This document provides the utility industry and vendors with a set of security requirements for Advanced Metering Infrastructure (AMI). These requirements are intended to be used in the procurement process, and represent a superset of requirements gathered from current cross industry accepted security standards and best practice guidance documents.
This document provides substantial supporting information for the use of these requirements including scope, context, constraints, objectives, user characteristics, assumptions, and dependencies. This document also introduces the concept of requirements for security states and modes, with requirements delineated for security states.
These requirements are categorized into three areas: 1) Primary Security Services, 2) Supporting Security Services and 3) Assurance Services. The requirements will change over time corresponding with current security threats and countermeasures they represent. The AMI-SEC Task Force presents the current set as a benchmark, and the authors expect utilities and vendors to tailor the set to individual environments and deployments.
While these requirements are capable of standing on their own, this document is intended to be used in conjunction with other 2008 deliverables from the AMI-SEC Task Force, specifically the Risk Assessment, the Architectural Description, the Component Catalog (in development as of this writing), and the Implementation Guide (to be developed late 2008). This document also discusses the overall process for usage of this suite.