-5-104: Telecontrol protocol used in supervisory control and data acquisition (SCADA) systems.
  • IEEE 1815 (DNP3): Distributed Network Protocol used for communications in electric utilities.
  • IEC 62351-3: Security for profiles including security mechanisms for IEC 61850.
  • IETF SNMP Standards: Simple Network Management Protocol for network device management.

By aligning with these standards, kSIST FprEN IEC 62351-7:2025 provides a comprehensive approach to enhancing data and communications security within power systems, ensuring robust and interoperable network and system management practices.

Keywords: IEC 62351-7, Network and System Management, NSM data objects, power systems security, intelligent electronic devices, remote terminal units, distributed energy resources, IEC 61850, IEC 60870-5-104, IEEE 1815 DNP3, SNMP, intrusion detection, cyber security in power systems, telecontrol security, power grid data models

Buy Documents

SIST EN IEC 62351-7:2026 - BARVE - Page 1 previewSIST EN IEC 62351-7:2026 - BARVE - Page 2 previewSIST EN IEC 62351-7:2026 - BARVE - Page 3 previewSIST EN IEC 62351-7:2026 - BARVE - Page 4 preview
PreviousNext
Standard

SIST EN IEC 62351-7:2026 - BARVE

English language (135 pages)
Preview
Preview
e-Library read for
1 day

Get Certified

Connect with accredited certification bodies for this standard

BSI Group

BSI (British Standards Institution) is the business standards company that helps organizations make excellence a habit.

UKAS United Kingdom Verified
Visit Website

Intertek Testing Services NA Inc.

Intertek certification services in North America.

ANAB United States Verified
Visit Website

UL Solutions

Global safety science company with testing, inspection and certification.

ANAB United States Verified
Visit Website

Sponsored listings

Frequently Asked Questions

SIST EN IEC 62351-7:2026 is a standard published by the Slovenian Institute for Standardization (SIST). Its full title is "Power systems management and associated information exchange - Data and communications security - Part 7: Network and system management (NSM) data object models (IEC 62351-7:2025)". This standard covers: IEC 62351-7:2025 defines network and system management (NSM) data object models that are specific to power system operations. These NSM data objects will be used to monitor the health of networks and systems, to detect possible security intrusions, and to manage the performance and reliability of the information infrastructure. The goal is to define a set of abstract objects that will allow the remote monitoring of the health and condition of IEDs (Intelligent Electronic Devices), RTUs (Remote Terminal Units), DERs (Distributed Energy Resources) systems and other systems that are important to power system operations. Power systems operations are increasingly reliant on information infrastructures, including communication networks, IEDs, and self-defining communication protocols. Therefore, management of the information infrastructure has become crucial to providing the necessary high levels of security and reliability in power system operations. The telecommunication infrastructure that is in use for the transport of telecontrol and automation protocols is already subject to health and condition monitoring control, using the concepts developed in the IETF Simple Network Management Protocol (SNMP) standards for network management. However, power system specific devices (like teleprotection, telecontrol, substation automation, synchrophasors, inverters and protections) need instead a specific solution for monitoring their health. The NSM objects provide monitoring data for IEC protocols used for power systems (IEC 61850, IEC 60870-5-104) and device specific environmental and security status. As a derivative of IEC 60870-5-104, IEEE 1815 DNP3 is also included in the list of monitored protocols. The NSM data objects use the naming conventions developed for IEC 61850, expanded to address NSM issues. For the sake of generality these data objects, and the data types of which they are comprised, are defined as abstract models of data objects. In addition to the abstract model, in order to allow the integration of the monitoring of power system devices within the NSM environment in this part of IEC 62351, a mapping of objects to the SNMP protocol of Management Information Base (MIBs) is provided. The objects that are already covered by existing MIBs are not defined here but are expected to be compliant with existing MIB standards. For example protocols including EST, SCEP, RADIUS, LDAP, GDOI are not in scope. This edition of IEC 62351-7 cancels and replaces IEC 62351-7 published in 2017. This new edition constitutes a technical revision and includes the following significant technical changes with respect to IEC 62351-7: a) Reviewed and enriched the NSM object data model; b) UML model adopted for NSM objects description; c) SNMP protocol MIBs translation included as Code Components

IEC 62351-7:2025 defines network and system management (NSM) data object models that are specific to power system operations. These NSM data objects will be used to monitor the health of networks and systems, to detect possible security intrusions, and to manage the performance and reliability of the information infrastructure. The goal is to define a set of abstract objects that will allow the remote monitoring of the health and condition of IEDs (Intelligent Electronic Devices), RTUs (Remote Terminal Units), DERs (Distributed Energy Resources) systems and other systems that are important to power system operations. Power systems operations are increasingly reliant on information infrastructures, including communication networks, IEDs, and self-defining communication protocols. Therefore, management of the information infrastructure has become crucial to providing the necessary high levels of security and reliability in power system operations. The telecommunication infrastructure that is in use for the transport of telecontrol and automation protocols is already subject to health and condition monitoring control, using the concepts developed in the IETF Simple Network Management Protocol (SNMP) standards for network management. However, power system specific devices (like teleprotection, telecontrol, substation automation, synchrophasors, inverters and protections) need instead a specific solution for monitoring their health. The NSM objects provide monitoring data for IEC protocols used for power systems (IEC 61850, IEC 60870-5-104) and device specific environmental and security status. As a derivative of IEC 60870-5-104, IEEE 1815 DNP3 is also included in the list of monitored protocols. The NSM data objects use the naming conventions developed for IEC 61850, expanded to address NSM issues. For the sake of generality these data objects, and the data types of which they are comprised, are defined as abstract models of data objects. In addition to the abstract model, in order to allow the integration of the monitoring of power system devices within the NSM environment in this part of IEC 62351, a mapping of objects to the SNMP protocol of Management Information Base (MIBs) is provided. The objects that are already covered by existing MIBs are not defined here but are expected to be compliant with existing MIB standards. For example protocols including EST, SCEP, RADIUS, LDAP, GDOI are not in scope. This edition of IEC 62351-7 cancels and replaces IEC 62351-7 published in 2017. This new edition constitutes a technical revision and includes the following significant technical changes with respect to IEC 62351-7: a) Reviewed and enriched the NSM object data model; b) UML model adopted for NSM objects description; c) SNMP protocol MIBs translation included as Code Components

SIST EN IEC 62351-7:2026 is classified under the following ICS (International Classification for Standards) categories: 29.240.30 - Control equipment for electric power systems; 35.240.50 - IT applications in industry. The ICS classification helps identify the subject area and facilitates finding related standards.

SIST EN IEC 62351-7:2026 has the following relationships with other standards: It is inter standard links to SIST EN 62351-7:2018, SIST EN 13858:2004, SIST EN IEC 62351-3:2023, SIST EN IEC 62351-5:2023, SIST EN IEC 62351-8:2020, SIST EN IEC 62351-4:2019, SIST EN IEC 62351-9:2023, SIST EN 62351-3:2015/A2:2020, SIST-TP CLC IEC/TR 62541-2:2021. Understanding these relationships helps ensure you are using the most current and applicable version of the standard.

SIST EN IEC 62351-7:2026 is associated with the following European legislation: Standardization Mandates: M/490. When a standard is cited in the Official Journal of the European Union, products manufactured in conformity with it benefit from a presumption of conformity with the essential requirements of the corresponding EU directive or regulation.

SIST EN IEC 62351-7:2026 is available in PDF format for immediate download after purchase. The document can be added to your cart and obtained through the secure checkout process. Digital delivery ensures instant access to the complete standard document.

Standards Content (Sample)


SLOVENSKI STANDARD
01-april-2026
Nadomešča:
SIST EN 62351-7:2018
Upravljanje elektroenergetskega sistema in pripadajoča izmenjava informacij -
Varnost podatkov in komunikacij - 7. del: Podatkovni modeli pri upravljanju
omrežij in sistemov (NSM) (IEC 62351-7:2025)
Power systems management and associated information exchange - Data and
communications security - Part 7: Network and system management (NSM) data object
models (IEC 62351-7:2025)
Datenmodelle, Schnittstellen und Informationsaustausch für Planung und Betrieb von
Energieversorgungsunternehmen – Daten- und Kommunikationssicherheit - Teil 7:
Datenobjektmodelle für Netzwerk- und Systemmanagement (NSM) (IEC 62351-7:2025)
Gestion des systèmes de puissance et échanges d'informations associés - Sécurité des
communications et des données - Partie 7: Modèles d’objets de données de gestion de
réseaux et de systèmes (NSM) (IEC 62351-7:2025)
Ta slovenski standard je istoveten z: EN IEC 62351-7:2026
ICS:
29.240.30 Krmilna oprema za Control equipment for electric
elektroenergetske sisteme power systems
35.240.50 Uporabniške rešitve IT v IT applications in industry
industriji
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EUROPEAN STANDARD EN IEC 62351-7

