Uploaded image for project: 'OASIS Energy Interoperation TC'
  1. OASIS Energy Interoperation TC
  2. ENERGYINTEROP-287

644: ISO's need to comply with NERC CIP, which should be clear in the example

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: csd01 - Public Review Draft
    • Fix Version/s: wd19
    • Component/s: spec
    • Labels:
      None
    • Proposal:
      Hide

      Define an attribute (cardinality [0..1]). The definition will mirror the IRC proposal, i.e., three topcs, and high medium or low for each.

      The CSWG strongly recommends using this as a deployment descriptor, rather than something included in each message. The class model should address how a deployment descriptor is related to a message type or types.

      Show
      Define an attribute (cardinality [0..1] ). The definition will mirror the IRC proposal, i.e., three topcs, and high medium or low for each. The CSWG strongly recommends using this as a deployment descriptor, rather than something included in each message. The class model should address how a deployment descriptor is related to a message type or types.
    • Resolution:
      Hide

      Security risk to add to messages (rather than transport and interaction)

      Close, no change

      Show
      Security risk to add to messages (rather than transport and interaction) Close, no change

      Description

      While line 640 mentiones security, privacy, and reliability the section speaks of security at the communication layer only. ISO's need comply with NERC CIP Information Protection guidelines that should be described in the Information Model (see IRC Information Model and XML Schemas) to classify information, not only protect it.

        Attachments

          Activity

          Hide
          william.cox William Cox (Inactive) added a comment -

          The information structure correctly describes the information classification for NERC CIP, but including the "value" of the message in the message seems to increase risk by flagging more valuable messages. (From discussion with CSWG members)

          This would be a useful "deployment descriptor", rather than a message component.

          This seems to be relevant information in deciding what security/reliability to compose for specific types of interactions.

          Show
          william.cox William Cox (Inactive) added a comment - The information structure correctly describes the information classification for NERC CIP, but including the "value" of the message in the message seems to increase risk by flagging more valuable messages. (From discussion with CSWG members) This would be a useful "deployment descriptor", rather than a message component. This seems to be relevant information in deciding what security/reliability to compose for specific types of interactions.

            People

            • Assignee:
              william.cox William Cox (Inactive)
              Reporter:
              edgardo.luzcando Edgardo Luzcando (Inactive)
            • Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: