The NIST Process Control Security Requirements Forum (PCSRF) and the Future of Industrial C

格式：pdf
大小：193.40 KB
文档页数：8

下载文档原格式

GoControl Z-Wave 模块说明书

1PS15EMZ5-1 PLUG-IN MODULE The GoControl ™ family of Z-Wave ® certiﬁ ed wireless lighting products (smart LED ﬁ xtures, bulbs, switches, dimmers, outlets, plug-in modules) Control Products(thermostats, irrigation controller and garage door controller)and Sensors (ﬂ ood, leak, alert sounder, motion sensor and door/window sensor) bring a new level of intelligent wireless Home Automation capability to commercial and residential environments.The Z-Wave wireless protocol is an international wireless standard for remote home automation, security and other applications. This product can be included and operated in any Z-Wave network with other Z-Wave certiﬁ ed devices from other manufacturers and/or other applications. All non-battery operated nodes within the network will act as repeaters regardless of vendor to increase reliability of the network.GoControl Z-Wave products are easy to install, are Z-Wave certiﬁ ed, and allow dealers to create an integrated wireless network with nearly limitless expansion and interoperability with security, energy management, home entertainment, appliances, and more.The PS15EMZ5-1 is a simple Plug & Play Home Automation device that lets you control any lighting or small appliance while monitoring the amount of energy being used. Bright multi-colored LEDs provide an instant indication of the energy being used while simultaneously reporting this information to your Z-Wave hub that may be used for energy monitoring and analysis.Z-WAVE PLUS FEATURES The PS15EMZ5-1 contains a Z-Wave 500 Series Module that supports Z-Wave Plus ® features. A Z-Wave certiﬁ ed portable or stationary Controller can communicate with theZ-Wave 500 Series Module.Depending on the capability of the Controller or gateway software, the following operations can be performed with the PS15EMZ5-1. Refer to the Controller or gateway manual for details.• Turn the load ON and OFF .• Add or Remove the PS15EMZ5-1.• Assign the PS15EMZ5-1 to a specific Group/Scene and/or to include the load as part of ALL ON or ALL OFF system commands.• Over-the-air firmware update by the gateway or static Controller.• Lifeline function which automatically notifies the associated modules and the network that a manually reset deviceis no longer in the network, thus, the corresponding association becomes invalid.• Monitors the amount of energy being used and reports the current usage to the Z-Wave controller INSTALLATION Adding to a network:Refer to your Controller operating instructions to add this switch under the command of the Wireless Controller.1. With your Controller in Discovery or Add Mode, tap the button on the face of the outlet. The LED will blink slowly when in ADD Mode.2. You should see an indication on your Controller that the “device was added” to the network and the LED will stop blinking.3. The device will appear in the list of Switches. It should display as a switch.If the Controller/Gateway shows the addition failed, repeat Steps 1-3. ✓NOTE: If you have trouble adding the PS15EMZ5-1 to a group it may be that the Home ID and Node ID were not cleared from it after testing. Y ou must ﬁ rst “RESET UNIT” to remove it from the network. Although adding it to a group includes it in the network, removing it from a group does not remove it from the network. If removed from a group, it functions as a repeater (only). “RESET UNIT” removes it completely from the network.To Reset Unit (If Required):In the event that your primary Controller is lost or otherwise inoperable, to reset the PS15EMZ5-1 and clear all network information, follow these steps:1. Tap the button on the face of the outlet ﬁ ve (5) times.2. Press and hold the button for 15 seconds. The LED will increasingly blink faster to indicate that a Reset is taking place.Removing from a network:The PS15EMZ5-1 can be removed from the network by the Controller/Gateway. Refer to the Controller operating instructions for details.1. Set the Controller into Removal Mode and follow its instruction to delete the PS15EMZ5-1 from the Controller.2. Remove the switch by tapping the button on the face of the outlet 2 times. The LED will begin blinking slowly for 10 seconds indicating that it has been removed.3. You should see an indication on your Controller that the “device was removed” from the network.BASIC OPERATIONLocal ControlThe button on the PS15EMZ5-1 allows the user to:• Turn the attached load on or off.