NORME EUROPÉENNE
EUROPÄISCHE NORM January 2026
ICS 33.200 Supersedes EN 62351-7:2017
English Version
Power systems management and associated information
exchange - Data and communications security - Part 7: Network
and System Management (NSM) data object models
(IEC 62351-7:2025)
Gestion des systèmes de puissance et échanges Datenmodelle, Schnittstellen und Informationsaustausch für
d'informations associés - Sécurité des communications et Planung und Betrieb von Energieversorgungsunternehmen
des données - Partie 7: Modèles d'objets de données de - Daten- und Kommunikationssicherheit - Teil 7:
gestion de réseaux et de systèmes (NSM) Datenobjektmodelle für Netzwerk- und Systemmanagement
(IEC 62351-7:2025) (NSM)
(IEC 62351-7:2025)
This European Standard was approved by CENELEC on 2026-01-07. CENELEC members are bound to comply with the CEN/CENELEC
Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.
Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC
Management Centre or to any CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the
same status as the official versions.
CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,
Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the
Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Türkiye and the United Kingdom.

European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2026 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.
Ref. No. EN IEC 62351-7:2026 E

European foreword
The text of document 57/2798/FDIS, future edition 2 of IEC 62351-7, prepared by TC 57 "Power
systems management and associated information exchange" was submitted to the IEC-CENELEC
parallel vote and approved by CENELEC as EN IEC 62351-7:2026.
The following dates are fixed:
• latest date by which the document has to be implemented at national (dop) 2027-01-31
level by publication of an identical national standard or by endorsement
• latest date by which the national standards conflicting with the (dow) 2029-01-31
document have to be withdrawn
This document supersedes EN 62351-7:2017 and all of its amendments and corrigenda (if any).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CENELEC shall not be held responsible for identifying any or all such patent rights.
This document has been prepared under a standardization request addressed to CENELEC by the
European Commission. The Standing Committee of the EFTA States subsequently approves these
requests for its Member States.
Any feedback and questions on this document should be directed to the users’ national committee. A
complete listing of these bodies can be found on the CENELEC website.
Endorsement notice
The text of the International Standard IEC 62351-7:2025 was approved by CENELEC as a European
Standard without any modification.
In the official version, for Bibliography, the following notes have to be added for the standard indicated:
IEC 61850-7-2 NOTE Approved as EN 61850-7-2
IEC 61850-7-4 NOTE Approved as EN 61850-7-4
IEC 61850-8-1 NOTE Approved as EN 61850-8-1
IEC 61850-9-2 NOTE Approved as EN 61850-9-2
Annex ZA
(normative)
Normative references to international publications
with their corresponding European publications
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments)
applies.
NOTE 1  Where an International Publication has been modified by common modifications, indicated by (mod),
the relevant EN/HD applies.
NOTE 2  Up-to-date information on the latest versions of the European Standards listed in this annex is available
here: www.cencenelec.eu.
Publication Year Title EN/HD Year
IEC/TS 62351-1 -  Power systems management and - -
associated information exchange - Data
and communications security - Part 1:
Communication network and system
security - Introduction to security issues
IEC/TS 62351-2 -  Power systems management and - -
