1、 IEC 62645 Edition 1.0 2014-08 INTERNATIONAL STANDARD NORME INTERNATIONALE Nuclear power plants Instrumentation and control systems Requirements for security programmes for computer-based systems Centrales nuclaires de puissance Systmes dinstrumentation et de contrle- commande Exigences relatives au
2、x programmes de scurit applicables aux systmes programms IEC 62645:2014-08(en-fr) colour inside THIS PUBLICATION IS COPYRIGHT PROTECTED Copyright 2014 IEC, Geneva, Switzerland All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by
3、 any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either IEC or IECs member National Committee in the country of the requester. If you have any questions about IEC copyright or have an enquiry about obtaining additional rights to this publ
4、ication, please contact the address below or your local IEC member National Committee for further information. Droits de reproduction rservs. Sauf indication contraire, aucune partie de cette publication ne peut tre reproduite ni utilise sous quelque forme que ce soit et par aucun procd, lectronique
5、 ou mcanique, y compris la photocopie et les microfilms, sans laccord crit de lIEC ou du Comit national de lIEC du pays du demandeur. Si vous avez des questions sur le copyright de lIEC ou si vous dsirez obtenir des droits supplmentaires sur cette publication, utilisez les coordonnes ci-aprs ou cont
6、actez le Comit national de lIEC de votre pays de rsidence. IEC Central Office Tel.: +41 22 919 02 11 3, rue de Varemb Fax: +41 22 919 03 00 CH-1211 Geneva 20 infoiec.ch Switzerland www.iec.ch About the IEC The International Electrotechnical Commission (IEC) is the leading global organization that pr
7、epares and publishes International Standards for all electrical, electronic and related technologies. About IEC publications The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the latest edition, a corrigenda or an amendment might have
8、been published. IEC Catalogue - webstore.iec.ch/catalogue The stand-alone application for consulting the entire bibliographical information on IEC International Standards, Technical Specifications, Technical Reports and other documents. Available for PC, Mac OS, Android Tablets and iPad. IEC publica
9、tions search - www.iec.ch/searchpub The advanced search enables to find IEC publications by a variety of criteria (reference number, text, technical committee,). It also gives information on projects, replaced and withdrawn publications. IEC Just Published - webstore.iec.ch/justpublished Stay up to
10、date on all new IEC publications. Just Published details all new publications released. Available online and also once a month by email. Electropedia - www.electropedia.org The worlds leading online dictionary of electronic and electrical terms containing more than 30 000 terms and definitions in En
11、glish and French, with equivalent terms in 14 additional languages. Also known as the International Electrotechnical Vocabulary (IEV) online. IEC Glossary - std.iec.ch/glossary More than 55 000 electrotechnical terminology entries in English and French extracted from the Terms and Definitions clause
12、 of IEC publications issued since 2002. Some entries have been collected from earlier publications of IEC TC 37, 77, 86 and CISPR. IEC Customer Service Centre - webstore.iec.ch/csc If you wish to give us your feedback on this publication or need further assistance, please contact the Customer Servic
13、e Centre: csciec.ch. A propos de lIEC La Commission Electrotechnique Internationale (IEC) est la premire organisation mondiale qui labore et publie des Normes internationales pour tout ce qui a trait llectricit, llectronique et aux technologies apparentes. A propos des publications IEC Le contenu te
14、chnique des publications IEC est constamment revu. Veuillez vous assurer que vous possdez ldition la plus rcente, un corrigendum ou amendement peut avoir t publi. Catalogue IEC - webstore.iec.ch/catalogue Application autonome pour consulter tous les renseignements bibliographiques sur les Normes int
15、ernationales, Spcifications techniques, Rapports techniques et autres documents de lIEC. Disponible pour PC, Mac OS, tablettes Android et iPad. Recherche de publications IEC - www.iec.ch/searchpub La recherche avance permet de trouver des publications IEC en utilisant diffrents critres (numro de rfr
16、ence, texte, comit dtudes,). Elle donne aussi des informations sur les projets et les publications remplaces ou retires. IEC Just Published - webstore.iec.ch/justpublished Restez inform sur les nouvelles publications IEC. Just Published dtaille les nouvelles publications parues. Disponible en ligne
