oSIST prEN IEC 63452:2025
(Main)Railway applications - Cybersecurity
Railway applications - Cybersecurity
Bahnanwendungen - Cybersecurity
Applications ferroviaires - Cybersécurité
Železniške naprave - Kibernetska varnost
General Information
- Status
- Not Published
- Public Enquiry End Date
- 30-Sep-2025
- Technical Committee
- ŽEN - Electrical applications for railways
- Current Stage
- 4020 - Public enquire (PE) (Adopted Project)
- Start Date
- 11-Aug-2025
- Due Date
- 29-Dec-2025
- Completion Date
- 23-Oct-2025
Relations
- Effective Date
- 05-Aug-2025
Overview
The oSIST prEN IEC 63452:2025 standard titled Railway Applications – Cybersecurity is an upcoming European Standard designed by the CLC under the IEC Technical Committee 9 (Electrical Equipment and Systems for Railways). Targeted for publication in September 2025, this document addresses the critical need for robust cybersecurity frameworks within railway systems globally. It provides comprehensive guidelines on information security, cybersecurity program management, risk assessment, and assurance, specifically tailored for railway engineering and operations.
This standard aims to mitigate cybersecurity risks associated with increasingly interconnected railway technologies and digital infrastructures, ensuring safe and reliable railway system performance while protecting data privacy. It aligns with international best practices and integrates with relevant lifecycle and safety standards.
Key Topics
1. Railway System Cybersecurity Framework
- Identification and definition of railway systems and their cybersecurity context.
- Development of high-level system and zone models for cybersecurity planning.
- Specification of shared cybersecurity services across railway components.
2. Enterprise Cybersecurity Management
- Establishing railway Operational Technology (OT) cybersecurity policies and programs.
- Information sharing, competency management, and inventory control.
- Supply chain security and risk management processes tailored to railway operations.
- Business continuity planning in case of cyber incidents.
- Data protection management to address privacy and compliance.
3. Cybersecurity in the Railway Application Life Cycle
- Integration of cybersecurity activities across the entire railway system lifecycle based on IEC 62278-1.
- Assigning project cybersecurity managers and planning cybersecurity tasks until project handover.
- Managing cybersecurity risks during supplier selection and coordination with safety and RAM (Reliability, Availability, Maintainability) teams.
4. Risk Assessment Methods
- Procedures for identifying System Under Consideration (SUC), assets, access points, threats, and vulnerabilities.
- Performing initial and detailed risk assessments with explicit risk evaluation.
- Partitioning systems into security zones and conduits to control access and isolate risks.
- Documenting cybersecurity requirements with asset owner approval.
5. Cybersecurity Architecture, Integration, and Configuration
- Designing functional cybersecurity architectures that do not impede system essential functions.
- Allocating cybersecurity requirements to subsystems and including compensating countermeasures.
- Traceability of cybersecurity requirements throughout system design.
- Guidelines for secure configuration and parameterization of railway solutions.
6. Assurance and Validation
- Planning and executing cybersecurity verification and validation activities by independent security testers.
- Verification of deliverables and validation of cybersecurity implementation.
- Establishing a cybersecurity case for railway solutions and formal handover plans.
Applications
The oSIST prEN IEC 63452:2025 standard serves as a vital framework for:
- Railway Operators: Leveraging cybersecurity policies and governance to protect infrastructure and operations.
- System Integrators and Manufacturers: Ensuring cybersecurity measures are embedded during design, development, and deployment phases.
- Regulators and Certification Bodies: Setting compliance benchmarks and evaluating railway cybersecurity posture.
- Supply Chain Partners: Managing cybersecurity risks related to third-party components and software.
- Maintenance and Support Teams: Implementing secure system configurations, managing vulnerabilities, and incident response.
Implementing this standard enhances resilience against cyber threats, fosters interoperability across railway subsystems, and supports safe, secure rail transportation with minimized downtime and service disruptions.
Related Standards
- IEC 62278-1 (Railway Applications - Rolling Stock Lifecycle): Cybersecurity activities are mapped to the lifecycle stages defined here for coherent risk and assurance management.
- IEC TC 65 (Industrial-process Measurement, Control and Automation): Cybersecurity principles in industrial control systems relate closely to railway OT environments.
- ISO/IEC 27001 (Information Security Management): Provides complementary overall IT security management best practices.
- EN 50126 / EN 50128 / EN 50129 (Railway Safety Standards): Integration of cybersecurity with safety and RAM requirements is emphasized.