associated information exchange - Data
and communications security - Part 2:
Glossary of terms
IEC 62351-3 -  Power systems management and EN IEC 62351-3 -
associated information exchange - Data
and communications security - Part 3:
Communication network and system
security - Profiles including TCP/IP
IEC 62351-4 -  Power systems management and EN IEC 62351-4 -
associated information exchange - Data
and communications security - Part 4:
Profiles including MMS and derivatives
IEC 62351-5 2023 Power systems management and EN IEC 62351-5 2023
associated information exchange - Data
and communications security - Part 5:
Security for IEC 60870-5 and derivatives
IEC 62351-8 -  Power systems management and EN IEC 62351-8 -
associated information exchange - Data
and communications security - Part 8:
Role-based access control for power
system management
IEC 62351-9 -  Power systems management and EN IEC 62351-9 -
associated information exchange - Data
and communications security - Part 9:
Cyber security key management for power
system equipment
IEEE 754 2008 IEEE Standard for Binary Floating-Point - -
Arithmetic
IETF RFC 2578 -  Structure of Management Information - -
Version 2 (SMIv2), April 1999,
http://tools.ietf.org/html/rfc2578
Publication Year Title EN/HD Year
IETF RFC 3414 -  User-based Security Model (USM) for - -
version 3 of the Simple Network
Management Protocol (SNMPv3),
December 2002,
http://tools.ietf.org/rfc/rfc3414
IETF RFC 3826 -  The Advanced Encryption Standard (AES) - -
Cipher Algorithm in the SNMP User-based
Security Model, June 2004, http://www.rfc-
editor.org/rfc/rfc3826
IETF RFC 4022 -  Management Information Base for the - -
Transmission Control Protocol (TCP),
March 2005,
http://tools.ietf.org/html/rfc4022
IETF RFC 4113 -  Management Information Base for the User - -
Datagram Protocol (UDP), June 2005,
http://tools.ietf.org/html/rfc4113
IETF RFC 4292 -  IP Forwarding Table MIB, April 2006, - -
http://www.rfc-editor.org/rfc/rfc4292
IETF RFC 4293 -  Management Information Base for the - -
Internet Protocol (IP), April 2006,
http://tools.ietf.org/rfc/rfc4293
IETF RFC 4898 -  TCP Extended Statistics MIB, May 2007, - -
http://tools.ietf.org/rfc/rfc4898
IETF RFC 5132 -  IP Multicast MIB, December 2007, - -
http://tools.ietf.org/rfc/rfc5132
IETF RFC 5905 -  Network Time Protocol Version_4: Protocol - -
and Algorithms Specification
IETF RFC 5590 -  Transport Subsystem for the Simple - -
Network Management Protocol (SNMP),
June 2009, http://tools.ietf.org/rfc/rfc5590
IETF RFC 5591 -  Transport Security Model for the Simple - -
Network Management Protocol (SNMP),
June 2009, http://tools.ietf.org/rfc/rfc5591
IETF RFC 5592 -  Secure Shell Transport Model for the - -
Simple Network Management Protocol
(SNMP), June 2009, http://www.rfc-
editor.org/rfc/rfc5592
IETF RFC 5953 -  Transport Layer Security (TLS) Transport - -
Model for the Simple Network
Management Protocol (SNMP), August
2010, http://www.rfc-editor.org/rfc/rfc5953
IETF RFC 6347 -  Datagram Transport Layer Security - -
Version 1.2, January 2012,
http://tools.ietf.org/rfc/rfc6347
IETF RFC 6353 -  Transport Layer Security (TLS) Transport - -
Model for the Simple Network
Management Protocol (SNMP), July 2011,
http://tools.ietf.org/rfc/rfc6353
IETF RFC 7860 -  HMAC-SHA-2, Authentication Protocols in - -
User-Based Security Model (USM) for
SNMPv3, April 2016,
http://tools.ietf.org/rfc/rfc7860
IETF RFC 8915 -  Protocol Security for the Network Time - -
Protocol, September 2020,
http://tools.ietf.org/rfc/rfc8915

IEC 62351-7 ®
Edition 2.0 2025-12
INTERNATIONAL
STANDARD
Power systems management and associated information exchange - Data and
communications security -
Part 7: Network and System Management (NSM) data object models
ICS 33.200  ISBN 978-2-8327-0699-2