17、et aussi une fois par mois par email. Electropedia - www.electropedia.org Le premier dictionnaire en ligne de termes lectroniques et lectriques. Il contient plus de 30 000 termes et dfinitions en anglais et en franais, ainsi que les termes quivalents dans 14 langues additionnelles. Egalement appel V
18、ocabulaire Electrotechnique International (IEV) en ligne. Glossaire IEC - std.iec.ch/glossary Plus de 55 000 entres terminologiques lectrotechniques, en anglais et en franais, extraites des articles Termes et Dfinitions des publications IEC parues depuis 2002. Plus certaines entres antrieures extrai
19、tes des publications des CE 37, 77, 86 et CISPR de lIEC. Service Clients - webstore.iec.ch/csc Si vous dsirez nous donner des commentaires sur cette publication ou si vous avez des questions contactez-nous: csciec.ch. IEC 62645 Edition 1.0 2014-08 INTERNATIONAL STANDARD NORME INTERNATIONALE Nuclear
20、power plants Instrumentation and control systems Requirements for security programmes for computer-based systems Centrales nuclaires de puissance Systmes dinstrumentation et de contrle- commande Exigences relatives aux programmes de scurit applicables aux systmes programms INTERNATIONAL ELECTROTECHN
21、ICAL COMMISSION COMMISSION ELECTROTECHNIQUE INTERNATIONALE X ICS 27.120.20 PRICE CODE CODE PRIX ISBN 978-2-8322-1810-5 Registered trademark of the International Electrotechnical Commission Marque dpose de la Commission Electrotechnique Internationale Warning! Make sure that you obtained this publica
22、tion from an authorized distributor. Attention! Veuillez vous assurer que vous avez obtenu cette publication via un distributeur agr. colour inside 2 IEC 62645:2014 IEC 2014 CONTENTS FOREWORD. 4 INTRODUCTION . 6 1 Scope 8 1.1 General . 8 1.2 Application 9 1.3 Framework 9 2 Normative references 11 3
23、Terms and definitions 11 4 Abbreviations 14 5 Establishing and managing a nuclear I any IEC National Committee interested in the subject dealt with may participate in this preparatory work. International, governmental and non- governmental organizations liaising with the IEC also participate in this
24、 preparation. IEC collaborates closely with the International Organization for Standardization (ISO) in accordance with conditions determined by agreement between the two organizations. 2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
25、 consensus of opinion on the relevant subjects since each technical committee has representation from all interested IEC National Committees. 3) IEC Publications have the form of recommendations for international use and are accepted by IEC National Committees in that sense. While all reasonable eff
26、orts are made to ensure that the technical content of IEC Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any misinterpretation by any end user. 4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publicat
27、ions transparently to the maximum extent possible in their national and regional publications. Any divergence between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in the latter. 5) IEC itself does not provide any attestation of conformity. Ind
28、ependent certification bodies provide conformity assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any services carried out by independent certification bodies. 6) All users should ensure that they have the latest edition of this publication. 7) No
29、 liability shall attach to IEC or its directors, employees, servants or agents including individual experts and members of its technical committees and IEC National Committees for any personal injury, property damage or other damage of any nature whatsoever, whether direct or indirect, or for costs
30、(including legal fees) and expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC Publications. 8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is indispensable for the correct applicati
31、on of this publication. 9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of patent rights. IEC shall not be held responsible for identifying any or all such patent rights. International Standard IEC 62645 has been prepared by subcommittee
32、45A: Instrumentation, control and electrical systems of nuclear facilities, of IEC technical committee 45: Nuclear instrumentation. The text of this standard is based on the following documents: FDIS Report on voting 45A/961/FDIS 45A/975/RVD Full information on the voting for the approval of this st
33、andard can be found in the report on voting indicated in the above table. This publication has been drafted in accordance with the ISO/IEC Directives, Part 2. IEC 62645:2014 IEC 2014 5 The committee has decided that the contents of this publication will remain unchanged until the stability date indi