Adopting oSIST prEN IEC 63452:2025 will be essential for all stakeholders in the railway sector to advance cybersecurity maturity, ensuring robust data protection, operational safety, and compliance in an era of digital transformation. This standard represents a major step forward in harmonizing cybersecurity efforts across European and international railway systems.
Frequently Asked Questions
oSIST prEN IEC 63452:2025 is a draft published by the Slovenian Institute for Standardization (SIST). Its full title is "Railway applications - Cybersecurity". This standard covers: Railway applications - Cybersecurity
Railway applications - Cybersecurity
oSIST prEN IEC 63452:2025 is classified under the following ICS (International Classification for Standards) categories: 35.030 - IT Security; 45.020 - Railway engineering in general. The ICS classification helps identify the subject area and facilitates finding related standards.
oSIST prEN IEC 63452:2025 has the following relationships with other standards: It is inter standard links to SIST-TS CLC/TS 50701:2024. Understanding these relationships helps ensure you are using the most current and applicable version of the standard.
You can purchase oSIST prEN IEC 63452:2025 directly from iTeh Standards. The document is available in PDF format and is delivered instantly after payment. Add the standard to your cart and complete the secure checkout process. iTeh Standards is an authorized distributor of SIST standards.
Standards Content (Sample)
SLOVENSKI STANDARD
01-september-2025
Železniške naprave - Kibernetska varnost
Railway applications - Cybersecurity
Ta slovenski standard je istoveten z: prEN IEC 63452:2025
ICS:
35.030 Informacijska varnost IT Security
45.020 Železniška tehnika na Railway engineering in
splošno general
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
9/3232A/CDV
COMMITTEE DRAFT FOR VOTE (CDV)
PROJECT NUMBER:
IEC 63452 ED1
DATE OF CIRCULATION: CLOSING DATE FOR VOTING:
2025-08-08 (2025-07-18) 2025-10-17 (2025-10-10)
SUPERSEDES DOCUMENTS:
9/3000/CD, 9/3036A/CC
IEC TC 9 : ELECTRICAL EQUIPMENT AND SYSTEMS FOR RAILWAYS
SECRETARIAT: SECRETARY:
France Mr Denis MIGLIANICO
OF INTEREST TO THE FOLLOWING COMMITTEES: HORIZONTAL FUNCTION(S):
TC 65
ASPECTS CONCERNED:
Information security and data privacy
SUBMITTED FOR CENELEC PARALLEL VOTING NOT SUBMITTED FOR CENELEC PARALLEL VOTING
Attention IEC-CENELEC parallel voting
The attention of IEC National Committees, members of CENELEC, is
drawn to the fact that this Committee Draft for Vote (CDV) is submitted
for parallel voting.
The CENELEC members are invited to vote through the CENELEC
online voting system.
This document is still under study and subject to change. It should not be used for reference purposes.
Recipients of this document are invited to submit, with their comments, notification of any relevant patent rights of which they are
aware and to provide supporting documentation.
Recipients of this document are invited to submit, with their comments, notification of any relevant “In Some Countries” clauses to
be included should this proposal proceed. Recipients are reminded that the CDV stage is the final stage for submitting ISC clauses.
(SEE AC/22/2007 OR NEW GUIDANCE DOC).
TITLE:
Railway applications – Cybersecurity
PROPOSED STABILITY DATE: 2028
NOTE FROM TC/SC OFFICERS:
This A version shows aligned Word extraction from the OSD in regards of annexes and figures. The closing date for
voting has been extended to 2025-10-17. No technical modification has been made.
st
The Cenelec parallel vote status of this project has been changed on 1 of August, as reflected on this coverpage.
electronic file, to make a copy and to print out the content for the sole purpose of preparing National Committee positions.
You may not copy or "mirror" the file or printed version of the document, or any part of it, for any other purpose without
permission in writing from IEC.
Link to Committee Draft for Vote (CDV) online document:
https://osd.iec.ch/#/editor/archive/0e847a8f-d663-e6d5-e063-1710000a30d0/en/CCDV/1
How to access
This link leads you to the Online Standards Development (OSD) platform for National Mirror Committee’s
(NMC) comments. The project draft may be found further down this document.
Resource materials
We recommend NCs to review the available materials to better understand the member commenting on the
OSD platform. This includes the:
• OSD NC roles overview: here
• How to add and submit comments to the IEC: here
Contact
Should you require any assistance, please contact the IEC IT Helpdesk at helpdesk@iec.ch.