IEC 62351-7:2025-12(en)
IEC 62351-7:2025 © IEC 2025
CONTENTS
FOREWORD . 8
1 Scope . 10
2 Normative references . 10
3 Terms and definitions . 12
4 Abbreviated terms and acronyms . 14
5 Overview of Network and System Management (NSM). 14
5.1 Objectives . 14
5.2 NSM concepts . 16
5.2.1 Simple Network Management Protocol (SNMP) . 16
5.2.2 ISO NSM categories . 16
5.2.3 NSM "data objects" for power system operations . 16
5.2.4 Other NSM protocols . 17
5.3 Communication network management . 17
5.3.1 Network configuration . 17
5.3.2 Network backup . 17
5.3.3 Communications failures and degradation . 18
5.4 Communication protocols . 18
5.5 End systems management . 19
5.6 Intrusion detection systems (IDS) . 20
5.6.1 IDS guidelines . 20
5.6.2 IDS: Passive observation techniques . 21
5.6.3 IDS: Active security monitoring architecture with NSM data objects . 21
5.7 End-to-end security . 22
5.7.1 End-to-end security concepts . 22
5.7.2 Role of NSM in end-to-end security . 23
5.8 NSM requirements: detection functions . 25
5.8.1 Detecting unauthorized access . 25
5.8.2 Detecting resource exhaustion as a denial of service (DoS) attack . 25
5.8.3 Detecting invalid buffer access DoS attacks . 26
5.8.4 Detecting tampered/malformed PDUs . 26
5.8.5 Detecting physical access disruption . 26
5.8.6 Detecting invalid network access . 27
5.8.7 Detecting coordinated attacks . 27
5.9 Abstract object and agent UML descriptions . 28
5.9.1 Purpose of UML . 28
5.9.2 Abstract types and base types . 28
5.9.3 Enumerated Types . 29
5.9.4 Abstract agents. 29
5.9.5 Unsolicited Event Notification . 32
5.9.6 UML Model extension . 32
5.10 Abstract Object UML translation to SNMP . 33
5.10.1 Simple Network Management Protocol (SNMP) . 33
5.10.2 Management information bases (MIBs). 33
5.11 SNMP mapping of UML model Objects . 34
5.12 SNMP Security . 36
6 Abstract objects . 38
IEC 62351-7:2025 © IEC 2025
6.1 General . 38
6.2 Package Abstract Types . 39
6.2.1 General. 39
6.2.2 BooleanValue . 39
6.2.3 BooleanValueTs . 39
6.2.4 CounterTs . 40
6.2.5 CntRs . 40
6.2.6 Floating . 40
6.2.7 FloatingTs . 41
6.2.8 EntityIndex . 41
6.2.9 Integer . 41
6.2.10 IntegerTs . 41
6.2.11 InetAddress . 42
6.2.12 InetAddressType . 42
6.2.13 MacAddress . 42
6.2.14 Selector . 43
6.2.15 Timestamp . 43
6.2.16 CharString. 43
6.2.17 CharStringTs . 43
6.2.18 AbstractBaseType root class . 44
6.2.19 AbstractAgent root class . 44
6.3 Package EnumeratedTypes . 44
6.3.1 General. 44
6.3.2 AppDatStKind enumeration . 44
6.3.3 PhyHealthKind enumeration . 44
6.3.4 ExtKind enumeration . 45
6.3.5 IntKind enumeration . 45
6.3.6 LnkKind enumeration . 45
6.3.7 PSPAccKind enumeration . 46
6.3.8 ProtIdKind enumeration . 46
6.3.9 EventKind enumeration. 46
6.3.10 TimSyncIssueKind enumeration . 47
6.3.11 SecurityProfileKind enumeration . 47
6.3.12 TimSyncSrcKind enumeration. 47
6.3.13 AppDatStType . 48
6.3.14 PhyHealthType . 48
6.3.15 ExtType . 48
6.3.16 IntType . 49
6.3.17 EventType . 49
6.3.18 PSPAccType . 49
6.3.19 ProtIdType . 49
6.3.20 TimSyncIssueType . 50
6.3.21 SecurityProfileType . 50
6.3.22 TimSyncSrcType . 50
6.3.23 GseSubsStKind enumeration . 50
6.3.24 GseSubsStType . 51
6.3.25 LnkType . 51
7 Agents . 51
IEC 62351-7:2025 © IEC 2025
7.1 Package Overview . 51
7.2 Package Environmental Agent . 52
7.2.1 General. 52
7.2.2 (nsmAgent) Environmental . 53
7.2.3 (nsmEntry) PSUPEntry . 54
7.2.4 (nsmEvent) Notification . 54
7.2.5 (nsmEvent) SecurityNotification . 55
7.3 Package IED Agent . 55
7.3.1 General. 55
7.3.2 (nsmAgent) IED . 56
7.3.3 (nsmEntry) CPUEntry . 58
7.3.4 (nsmEntry) EXTEntry . 58
7.3.5 (nsmEntry) STOREEntry . 59
7.3.6 (nsmEvent) Notification . 59
7.3.7 (nsmEvent) SecurityNotification . 60
7.4 Package Application Protocols Agents . 60
7.4.1 General. 60
7.4.2 Package Common objects . 61
7.4.3 Package IEC62351-3 ed.2 Agent . 62
7.4.4 Package IEEE 1815 and IEC 60870-5 Agent . 74
7.4.5 Package IEEE 1815 and IEC 60870-5 Agent – ed2 . 84
7.4.6 Package IEC61850 Agent . 96
7.5 Package Interfaces Agent . 117
7.5.1 General. 117
7.5.2 Interface . 118
7.5.3 (nsmAgent) Interfaces . 119
7.5.4 (nsmEntry) ETHEntry . 120
7.5.5 (nsmEntry) KEYEntry . 120
7.5.6 (nsmEntry) SEREntry . 120
7.5.7 (nsmEntry) ALGEntry . 121
7.5.8 (nsmEntry) USBEntry . 121
7.5.9 (nsmEvent) Notification . 121
7.6 Package Clocks Agent . 122
7.6.1 General. 122
7.6.2 (nsmAgent) Clock . 123
7.6.3 (nsmEntry) ClockEntry . 123
7.6.4 (nsmEvent) SecurityNotification . 124
7.7 Network and Transport Agents . 124
7.7.1 TCP . 124
7.7.2 User Datagram Protocol (UDP) . 125
7.7.3 IP . 125
8 SNMP security . 125
9 Secured time synchronization . 126
Annex A (informative) Mapping of relevant IEC 61850 Objects . 127
Bibliography . 128