• Tapping the button on the face of the outlet turns the load attached ON or OFF .Night Light To act as a night light, the LED on the PS15EMZ5-1 will turn ON when the load attached is OFF . However, the LED can be user conﬁ gured to turn ON, when the load attached is ON, if so desired. See “CONFIGURATION” section.Energy MonitoringPS15EMZ5-1 reports the total accumulated Kilowatt Hours (kWh) and the instantaneous Wattsbeing consumed by the load.Conﬁguration Parameter 13 conﬁ gures the rate at which the energy readings are reported. If the maximum kWh value that can be reported is reached (21,474 kWh), then it will remain at the maximum level until reset to 0 using the Controller software.To reset, the total accumulated kWh used by the PS15EMZ5-1 the Z-Wave controller needs to send a reset command at the request of the user. It will also be reset if the PS15EMZ5-1 is excluded from the Z-Wave network.The Watts reading provides the immediate reading of the power being consumed by the load. The Watts reading takes several seconds to settle so wait a few seconds before reading the energy value when the state of the switch (on / off) has changed.✓NOTE: If Power Monitoring, see Conﬁguration Section below, is turned OFF the PS15EMZ5-1will not report any energy use.Remote ControlThe PS15EMZ5-1 will respond to BASIC and BINARY commands that are part of theZ-Wave system. Refer to your Controller’s instructions as to whether your Controller cantransmit those commands.Protection ModeThe PS15EMZ5-1 supports Protection Mode that is used to disable the button onthe front of the device. This eliminates inadvertent activation of the switch. To enable Protection Mode, press the button on the PS15EMZ-1 three times quickly. The LED will blink Purple twice showing that Protection Mode has been enabled. When Enabled the only way to turn ON or OFF the PS15EMZ5-1 is through the Z-Wave controller or Mobile app. If the button on the PS15EMZ5-1 is pressed, the LED will blink Purple twice and have no impact on the attached device. To exit Protection Mode, press the button three times.AssociationsThe PS15EMZ5-1 supports one Group with one (1) Node for lifeline communication.Group 1 must be assigned the Node ID of the Controller to which unsolicited notiﬁcationsfrom the PS15EMZ5-1 will be sent. The Z-Wave Controller should set this Association automatically after inclusion. You can associate up to ﬁ ve Z-Wave devices to Group 1.For instructions on how to “set Lifeline Association” please refer to your Controller instructions.PS15EMZ5-1Z-Wave Radio Frequency (RF) Controlled, 120 VAC 15 Amp, Plug-In Switch Series 500NOTE: This unit must be added to the Network only where it will be permanently installed. The proper operation of this node in the meshnetwork is dependent on it knowing its location with respect to other nodes. You cannot “test bench” conﬁgure this unit, then install.Bottom of Appliance Moduleshowing 3 prong plug-inCopyright © 2016 Nortek Security & Control LLCRemoving AssociationsT o remove the Associations, if the Controller has recognized the Associations, refer to the Z-Wave Controller’s instructions on how to remove Associations. I f the Controller has not recognized the Associations, removing the PS15EMZ5-1 from the Z-Wave network will eliminate the Associations.ADVANCED OPERATIONAll On/All OffThe PS15EMZ5-1 supports the ALL ON / ALL OFF commands. The PS15EMZ5-1 can be set to respond to ALL ON and ALL OFF commands four different ways.Refer to your Controller for information on how to set the PS15EMZ5-1 to operate in the manner you desire. Some Controllers may be only able to set certain settings of ALL ON/ALL OFF response.The four different ways the PS15EMZ5-1 can be setup to respond to ALL ON and ALL OFF commands are:1. Responds to ALL ON or the ALL OFF command.2. Responds to ALL OFF command but will not respond to ALL ON command.3. Responds to ALL ON command but will not respond to ALL OFF command.4. Responds to ALL ON and the ALL OFF command.CONFIGURATIONThe PS15EMZ5-1 supports the Conﬁguration command. Each unit can be conﬁgured to operate slightly differently than how it works when you ﬁ rst install it.Using the Conﬁ guration command you can conﬁ gure the following:LED IntensityYou can set the intensity of the LED to ﬁ t the environment the PS15EMZ5-1 is beingPower MonitoringThe PS15EMZ5-1 provides a visual display of the amount of energy being consumedwhen the switch is turned on by illuminating the LEDs in one of 5 different colors.PS15EMZ5-1 will no longer illuminate the LED to indicate any energy use and periodicreports to the hub on energy use will also be turned off.be set using Parameter 12. After displaying the “energy used” color, the