IEC CDV 63452 ED1 © IEC 2025
CONTENTS
CONTENTS . 1
FOREWORD . 13
Introduction. 15
Purpose . 15
Overview of the structure of this document . 15
1 Scope . 17
2 Normative references . 17
3 Terms and definitions, abbreviated terms and acronyms, taxonomy and terms
equivalence . 17
3.1 Terms and definitions. 17
3.2 Abbreviated terms and acronyms . 46
3.3 Railway system taxonomy and terms equivalence . 50
4 Railway system overview . 53
4.1 Purpose . 53
4.2 Overview . 53
4.3 Inputs / Outputs . 54
4.4 [SO-01-01] Identification of the railway system . 54
4.4.1 Requirement . 54
4.4.2 Rationale and supplemental guidance . 54
4.5 [SO-02-01] Definition of a high-level railway system model . 56
4.5.1 Requirement . 56
4.5.2 Rationale and supplemental guidance . 56
4.6 [SO-03-01] Definition of a high-level railway zone model . 58
4.6.1 Requirement . 58
4.6.2 Rationale and supplemental guidance . 58
4.7 [SO-04-01] Specification of shared cybersecurity services . 60
4.7.1 Requirement . 60
4.7.2 Rationale and supplemental guidance . 60
5 Enterprise cybersecurity programme and management . 62
5.1 Overview . 62
5.2 Inputs / Outputs . 62
5.3 [CP-01-01] Railway OT cybersecurity policy . 63
5.3.1 Requirement . 63
5.3.2 Rationale and supplemental guidance . 63
5.4 [CP-01-02] Railway OT cybersecurity programme . 63
5.4.1 Requirement . 63
5.4.2 Rationale and supplemental guidance . 64
5.5 [CP-02-01] Information sharing management . 65
5.5.1 Requirement . 65
5.5.2 Rationale and supplemental guidance . 65
5.6 [CP-03-01] Competency management . 65
5.6.1 Requirement . 65
5.6.2 Rationale and supplemental guidance . 66
5.7 [CP-04-01] Inventory management . 66
5.7.1 Requirement . 66
5.7.2 Rationale and supplemental guidance . 67
IEC CDV 63452 ED1 © IEC 2025
5.8 [CP-05-01] Supply chain management . 67
5.8.1 Requirement . 67
5.8.2 Rationale and supplemental guidance . 67
5.9 [CP-06-01] Risk management . 70
5.9.1 Requirement . 70
5.9.2 Rationale and supplemental guidance . 71
5.10 [CP-07-01] Business continuity management . 71
5.10.1 Requirement . 71
5.10.2 Rationale and supplemental guidance . 72
5.11 [CP-08-01] Data protection management . 72
5.11.1 Requirement . 72
5.11.2 Rationale and supplemental guidance . 73
6 Cybersecurity within a railway application life cycle . 74
6.1 Purpose . 74
6.2 Railway application and product life cycles . 74
6.3 Manage cybersecurity activities and interfaces . 74
6.3.1 Inputs / Outputs . 74
6.3.2 [LC-01-01] Assign Project Cybersecurity Manager . 74
6.3.3 [LC-02-01] Plan project cybersecurity activities till the handover . 75
6.3.4 [LC-02-02] Tailoring the cybersecurity management plan . 76
6.3.5 [LC-02-03] Cybersecurity management plan approval . 76
6.3.6 [LC-02-04] Management of security issues before handover . 77
6.3.7 [LC-03-01] Manage product suppliers . 77
6.3.8 [LC-04-01] Manage interaction with safety and RAM teams . 77
6.4 Cybersecurity activities mapping to the IEC 62278-1 life cycle . 78
7 Risk assessment for system design . 83
7.1 Purpose and outcome . 83
7.2 Overview . 83
7.3 Identify the SUC and its security context . 86
7.3.1 Description . 86
7.3.2 Inputs / Outputs . 86
7.3.3 [ZR-01-01] Identify the SUC, its security perimeter and access points . 86
7.3.4 [ZR-01-02] Identify the cybersecurity context . 87
7.4 Initial Risk Assessment . 89
7.4.1 Description . 89
7.4.2 Inputs / Outputs . 89
7.4.3 [ZR-02-01] Initial risk assessment . 89
7.5 Partitioning of the SUC in zones and conduits . 90
7.5.1 Description . 90
7.5.2 Inputs / Outputs . 90
7.5.3 [ZR-03-01] Partitioning of the SUC . 90
7.6 Risk comparison . 91
7.6.1 Description . 91
7.6.2 Inputs / Outputs . 91
