标准摘要
[中文适用范围]: 本文件为能源公用事业行业提供基于ISO/IEC 27002:2013的应用指南,用于控制和监控电力、气体、石油和热能的生产或发电、传输、存储和分配的过程控制系统。本文件特别包括但不限于以下内容:——中心和分布式过程控制、监视和自动化技术以及用于其操作的信息系统,例如编程和参数化设备;——数字控制器和自动化组件,如控制和现场设备或可编程逻辑控制器(PLC),包括数字传感器和执行器元件;——在过程控制领域中进一步使用的所有支持信息系统,例如补充数据可视化任务、控制、监视、数据存档、历史记录日志、报告和文档编制目的;——过程控制领域中使用的通信技术,例如网络、远程遥测、远程控制应用和技术;——智能计量基础设施(AMI)组件,例如智能电表;——测量设备,例如排放值测量设备;——数字保护和安全系统,例如保护继电器、安全PLC、紧急调节机制;——能源管理系统,例如分布式能源资源(DER)、电动汽车充电基础设施、私人家庭、住宅建筑或工业客户安装中的能源管理系统;——智能电网环境的分布式组件,例如在能源网络、私人家庭、住宅建筑或工业客户安装中;——上述系统上安装的所有软件、固件和应用程序,例如配电管理系统的(DMS)应用或故障管理系统(OMS);——容纳上述设备和系统的场所;——上述系统的远程维护系统。本文件不适用于核设施的过程控制领域。该领域由IEC 62645涵盖。本文件还包括对ISO/IEC 27001:2013中描述的风险评估和处理过程进行适应性要求,以符合本文件提供的能源行业特定指南。 [外文原描述]: ISO/IEC 27019:2017 provides guidance based on ISO/IEC 27002:2013 applied to process control systems used by the energy utility industry for controlling and monitoring the production or generation, transmission, storage and distribution of electric power, gas, oil and heat, and for the control of associated supporting processes. This includes in particular the following: - central and distributed process control, monitoring and automation technology as well as information systems used for their operation, such as programming and parameterization devices; - digital controllers and automation components such as control and field devices or Programmable Logic Controllers (PLCs), including digital sensor and actuator elements; - all further supporting information systems used in the process control domain, e.g. for supplementary data visualization tasks and for controlling, monitoring, data archiving, historian logging, reporting and documentation purposes; - communication technology used in the process control domain, e.g. networks, telemetry, telecontrol applications and remote control technology; - Advanced Metering Infrastructure (AMI) components, e.g. smart meters; - measurement devices, e.g. for emission values; - digital protection and safety systems, e.g. protection relays, safety PLCs, emergency governor mechanisms; - energy management systems, e.g. of Distributed Energy Resources (DER), electric charging infrastructures, in private households, residential buildings or industrial customer installations; - distributed components of smart grid environments, e.g. in energy grids, in private households, residential buildings or industrial customer installations; - all software, firmware and applications installed on above-mentioned systems, e.g. DMS (Distribution Management System) applications or OMS (Outage Management System); - any premises housing the above-mentioned equipment and systems; - remote maintenance systems for above-mentioned systems. ISO/IEC 27019:2017 does not apply to the process control domain of nuclear facilities. This domain is covered by IEC 62645. ISO/IEC 27019:2017 also includes a requirement to adapt the risk assessment and treatment processes described in ISO/IEC 27001:2013 to the energy utility industry-sector?specific guidance provided in this document.
英文名称Information technology - Security techniques - Information security controls for the energy utility industry