LED will revert to OFF or ON (white) as determined by conﬁguration parameter #3Night LightBy default, the LED on the PS15EMZ5-1 will turn OFF when the load attached is turned ON. To make the LED turn ON when the load attached is turned ON, set Parameter 3Over-The-Air (OTA) UpdateA Quadruple tap of the switch enables the ﬁrmware update mode. Firmware update modemust be entered before the system Controller sends the ﬁ rmware update command to begin downloading new ﬁrmware. Firmware update mode is enabled for 60 seconds after the quadruple tap. If the Firmware update does not begin before the end of the 60 seconds then ﬁ rmware update mode is exited returns to normal operation. The LED “winks” twice per second indicating it is in ﬁ rmware update mode.Resetting to DefaultsEach conﬁguration Parameter can be set back to its default setting by setting the default bit in the Conﬁguration Set command. See your Controller’s instructions on how to do this (and if it supports it). All conﬁ guration commands will be reset to their default state when the PS15EMZ5-1 is excluded from the Z-Wave network by using the Controller to reset the node.SPECIFICATIONSPower:120 VAC, 60 HzSignal (Frequency):908.42 MHz / 916 MHzMaximum Load: Resistive: 15 amps (1800 watts) maximum, 120 VACRange: Up to 130 feet (line of sight)NOTICESZ-Wave® and Z-Wave Plus® are registered trademarks of Sigma Designs and its subsidiaries in the United States and other countries.Terms and Conditions pertaining to the sale of this Nortek Security & Control wireless mesh network product are available at /terms_conditions.phpREGULATORY INFORMATIONWe, Nortek Security & Control, LLC of 1950 Camino Vida Roble STE 150, Carlsbad, CA 92008,declare under our sole responsibility that the device, PS15EMZ5-1 complies with Part 15 of FCC rules.This device complies with part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) This device must accept any interference received, including interference that may cause undesired operation.FCC NoticeThis equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in aresidential installation.This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instructions may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:• Reorient or relocate the receiving antenna.• Increase the separation between the equipment and receiver• Connect the equipment into an outlet on a circuit different from that to which the receiver is connected• Consult the dealer or an experienced radio/TV technician to help.Changes or modiﬁcations not expressly approved by the party responsible for compliance could void the user’s authority to operate the equipmentIC NoticeThis Class B digital apparatus complies with Canadian ICES-003Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada. Le présent appareil est conforme aux CNR d’Industrie Canada applicables aux appareils radio exempts de licence. L’exploitation est autorisée aux deux conditions suivantes : (1) l’appareil ne doit pas produire de brouillage, et (2) l’utilisateur de l’appareil doit accepter tout brouillage radioélectrique subi, même si le brouillage est susceptible d’en compromettre le fonctionnement.This device complies with the Industry Canada license exempt RSS standard(s). Operation is subject to the following two conditions: (1) this device may not cause interference, and (2) this device must accept any interference, including interference that may cause undesired operation of the device.WARRANTYWhat is Covered?Nortek Security & Control (“NS&C”) warrants to consumers who purchase this product for personal, family or household purposes new from NS&C directly or from an authorized NS&C dealer, that the product will be free from defects in materials and workmanship for a period of (1) year from the date of purchase. This warranty only applies if the product is installed at a residence in the 50 United States or District of Columbia, and only at the site of the original installation. It is not transferable. This warranty is not extended to resellers.If a defect exists, NS&C will have you ship the defective part or product to us and we will, at our option, either repair or replace it. This warranty does not cover the cost of labor to remove a defective part or product or to reinstall any repaired or replacement part or productThis warranty does not cover defects or damages caused by improper handling, maintenance, storage, installation, removal or re-installation, misuse, non-factory authorized modiﬁ cation or alteration, use of incompatible accessories, electrical power problems or surges, impact by foreign objects, accident, ﬁre, acts of God, normal