7.6.3 [ZR-04-01] Compare initial risk with tolerable risk . 91
7.7 Detailed Risk Assessment . 92
7.7.1 Description . 92
7.7.2 Inputs / Outputs . 92
7.7.3 [ZR-05-01] Perform Detailed Risk Assessment . 92
IEC CDV 63452 ED1 © IEC 2025
7.7.4 [ZR-05-02] Identify threats . 93
7.7.5 [ZR-05-03] Identify vulnerabilities . 94
7.7.6 [ZR-05-04] Manage identified threats and vulnerabilities . 95
7.7.7 [ZR-05-05] Apply a code of practice . 95
7.7.8 [ZR-05-06] Application requirements from a reference system . 95
7.7.9 Explicit Risk Evaluation [ZR-05-07, ZR-05-08, ZR-05-09] . 96
7.7.10 [ZR-05-10] Threats coverage and risk acceptance . 100
7.7.11 [ZR-05-11] Document results of the Detailed Risk Assessment . 100
7.8 Document cyber security requirements . 101
7.8.1 Description . 101
7.8.2 Inputs / Outputs . 101
7.8.3 [ZR-06-01] Cybersecurity requirements specification . 101
7.9 Asset owner's approval . 103
7.9.1 Description . 103
7.9.2 Inputs / Outputs . 103
7.9.3 [ZR-07-01] Asset owner's approval . 103
8 Cybersecurity architecture, integration and configuration . 103
8.1 Purpose . 103
8.2 Inputs / Outputs . 103
8.3 SUC cybersecurity functional architecture . 104
8.3.1 [AA-01-01] Cybersecurity Architecture . 104
8.3.2 [AA-01-02] Cybersecurity shall not adversely impact essential functions . 104
8.3.3 [AA-01-03] Requirements apportionment to subsystems . 105
8.3.4 [AA-01-04] Inclusion of compensating countermeasures . 106
8.3.5 [AA-01-05] Cybersecurity requirement traceability . 106
8.4 Cybersecurity integration . 106
8.4.1 [AA-02-01] Cybersecurity guidelines for the railway solution . 106
8.5 Cybersecurity configuration . 107
8.5.1 [AA-03-01] Cybersecurity parameterization and configuration of the
railway solution . 107
9 Cybersecurity assurance for railway solutions . 107
9.1 Purpose . 107
9.2 Overview . 108
9.3 Cybersecurity verification and validation . 109
9.3.1 Description . 109
9.3.2 Inputs / Outputs . 109
9.3.3 [CA-01-01] Plan cybersecurity evaluation activities . 110
9.3.4 [CA-01-02] Independence of security testers . 111
9.3.5 [CA-01-03] Execution of cybersecurity evaluation activities. 111
9.3.6 [CA-01-04] Verification of cybersecurity deliverables . 112
9.3.7 [CA-01-05] Cybersecurity validation of the railway solution . 112
9.3.8 [CA-01-06] Railway solution cybersecurity case . 113
9.4 Railway solution acceptance . 114
9.4.1 Description . 114
9.4.2 Inputs / Outputs . 114
9.4.3 [CA-02-01] Establish cybersecurity handover plan . 115
9.4.4 [CA-02-02] Approval of the cybersecurity handover plan . 115
9.4.5 [CA-02-03] Approval of the cybersecurity case . 116
9.4.6 [CA-02-04] Perform cybersecurity handover. 116
IEC CDV 63452 ED1 © IEC 2025
10 Operational, maintenance and decommissioning requirements . 116
10.1 Overview . 116
10.2 Inputs / Outputs . 118
10.3 [OM-01-01] Cybersecurity maintenance plan . 119
10.3.1 Requirement . 119
10.3.2 Rationale and supplemental guidance . 119
10.4 [OM-01-02] Cybersecurity rules and procedures . 120
10.4.1 Requirement . 120
10.4.2 Rationale and supplemental guidance . 120
10.5 [OM-01-03] Continuous cybersecurity verification . 121
10.5.1 Requirement . 121
10.5.2 Rationale and supplemental guidance . 121
10.6 [OM-02-01] Railway application cybersecurity case . 121
10.6.1 Requirement . 121
10.6.2 Rationale and supplemental guidance . 121
10.7 [OM-03-01] Risk assessment update . 122
10.7.1 Requirement . 122
10.7.2 Rationale and supplemental guidance . 122
10.8 [OM-04-01] Vulnerability advisories . 123
10.8.1 Requirement . 123
10.8.2 Rationale and supplemental guidance . 123
10.9 [OM-04-02] Cybersecurity testing and report . 123
10.9.1 Requirement . 123
10.9.2 Rationale and supplemental guidance . 123