Figure 1 – Example of a power system SCADA architecture extended with NSM Data
Objects. 15
IEC 62351-7:2025 © IEC 2025
Figure 2 – IDS Information exchange between applications: generic communication
topology . 20
Figure 3 – Active security monitoring architecture with NSM data objects . 22
Figure 4 – Comparison of NSM data objects with IEC 61850 objects . 24
Figure 5 – Management of both the power system infrastructure and the information
infrastructure . 24
Figure 6 – Abstract types . 28
Figure 7 – Enumerated types . 29
Figure 8 – Subagents . 30
Figure 9 – Environmental agent . 31
Figure 10 – Model stereotypes . 32
Figure 11 – Object identifier structure . 34
Figure 12 – SNMP table . 36
Figure 13 – SNMP RFCs map and security. 37
Figure 14 – SNMP Entity . 38
Figure 15 – Class diagram Overview::Part7 Classes Overview . 52
Figure 16 – Class diagram Environmental Agent::Environmental . 53
Figure 17 – Class diagram IED Agent::IED . 56
Figure 18 – Class diagram Common objects::Application Protocol common objects . 61
Figure 19 – Class diagram IEC62351-3 ed.2 Agent::IEC 62351-3 ed.2 Agent
Relationships . 63
Figure 20 – Class diagram IEEE 1815 and IEC 60870-5 Agent::IEEE 1815 and
IEC 60870-5 Agent . 75
Figure 21 – Class diagram IEEE 1815 and IEC 60870-5 Agent – ed2::IEEE 1815 and
IEC 60870 Agent Relationships . 85
Figure 22 – Class diagram ACSI::ACSI . 97
Figure 23 – Class diagram MMS::MMS . 99
Figure 24 – Class diagram SV and GSE common objects::SV and GSE common
objects . 104
Figure 25 – Class diagram SV::SV . 106
Figure 26 – Class diagram GSE::GSE . 111
Figure 27 – Class diagram Interfaces Agent::Interfaces . 118
Figure 28 – Class diagram Clocks Agent::Clocks Agent . 122

