This part of IEC 62351 specifies messages, procedures and algorithms for securing the operation of all protocols based on or derived from IEC 60870-5: Telecontrol equipment and systems – Transmission protocols. This Technical Specification applies to at least those protocols listed in Table 1. Table 1 – Scope of application to standards Number Name IEC 60870-5-101 Companion standard for basic telecontrol tasks IEC 60870-5-102 Companion standard for the transmission of integrated totals in electric power systems IEC 60870-5-103 Companion standard for the informative interface of protection equipment IEC 60870-5-104 Network access for IEC 60870-5-101 using standard transport profiles DNP3 Distributed Network Protocol (based on IEC 60870-1 through IEC 60870-5 and controlled by the DNP Users Group) The initial audience for this Technical Specification is intended to be the members of the working groups developing the protocols listed in Table 1. For the measures described in this specification to take effect, they must be accepted and referenced by the specifications for the protocols themselves. This document is written to enable that process. The subsequent audience for this specification is intended to be the developers of products that implement these protocols. Portions of this specification may also be of use to managers and executives in order to understand the purpose and requirements of the work. This part of IEC/TS 62351 focuses only on application layer authentication and security issues arising from such authentication. Other security concerns – in particular, protection from eavesdropping or man-in-the-middle attacks through the use of encryption – are considered to be outside the scope. Encryption may be added through the use of this specification with other specifications. This document is organized working from the general to the specific, as follows: Clauses 2 through 4 provide background terms, definitions, and references. Clause 5 describes the problems this specification is intended to address. Clause 6 describes the mechanism generically without reference to a specific protocol. Clauses 7 and 8 describe the mechanism more precisely and are the primary normative part of this specification. Clause 9 describes a few particular implementation issues that are special cases. Clause 10 describes the requirements for other standards referencing this specification. Clause 11 describes the Protocol Implementation Conformance Statement (PICS) for this mechanism. Unless specifically labelled as informative or optional, all clauses of this specification are normative.