10.10 [OM-04-03] Vulnerability management . 124
10.10.1 Requirement . 124
10.10.2 Rationale and supplemental guidance . 124
10.11 [OM-05-01] Patch management process . 124
10.11.1 Requirement . 124
10.11.2 Rationale and supplemental guidance . 125
10.12 [OM-05-02] Patch management supply chain . 125
10.12.1 Requirement . 125
10.12.2 Rationale and supplemental guidance . 125
10.13 [OM-05-03] End-of-life and end-of-security-support considerations . 126
10.13.1 Requirement . 126
10.13.2 Rationale and supplemental guidance . 126
10.14 [OM-06-01] Incident management . 126
10.14.1 Requirement . 126
10.14.2 Rationale and supplemental guidance . 126
10.15 [OM-06-02] Backup and recovery management . 129
10.15.1 Requirement . 129
10.15.2 Rationale and supplemental guidance . 129
10.16 [OM-07-01] Security monitoring . 130
10.16.1 Requirement . 130
10.16.2 Rationale and supplemental guidance . 130
10.17 [OM-08-01] Decommissioning management . 131
10.17.1 Requirement . 131
10.17.2 Rationale and supplemental guidance . 131
Annex A (informative) Handling conduits . 132
IEC CDV 63452 ED1 © IEC 2025
A.1 General . 132
A.2 Protection profiles for conduits . 133
Annex B (informative) Handling legacy systems . 135
General . 136
B.1 Basic security risks . 136
B.1.1 A denial of service attacks and vulnerability exploits . 136
B.1.2 Impersonation attack . 136
B.2 Basic process activities . 137
B.2.1 General . 137
B.2.2 Zoning . 137
B.2.3 Defence in depth . 137
B.2.4 Basic risk analysis . 138
B.2.5 (Re-)Commissioning . 138
B.2.6 Site acceptance test (SAT) . 138
B.2.7 Operation . 139
B.2.8 Training of personnel . 139
B.2.9 Asset inventory . 139
B.3 Basic security countermeasures . 139
B.3.1 General . 139
B.3.2 Protect installation . 139
B.3.3 Regular inspection of installation . 140
B.3.4 Network / perimeter protection . 140
B.3.5 Network segmentation / restricted data flow . 140
B.3.6 Monitoring and network management . 140
B.3.7 Network management system . 141
B.3.8 Intrusion detection / SIEM . 141
B.3.9 Virtual private networks (VPN) . 142
B.3.10 Redundant communication. 142
B.3.11 Security gateway . 142
B.3.12 Handling USB connectors . 142
B.3.13 Encryption . 143
B.3.14 Authentication . 143
Annex C (informative) Cybersecurity design principles and system requirements . 144
C.1 Cybersecurity design principles. 144
C.1.1 Introduction . 144
C.1.2 Secure the weakest link . 144
C.1.3 Defence in depth . 145
C.1.4 Fail secure. 148
C.1.5 Grant least privilege . 149
C.1.6 Economise mechanism . 150
C.1.7 Authenticate requests . 152
C.1.8 Control access . 154
C.1.9 Assume secrets not safe . 155
C.1.10 Make security usable . 156
C.1.11 Promote privacy. 158
C.1.12 Audit and monitor . 158
C.1.13 Proportionality principle . 160
C.1.14 Precautionary principle . 161
C.1.15 Continuous protection . 162
IEC CDV 63452 ED1 © IEC 2025
C.1.16 Secure metadata . 163
C.1.17 Secure defaults . 164
C.1.18 Trusted components . 165
C.2 Guidelines for implementation in a railway environment . 166
Annex D (informative) Safety and cybersecurity . 202
General . 203
D.1 Differences between safety and cybersecurity . 203
D.2 Security from a safety perspective . 204
D.3 Co-engineering of safety and security . 204
D.4 Quantification of security . 205
D.5 The relationship between safety integrity levels and security levels . 205
D.6 Responsibility for security . 206
Annex E (informative) Risk acceptance methods . 207
E.1 General . 207
E.2 Example 1 . 207
E.2.1 Introduction . 207
E.2.2 Impact assessment . 207
E.2.3 Likelihood assessment . 208
E.2.4 Risk tolerability . 208
E.2.5 Justification . 209
E.3 Example 2 . 209
E.3.1 Introduction . 209
E.3.2 Impact assessment . 209