Table 1 – Attributes of Abstract Types::BooleanValue . 39
Table 2 – Attributes of Abstract Types::BooleanValueTs . 40
Table 3 – Attributes of Abstract Types::CounterTs . 40
Table 4 – Attributes of Abstract Types::CntRs . 40
Table 5 – Attributes of Abstract Types::Floating . 40
Table 6 – Attributes of Abstract Types::FloatingTs . 41
Table 7 – Attributes of Abstract Types::EntityIndex . 41
Table 8 – Attributes of Abstract Types::Integer . 41
Table 9 – Attributes of Abstract Types::IntegerTs . 42
Table 10 – Attributes of Abstract Types::InetAddress . 42
IEC 62351-7:2025 © IEC 2025
Table 11 – Attributes of Abstract Types::InetAddressType . 42
Table 12 – Attributes of Abstract Types::MacAddress . 43
Table 13 – Attributes of Abstract Types::Selector . 43
Table 14 – Attributes of Abstract Types::Timestamp . 43
Table 15 – Attributes of Abstract Types::CharString . 43
Table 16 – Attributes of Abstract Types::CharStringTs. 44
Table 17 – Literals of EnumeratedTypes::AppDatStKind . 44
Table 18 – Literals of EnumeratedTypes::PhyHealthKind . 45
Table 19 – Literals of EnumeratedTypes::ExtKind . 45
Table 20 – Literals of EnumeratedTypes::IntKind . 45
Table 21 – Literals of EnumeratedTypes::LnkKind. 45
Table 22 – Literals of EnumeratedTypes::PSPAccKind . 46
Table 23 – Literals of EnumeratedTypes::ProtIdKind . 46
Table 24 – Literals of EnumeratedTypes::EventKind . 46
Table 25 – Literals of EnumeratedTypes::TimSyncIssueKind. 47
Table 26 – Literals of EnumeratedTypes::SecurityProfileKind . 47
Table 27 – Literals of EnumeratedTypes::TimSyncSrcKind . 47
Table 28 – Attributes of EnumeratedTypes::AppDatStType . 48
Table 29 – Attributes of EnumeratedTypes::PhyHealthType . 48
Table 30 – Attributes of EnumeratedTypes::ExtType . 48
Table 31 – Attributes of EnumeratedTypes::IntType . 49
Table 32 – Attributes of EnumeratedTypes::EventType . 49
Table 33 – Attributes of EnumeratedTypes::PSPAccType . 49
Table 34 – Attributes of EnumeratedTypes::ProtIdType . 49
Table 35 – Attributes of EnumeratedTypes::TimSyncIssueType . 50
Table 36 – Attributes of EnumeratedTypes::SecurityProfileType . 50
Table 37 – Attributes of EnumeratedTypes::TimSyncSrcType . 50
Table 38 – Literals of EnumeratedTypes::GseSubsStKind. 50
Table 39 – Attributes of EnumeratedTypes::GseSubsStType . 51
Table 40 – Attributes of EnumeratedTypes::LnkType . 51
Table 41 – Attributes of Environmental Agent::Environmental. 54
Table 42 – Attributes of Environmental Agent::PSUPEntry . 54
Table 43 – Attributes of Environmental Agent::Notification . 55
Table 44 – Attributes of Environmental Agent::SecurityNotification . 55
Table 45 – Attributes of IED Agent::IED . 57
Table 46 – Attributes of IED Agent::CPUEntry . 58
Table 47 – Attributes of IED Agent::EXTEntry . 59
Table 48 – Attributes of IED Agent::STOREEntry . 59
Table 49 – Attributes of IED Agent::Notification . 60
Table 50 – Attributes of IED Agent::SecurityNotification . 60
Table 51 – Attributes of Common objects::CommonProtocolInfo . 62
Table 52 – Attributes of IEC62351-3 ed.2 Agent::IEC62351-3ed2security . 64
Table 53 – Attributes of IEC62351-3 ed.2 Agent::TLSSession . 66
IEC 62351-7:2025 © IEC 2025
Table 54 – Attributes of IEC62351-3 ed.2 Agent::Summary . 68
Table 55 – Attributes of IEC62351-3 ed.2 Agent::IEC62351part3ed2SecurityNotification . 70
Table 56 – Attributes of IEC62351-3 ed.2 Agent::ClientTLS . 71
Table 57 – Attributes of IEC62351-3 ed.2 Agent::ServerTLS . 73
Table 58 – Attributes of IEEE 1815 and IEC 60870-5 Agent::60870andDNPProtocolInfo . 76
Table 59 – Attributes of IEEE 1815 and IEC 60870-5 Agent::Association . 77
Table 60 – Attributes of IEEE 1815 and IEC 60870-5 Agent::Summary . 79
Table 61 – Attributes of IEEE 1815 and IEC 60870-5
Agent::60870andDNPSecurityNotification. 80
Table 62 – Attributes of IEEE 1815 and IEC 60870-5 Agent::60870andDNPNotification . 81
Table 63 – Attributes of IEEE 1815 and IEC 60870-5 Agent::MasterAssociation . 81