34、cated on the IEC web site under “http:/webstore.iec.ch“ in the data related to the specific publication. At this date, the publication will be reconfirmed, withdrawn, replaced by a revised edition, or amended. IMPORTANT The colour inside logo on the cover page of this publication indicates that it c
35、ontains colours which are considered to be useful for the correct understanding of its contents. Users should therefore print this document using a colour printer. 6 IEC 62645:2014 IEC 2014 INTRODUCTION a) Technical background, main issues and organisation of the standard This standard specifically
36、focuses on the issue of requirements for computer security programmes and system development processes to prevent and/or minimize the impact of attacks against I&C computer-based systems possibly integrating HPD (HDL (Hardware Description Language) Programmed Devices), hereinafter named I&C CB&HPD s
37、ystems. This standard was prepared and based on the ISO/IEC 27000 series, IAEA and country specific guidance in this expanding technical and security focus area. It is intended that the Standard be used by designers and operators of nuclear power plants (NPPs) (utilities), licensees, systems evaluat
38、ors, vendors and subcontractors, and by licensors. b) Situation of the current Standard in the structure of the IEC SC 45A standard series IEC 62645 is a second level IEC SC 45A document, tackling the generic issue of NPP I&C cybersecurity. IEC 62645 is considered formally as a second level document
39、 with respect to IEC 61513, although IEC 61513 needs revisions to actually ensure proper reference to and consistency with IEC 62645. IEC 62645 is the top-level document with respect to cyber security in the SC 45A standard series. Other documents will be developed under IEC 62645 and will correspon
40、d to third level documents in the IEC SC 45A standards. This IEC Standard is expected to coordinate more closely with the IEC 62443 (Bibliography) series in the next few years. For more details on the structure of the IEC SC 45A standard series, see item d) of this introduction. c) Recommendations a
41、nd limitations regarding the application of this standard This standard establishes requirements for I&C CB&HPD systems, with regard to computer security, and clarifies the processes that I&C CB&HPD systems are designed, developed and operated under in NPPs. It is recognized that this standard addre
42、sses an evolving area of regulatory requirements, due to the changing and evolving nature of computer security threats. Therefore, the standard defines the framework within which the evolving country specific requirements may be developed and applied. An upcoming process for this standard is anticip
43、ated in the near term, to address these evolving issues. It is intended to take into account coordination with new IEC and ISO standards, evolving and new national regulations, best practices and technical advances from IEC members on issues including graded approach and security degrees, refined co
44、nsideration of security requirements to meet plant performance objectives, risk assessment or cybersecurity of legacy systems. It is also recognized that products derived from application of this subject matter require protection. Release of the standards country specific requirements should be cont
45、rolled to limit the extent to which organizations or individuals intending to access nuclear plant systems illegally, improperly or without authorization may benefit from this information. d) Description of the structure of the IEC SC 45A standard series and relationships with other IEC documents an
46、d other bodies documents (IAEA, ISO) The top-level document of the IEC SC 45A standard series is IEC 61513. It provides general requirements for I&C systems and equipment that are used to perform functions important to safety in NPPs. IEC 61513 structures the IEC SC 45A standard series. IEC 61513 re
47、fers directly to other IEC SC 45A standards for general topics related to categorization of functions and classification of systems, qualification, separation of systems, defence against common cause failure, software aspects of computer-based systems, hardware aspects of computer-based systems, and
48、 control room design. The standards referenced directly at this second level should be considered together with IEC 61513 as a consistent document set. At a third level, IEC SC 45A standards not directly referenced by IEC 61513 are standards related to specific equipment, technical methods, or specific activities. Usually these