wear and tear or shipping damage other than a shipment from NS&C. Note that all NS&C products are designed to be installed, removed and serviced by trained individuals or professionals.Keep your original sales receipt as it will be required to obtain warranty service.This warranty shall not be extended or restarted upon receipt of any repaired or replacement part or product under this warranty. No person is authorized to extend or otherwise modify this warranty.How do I Obtain Warranty Service?Toobtainwarrantyservice,*********************************************.I nclude your name, address, telephone number, the model number of your product, a copy of your original sales receipt, and a description of the problem. Unless we need to discuss the situation further with you, you will be emailed a Return Authorization Number and shipping instructions. If we need to discuss the situation further with you, we will call or email you. NS&C may require troubleshooting on installed product before a Return Authorization Number is issued. Anything shipped to us without a Return Authorization Number will be automatically returned unopened. You are responsible for the charges for shipment to us, unless you are a California resident.LimitationsTHE DURA TION OF ANY IMPLIED WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, SHALL NOT EXCEED THE WARRANTY PERIOD PROVIDED HEREIN.Some states do not allow limitations on how long an implied warranty lasts, so the above limitation may not apply to you.NS&C SHALL NOT BE LIABLE FOR ANY INCIDENTAL OR CONSEQUENTIAL DAMAGES RESULTING FROM THE BREACH OF ANY WRITTEN OR IMPLIED WARRANTY.Some states do not allow the exclusion or limitation of incidental or consequential damages, so the above limitation or exclusion may not apply to you.This warranty gives you speciﬁ c legal rights, and you may also have other legal rights which vary from State to State.Copyright © 2016 Nortek Security & Control LLC 10008371 C2。

LabVIEW Datalogging and Supervisory Control Module

RELEASE AND UPGRADE NOTESLabVIEW Datalogging and™Supervisory Control ModuleVersion 8.5This document describes the system requirements and the process ofinstalling the LabVIEW Datalogging and Supervisory Control (DSC)Module8.5 and the DSC Module Run-Time System8.5. This documentalso describes the new features available with version8.5 and compatibilityand upgrade issues you might encounter when you use version8.5.If you want to upgrade the DSC Module from the DSC Module7.x orearlier, refer to the LabVIEW Datalogging and Supervisory ControlModule8.2 Release and Upgrade Notes. The Upgrading from theLabVIEW DSC Module7.x section provides important information forupgrade users. Refer to the National Instruments Web site at /infoand enter the info code dsc820 to access the LabVIEW Datalogging andSupervisory Control Module8.2 Release and Upgrade Notes.Refer to the Getting Started with the LabVIEW Datalogging andSupervisory Control Module manual for exercises you can complete tofamiliarize yourself with the DSC Module.ContentsSystem Requirements (2)Installation Instructions (2)New Features in the DSC Module8.5 (3)Using the Statistical Process Control Toolkit (3)Using the NI OPC Servers Application (3)Logging OPC Client Diagnostic Information (4)Supporting Modbus Advanced Data Types (4)Using EPICS Client I/O Servers (4)Using the Multi-Segment Pipe Control (5)New DSC Module VIs (5)Enhancements to the Multiple Variable Editor (5)Enhancements to the SharedVariableIO Properties (6)LabVIEW DSC Module Release and Upgrade Notes Compatibility Issues (6)Considerations for the DSC Module Run-Time System.........................6Known Issues. (7)System RequirementsTo use the DSC Module, your computer must meet the following minimumsystem requirements:•Windows Vista/XP/2000.•A minimum of 800MB free disk space. You can increase computer resources to increase performance of DSC Module applications.•A minimum of 512MB of RAM. NI recommends 1GB of RAM.