IEC GUIDE 120 pdf free download

IEC GUIDE 120 pdf free download.Security aspects – Guidelines for their inclusion in publications.
5.2.4 Product security publications
Product security publications define how to apply base security publications or group security publications for a particular type of product. They ensure that different products can interact or interoperate securely, and can be controlled and managed in a uniform manner.
Product security publications should as far as possible define their requirements by reference to base security publications and group security publications.
NOTE In this context, the term product includes items such as process, service, installation, and combinations
thereof.
5.2.5 GuIdance security publications
Guidance security publications should not contain requirements. They explain how to
implement base publications, and group or product publications.
In some application areas, guidance publications are not used. Instead necessary guidance information is provided through informative annexes within the relevant requirements standard.
5.2.6 Test security publications
Test security publications define ways to determine that the requirements of base publications, and group or product publications have been correctly implemented.
Test publications typically have a specialised audience and often make reference to conformity assessment. They may define or identify reference implementations that can be used to determine correct implementation through successful interoperation.
5.2.7 Relationship between types of security publications
The relationship between these different types of publications is shown in Figure 2. There is an equivalent figure for safety publications in Annex B of lEG GUIDE 104:2010 [13J.
5.3 Application domain
Publications for security can also be categorised according to their intended domain of application. This may be a sector of economic or industrial activity, a type of market, or an area of application.
Some examples of application domains are listed below, as shown in Figure 1:
• building/home;
• energy;
• general;
• healthcare;
• ICT;
• industrial automation;
• transportation.
In many cases an application domain will have an associated lEG committee responsible for the development of publications for that domain. This committee should accept responsibility for the development of the associated security publications.
5.6.2 Group security publications Group security publications will normally be domain-specific publications. Group security publications will normally be developed within one lEG committee, but may have application in areas beyond the scope of that committee. Normally, the domain committee will retain responsibility for publications development and maintenance, but should take account of other known use cases and requirements of wider use. Group security publications should build upon basic security services as defined in appropriate base security publications, but may be parameterised or configured to reflect the intended field of application. This includes identifying specific threats, types of attack and consequences that apply to the intended field of application. IEC committees should not attempt to restrict the applicability of group security publications without good reason. This will enable developers of compliant products and systems to offer them for use elsewhere. However, group security publications should clearly identify any assumptions or limitations concerning their applicability in order to minimise the potential for misuse. Where necessary, lEG committees developing group security publications should consult or work collaboratively with the originators of the base security publications that they reference. 5.6.3 Product security publications Product security publications should normally be produced by the lEG committee that deals with the aspects of that type of product or series of products. Product security publications will often only deal with the product’s interaction with its environment, referencing generic base or group publications to define internal behaviour. 5.6.4 GuIdance security publications and test security publications These publications should be produced by the IEC committee responsible for the base, group or product publication to which these publications refer. Assistance should be sought from specialist committees dealing with conformity assessment if applicable.IEC GUIDE 120 pdf download.