Table 64 – Attributes of IEEE 1815 and IEC 60870-5 Agent::OutstationAssociation . 83
Table 65 – Attributes of IEEE 1815 and IEC 60870-5 Agent –
ed2::60870andDNPProtocolInfoEd2 . 86
Table 66 – Attributes of IEEE 1815 and IEC 60870-5 Agent – ed2::IEC62351part5 . 87
Table 67 – Attributes of IEEE 1815 and IEC 60870-5 Agent – ed2::Association . 88
Table 68 – Attributes of IEEE 1815 and IEC 60870-5 Agent – ed2::Summary . 90
Table 69 – Attributes of IEEE 1815 and IEC 60870-5 Agent –
ed2::60870andDNPSecurityNotificationEd2 . 92
Table 70 – Attributes of IEEE 1815 and IEC 60870-5 Agent – ed2::MasterAssociation . 92
Table 71 – Attributes of IEEE 1815 and IEC 60870-5 Agent –
ed2::OutstationAssociation . 94
Table 72 – Attributes of ACSI::ACSISummary . 97
Table 73 – Attributes of MMS::MMSProtocolInfo . 100
Table 74 – Attributes of MMS::MMSProvider . 101
Table 75 – Attributes of MMS::MMSAssociation . 102
Table 76 – Attributes of MMS::MMSSecurityNotification. 103
Table 77 – Attributes of MMS::MMSNotification . 104
Table 78 – Attributes of SV and GSE common objects::GSEandSVCommon . 105
Table 79 – Attributes of SV and GSE common
objects::GSEandSVPublisherAssociation . 105
Table 80 – Attributes of SV and GSE common
objects::GSEandSVSubscriberAssociation . 105
Table 81 – Attributes of SV::SVProvider. 107
Table 82 – Attributes of SV::SVPublisherAssociationIP. 107
Table 83 – Attributes of SV::SVPublisherAssociationL2 . 108
Table 84 – Attributes of SV::SVSubcriberAssociationIP . 109
Table 85 – Attributes of SV::SVSubcriberAssociationL2 . 109
Table 86 – Attributes of SV::SVNotification . 110
Table 87 – Attributes of GSE::GSESubscriberAssociation . 112
Table 88 – Attributes of GSE::GSEProvider . 113
Table 89 – Attributes of GSE::GSEPublisherAssociationIP . 114
Table 90 – Attributes of GSE::GSEPublisherAssociationL2 . 114
Table 91 – Attributes of GSE::GSESubcriberAssociationIP . 115
IEC 62351-7:2025 © IEC 2025
Table 92 – Attributes of GSE::GSESubcriberAssociationL2 . 116
Table 93 – Attributes of GSE::GSENotification . 117
Table 94 – Attributes of Interfaces Agent::Interface . 119
Table 95 – Attributes of Interfaces Agent::Interfaces . 119
Table 96 – Attributes of Interfaces Agent::ETHEntry . 120
Table 97 – Attributes of Interfaces Agent::KEYEntry . 120
Table 98 – Attributes of Interfaces Agent::SEREntry . 120
Table 99 – Attributes of Interfaces Agent::ALGEntry . 121
Table 100 – Attributes of Interfaces Agent::USBEntry . 121
Table 101 – Attributes of Interfaces Agent::Notification . 122
Table 102 – Attributes of Clocks Agent::Clock . 123
Table 103 – Attributes of Clocks Agent::ClockEntry . 123
Table 104 – Attributes of Clocks Agent::SecurityNotification . 124
Table A.1 – IEC 61850-7-4 objects mapping . 127

IEC 62351-7:2025 © IEC 2025
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
Power systems management and associated information exchange -
Data and communications security -
Part 7: Network and System Management (NSM) data object models

FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote international
co-operation on all questions concerning standardization in the electrical and electronic fields. To this end and
in addition to other activities, IEC publishes International Standards, Technical Specifications, Technical Reports,
Publicly Available Specifications (PAS) and Guides (hereafter referred to as "IEC Publication(s)"). Their
preparation is entrusted to technical committees; any IEC National Committee interested in the subject dealt with
may participate in this preparatory work. International, governmental and non-governmental organizations liaising
with the IEC also participate in this preparation. IEC collaborates closely with the International Organization for
Standardization (ISO) in accordance with conditions determined by agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
tran
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

Loading comments...