•LabVIEW Base, Full, or Professional Development Systemversion 8.5. Refer to the LabVIEW Release Notes for LabVIEWsystem requirements.The DSC Module does not support Windows NT/Me/98/95/Server 2003.Installation InstructionsComplete the following steps to install the DSC Module.1.Log in to the development computer as an administrator or as a user with administrative privileges.2.Install LabVIEW 8.5 from the LabVIEW 8.5 installation CD. Referto the LabVIEW Release Notes for information about installing theLabVIEW development system.3.Install the DSC Module from the LabVIEW DSC Module 8.5installation CD. Follow the instructions that appear on the screen.The DSC Module installs program files, documentation, andexamples.Note By default, the NI Keyboard Filter Driver is not installed. The NI Keyboard Filter Driver activates special security features, including the ability to restrict users fromswitching between applications by pressing the <Alt-Tab> keys. This driver does not work on laptop computers or on computers with hibernation enabled.4.Restart the computer.New Features in the DSC Module8.5The following sections describe the new features in the DSC Module8.5.Refer to the LabVIEW Help for more information about using these newfeatures.Using the Statistical Process Control ToolkitBy default, the LabVIEW Statistical Process Control Toolkit is installedwhen you install the DSC Module. Use the Statistical Process Control VIsto monitor, analyze, and control processes. For example, you can estimateprocess distributions and capabilities, calculate and plot histograms, andplot and fit normal probability distribution functions to the histograms.Refer to the readme_SPC.html file, available by selecting Start»AllPrograms»National Instruments»LabVIEW8.5»Readme, for moreinformation about using the Statistical Process Control Toolkit.Using the NI OPC Servers ApplicationUse the NI OPC Servers application to transfer data from industrial devicesand systems to client applications on a host machine. The NI OPC Serversapplication enables data sharing between a variety of applications, such ashuman-machine interface software, manufacturing execution systems, andenterprise resource planning applications.By default, the NI OPC Servers application is installed when you install theDSC Module. You have a temporary license for a two-hour evaluationperiod. If you do not activate the NI OPC Servers application license, thisapplication runs in evaluation mode for two hours. When the evaluationperiod expires, you must activate a valid license to continue using theNI OPC Servers application.Refer to the NI OPC Servers Help, available by selecting Start»AllPrograms»National Instruments»NI OPC Servers»NI OPC ServersHelp, for more information about activating and using the NI OPC Serversapplication.© National Instruments Corporation3LabVIEW DSC Module Release and Upgrade NotesLogging OPC Client Diagnostic InformationLogging diagnostic information about OPC Client I/O servers can help youdebug an OPC system. You can use the options on the Diagnostics pageof the Configure OPC Client I/O Server dialog box to log diagnosticinformation about the OPC Client I/O servers you create.OPC Client I/O servers communicate with both LabVIEW and the SharedVariable Engine. The OPC Client I/O servers log this communication toHTML log files. The log files highlight communication activities in blueand communication errors in red. The log files also provide explanations ofthe communication errors. You therefore can use the log files to debug anOPC system.Supporting Modbus Advanced Data TypesIn addition to supporting Boolean values and 16-bit unsigned integers, theModbus and Modbus Slave I/O servers support other data types, including16-bit signed integers, 32-bit signed and unsigned integers, 32-bitfloating-point numbers, and arrays of these data types. These data typesenable the Modbus and Modbus Slave I/O servers to access and updatemultiple Modbus points simultaneously.Using EPICS Client I/O ServersEPICS, or the Experimental Physics and Industrial Control System, is a setof open-source software tools you can use to develop large, distributedcontrol systems. EPICS systems use the Channel Access (CA) networkprotocol to pass data between EPICS clients and EPICS servers, alsoknown as input/output controllers (IOCs). The CA network protocol is anEthernet-based protocol.The DSC Module acts as an EPICS client. With the DSC Module, you canmonitor and update process variables that an IOC publishes using the CAnetwork protocol. You can create an EPICS Client I/O server to readprocess variables from and write process variables directly to an IOC.In the Project Explorer window, right-click a target, such as the MyComputer target, and select New»I/O Server from the shortcut menu. Inthe Create New I/O Server dialog box, select EPICS Client and click theContinue button to create an EPICS Client I/O server.LabVIEW DSC Module Release and Upgrade Using the Multi-Segment Pipe ControlUse the Multi-Segment Pipe control to represent real-world pipe networksthat you need to monitor. Use the Multi-Segment Pipe control to reshapeand resize an entire pipe network interactively. You can add pipe segmentsto this pipe network, remove pipe segments, and change the direction inwhich