E.3.3 Likelihood assessment . 210
E.3.4 Risk tolerability . 211
E.3.5 Justification . 211
E.4 Example 3 . 211
E.4.1 Introduction . 211
E.4.2 Impact assessment . 211
E.4.3 Likelihood assessment . 212
E.4.4 Risk tolerability . 213
E.4.5 Justification . 213
E.5 Example 4 . 213
E.5.1 Introduction . 213
E.5.2 Impact Assessment . 213
E.5.3 Likelihood assessment . 214
E.5.4 Risk acceptance . 216
E.5.5 Justification . 216
Annex F (informative) Railway system models and zone models . 218
F.1 Design guidance and rules . 218
F.1.1 Design guidance for system models . 218
F.1.2 Design rules for the area-based model . 218
F.1.3 Design rules for the topology-based model . 219
F.2 Magnifications of the high-level railway zone model . 219
F.2.1 Design Guidance for zone models . 222
F.3 Train to ground communication . 234
F.3.1 Introduction . 234
F.3.2 Communication channel. 234
IEC CDV 63452 ED1 © IEC 2025
F.3.3 Principles . 235
Annex G (informative) Cybersecurity deliverables content . 236
G.1 Purpose . 236
G.2 Railway OT cybersecurity policy and cybersecurity programme . 236
G.2.1 Railway OT cybersecurity policy . 236
G.2.2 Railway OT cybersecurity programme . 236
G.2.3 Rational and guidance . 237
G.3 Cybersecurity management plan . 237
G.4 Risk assessment report . 239
G.5 Cybersecurity requirement specification . 239
G.6 Cybersecurity guidelines for the railway solution . 240
G.7 Cybersecurity evaluation plan . 241
G.8 Cybersecurity case . 242
G.9 Cybersecurity maintenance plan . 243
Annex H (informative) Cybersecurity competence profiles . 245
H.1 Purpose . 245
H.2 Railway cybersecurity competence profiles . 246
H.2.1 Introduction . 246
H.2.2 Railway Project Cybersecurity Manager . 246
H.2.3 Railway Cybersecurity Architect . 247
H.2.4 Railway Cybersecurity Risk Analyst . 248
H.2.5 Railway Cybersecurity Implementer . 249
H.2.6 Railway Cybersecurity Penetration Tester . 250
H.2.7 Railway Cybersecurity Assessor . 252
H.2.8 Railway Cybersecurity Verifier . 253
H.2.9 Railway Cybersecurity Validator . 254
H.2.10 Railway Cybersecurity Administrator . 255
H.2.11 Railway Cybersecurity Incident Responder . 256
H.2.12 Railway Chief Information Security Officer . 257
Annex I (informative) Cybersecurity for operation and maintenance activities -
Operational guidance . 260
I.1 Purpose . 260
I.2 Change to maintenance activities and teams . 260
I.3 Access Strategy . 260
I.3.1 Physical Access: . 260
I.3.2 Role-Based Access: . 260
I.3.3 Network Access: . 261
I.3.4 Consistency for Access Protection: . 261
I.4 Remote Access and Maintenance . 261
I.4.1 General . 261
I.4.2 Remote Maintenance OT . 261
I.4.3 Methods of Remote Maintenance . 261
I.5 Other aspects to be correctly addressed . 262
I.5.1 Data Protection: . 262
I.5.2 Decommissioning: . 262
I.5.3 Awareness of People: . 262
I.5.4 Use of Portable Media (such as laptop, USB key): . 262
I.5.5 Key Exchange and Management: . 262
Annex J (informative) Vulnerability Management - Operational guidance . 263
IEC CDV 63452 ED1 © IEC 2025
J.1 Purpose . 263
J.2 organizational aspects . 263
J.3 Process scoping . 263
J.4 Vulnerability identification, analysis and prioritization criteria . 264
J.5 Vulnerability remediation . 265
Annex K (informative) Cloud security . 268
K.1 General . 268
K.2 Applicability . 268
K.3 Cloud Security within the railway application life cycle . 269
K.3.1 Specification Phase . 269
K.3.2 Design and Implementation Phase . 270
K.3.3 Validation Phase . 274
K.3.4 Operations and Maintenance Phase . 275
K.3.5 Decommissioning . 278
K.3.6 Business Continuity and Disaster Recovery . 278
K.4 Cross-Refe
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.
Loading comments...