the flanges point. You also can change the color of the pipe networkto customize what the pipe network represents.New DSC Module VIsThe DSC Module8.5 provides the following new VIs:•Browse Database VI•Deploy Libraries VI•NI Security Get Group List of User VI•NI Security Get User List of Group VIRefer to the LabVIEW Help for more information about using thesenew VIs.Enhancements to the Multiple Variable EditorUse the Multiple Variable Editor window to configure a large number ofshared variables at one time. Right-click a project library and select EditVariables from the shortcut menu to display the Multiple Variable Editorwindow.The Multiple Variable Editor window includes the followingenhancements:•Select and edit multiple shared variables at once using the new tableformat.•Search across several shared variables at once using the new advancedsearch options. Click the Find button to display the search options.•Copy and paste property values across shared variables by clicking theCopy and Paste buttons.•Sort shared variable properties by right-clicking a property column andselecting Sort Ascending or Sort Descending from the shortcutmenu.You no longer need to use the Multiple Variable Editor window toimport or export shared variable configuration information to or from aspreadsheet file. To import the information, right-click a project libraryand select Import Variables from the shortcut menu. To export theinformation, right-click a project library and select Export Variables fromthe shortcut menu.© National Instruments Corporation5LabVIEW DSC Module Release and Upgrade NotesEnhancements to the SharedVariableIO PropertiesSharedVariableIO properties in the following categories are available inreal-time operating systems.•Description•Initial Value•Scaling•Update DeadbandCompatibility IssuesWhen you open a VI saved in a previous version of the DSC Module, theVI might be broken if the VI contains an indicator, constant, or controlcreated from the shared variable value change notification output of thefollowing VIs:•Cancel Value Change Notifications VI•Enable Value Change Notifications VI•Request Value Change Notifications VITo fix the broken VI, delete the indicator, constant, or control. Then createa new indicator, constant, or control from the shared variable valuechange notification output and wire it to the appropriate parameter. Considerations for the DSC Module Run-Time SystemIf you want to run applications built with LabVIEW, the DSC Module, andthe LabVIEW Application Builder on a computer without the DSC Moduleinstalled, you must install the DSC Module Run-Time System. The DSCModule Run-Time System contains components to enable the DSCfeatures in the built applications.To use the DSC Module Run-Time System, the computer must meet thefollowing minimum system requirements:•Windows Vista/XP/2000.• A minimum of 600MB free disk space.• A minimum of 512MB of RAM.LabVIEW DSC Module Release and Upgrade Complete the following steps to install the DSC Module Run-Time System.1.Log in to the computer as an administrator or as a user withadministrative privileges.2.Install the DSC Module Run-Time System8.5 from the LabVIEWDSC Module Run-Time System8.5 installation CD.3.Follow the instructions that appear on the screen.4.Restart the computer.Known IssuesRefer to the readme_DSC.html file, available by selecting Start»AllPrograms»National Instruments»LabVIEW8.5»Readme or on theLabVIEW DSC Module installation CD, for information about knownissues with the DSC Module.Refer to the readme_DSC_RTS.html file, available by selecting Start»AllPrograms»National Instruments»LabVIEW8.5»Readme or on theLabVIEW DSC Module Run-Time System installation CD, for informationabout known issues with the DSC Module Run-Time System.© National Instruments Corporation7LabVIEW DSC Module Release and Upgrade NotesNational Instruments, NI, , and LabVIEW are trademarks of National Instruments Corporation.Refer to the Terms of Use section on /legal for more information about NationalInstruments trademarks. Other product and company names mentioned herein are trademarks or tradenames of their respective companies. For patents covering National Instruments products, refer to theappropriate location: Help»Patents in your software, the patents.txt file on your CD, or/patents. Refer to the LabVIEW Help for a listing of the conditions and disclaimers.© 2005–2007 National Instruments Corporation. All rights reserved.374128C-01Aug07。

Manufacturing Process Control

Manufacturing Process Control Manufacturing process control is a critical aspect of ensuring product quality, efficiency, and consistency in industrial settings. It encompasses various techniques, technologies, and strategies aimed at monitoring and regulating production processes to meet desired standards and specifications. From automotive manufacturing to pharmaceutical production, effective process control is essential for minimizing defects, maximizing yield, and optimizing resource utilization. One perspective to consider is the importance of real-time monitoring and feedback mechanisms in manufacturing process control. With advancements in sensor technology, automation, and data analytics, manufacturers can now collect vast amounts of real-time data from production lines. This data can be analyzed to identify deviations from desired process parameters promptly. By implementing feedback loops, automated systems can adjust process variables to maintain optimal conditions and prevent quality issues before they occur. Real-time monitoring not only enhances product quality but also reduces the risk of costly downtime and recalls. Another crucial aspect of manufacturing process control is standardization and documentation. Standard operating procedures (SOPs) outlinethe steps and protocols that must be followed to ensure consistency and repeatability in manufacturing processes. By adhering to standardized procedures, manufacturers can minimize variability and improve the reliability of their products. Furthermore, comprehensive documentation of process parameters, equipment calibration, and quality control measures enables traceability and facilitates continuous improvement initiatives. Regular audits and reviews help ensure compliance with regulatory requirements and industry standards. Additionally, risk management plays a significant role in manufacturing process control. Identifying potential risks and implementing mitigation strategies is essential for preventing quality issues, safety incidents, and regulatory non-compliance. This involves conducting thorough risk assessments, analyzing failure modes and effects, and developing contingency plans. By proactively addressing risks, manufacturers can enhance operational resilience and protect their reputation. Moreover, effective risk management fosters a culture ofaccountability and continuous improvement throughout the organization.Furthermore, the integration of advanced technologies such as artificial intelligence (AI) and machine learning (ML) is revolutionizing manufacturing process control. AI-driven algorithms can analyze complex data patterns and optimize process parameters in real time, leading to enhanced efficiency and productivity. ML models can predict equipment failures and quality defects, enabling proactive maintenance and quality assurance measures. Additionally, robotics and automation technologies are increasingly being utilized to streamline production processes and minimize human error. By embracing digital transformation, manufacturers can stay competitive in today's fast-paced market environment. Another perspective to consider is the importance of employee training and engagement in manufacturing process control. Human factors play a critical role in ensuring the effectiveness of process control measures. Well-trained employees understand the importance of adhering to procedures, monitoring process parameters, and responding to deviations promptly. Moreover, fostering a culture of continuous learning and improvement empowers employees to contribute ideas for enhancing process efficiency and quality. By investing in training and development programs, manufacturers can cultivate a skilled workforce capable of driving operational excellence. Lastly, collaboration and communication across functional teams are essential for successful manufacturing process control. Cross-functional collaboration ensures alignment between departments such as engineering, production, quality assurance, and supply chain management. By sharing information and insights, teams can identify areas for improvement, address issues proactively, and drive collective decision-making. Furthermore, effective communication channels enable rapid response to changing market conditions, customer feedback, and regulatory requirements. By fostering a collaborative work environment, manufacturers can adapt quickly to evolving challenges and opportunities. In conclusion, manufacturing process control is a multifaceted discipline that requires a holistic approach encompassing technology, standardization, risk management, employee engagement, and collaboration. By leveraging real-time monitoring, standard operating procedures, risk management practices, advanced technologies, employee training, and collaboration, manufacturers can achieve superior product quality, operational efficiency, and customer satisfaction.Continuous improvement and adaptation to changing market dynamics are key to sustaining competitiveness in the manufacturing industry.。

IBM Security Network Intrusion Prevention System G

IBM Security Network Intrusion Prevention System Getting Started Instructions for GX7000Series AppliancesThis document helps you do the following tasks:v Connect the appliancev Configure network settingsv Connect to IPS Local Management Interfacev Install the product licensev Update the applianceAfter you finish these tasks:v Use the applicable IBM®Security Network Intrusion Prevention System(IPS)Installation Guide to install specific firmware versionsv Use the applicable IBM Security Network Intrusion Prevention System(IPS)Appliance User Guide or Help system to–Set up appliance management–Configure your security policies,including specifying events and responses–Create firewall rules to protect your network–Track alerts–Monitor important system informationReference KeyGX7000Series appliance forms may vary from the image below depending on the model.v A:LCD Controller Module-used for initial network configuration,restarting or shutting down the appliance,and obtaining IPS version information.Also used to view the serial number of the appliance,if desired.v B:Management Ports-©Copyright IBM Corp.,20111Management Port1is used to communicate with IPS Local Management Interface and SiteProtector ManagementManagement Port2is used exclusively for sending TCP Reset responsesv C:Serial Console Port-used for terminal-based setup and recovery.v D:USB Ports-used for retrieving data and installing firmware.v E:Protected Ports-used for either inline intrusion prevention(IPS mode)or passive intrusion detection(IDS mode).Inline prevention uses a pair of ports per segment.Passive detection uses a single port per segment.RequirementsThe following list identifies much of the equipment needed to cable the appliance.v Power cablev Serial console cablev Ethernet crossover cablev For each inline segment:–A pair of Ethernet cables,straight-through or crossover,depending on your network type–A crossover adapterv Additional Ethernet cables,as neededv PC with a web browser and an Internet connectionCable the applianceKeep management and monitoring communication separate so that network traffic can pass uninterrupted through the appliance's network interface card(NIC).Procedure1.Connect the power cable(s)to the appliance.If your appliance has two power cords,you mustconnect both.2.Connect Management port1to the network you will use to manage the appliance.Note:TCP Reset:Management port2is the TCP Reset port.The appliance does not send TCP Reset responses from this port until you configure TCP Reset.3.Connect the network cables to the protected ports.To run the appliance in passive mode,only connectthe first protected port in the pair to the network.4.Turn on the appliance.Network informationRecord the network information needed to configure the appliance.Setting Your network informationIP address When you start the appliance,the appliance has an address assigned to it.Subnet mask__________-__________-__________-__________Default gateway__________-__________-__________-__________Options for connecting to the networkYou have many options to connect the appliance to the network.2Network IPS Appliances:IBM SecurityThe best practice is to use zero configuration networking and then to use IPS Setup,the web-based configuration wizard,to configure network settings for the IPS system.Find specific information on this method in the Installation Guide,Chapter2."Configuring network settings for the Network IPS system," located on the IBM Security Product Information Center at /infocenter/ sprotect/v2r8m0/index.jsp,in the IBM Security Network IPS section.If not using zero configuration networking,use one of the following methods to configure a network connection:v“Configure a network connection using a serial console”v“Configure a network connection using the LCD panel”Configure a network connection using a serial consoleProcedure1.Connect the serial console cable to the appliance and a computer to complete the initial configuration.2.Connect to the appliance using Hyperterminal or another terminal emulation program.Follow theinstructions listed in the documentation for the chosen program.e the following settings to connect.Option DescriptionCommunication Port Typically COM1Emulation VT100Bits per second9600Data bits8Parity NoneStop bits1Flow control NoneWhat to do nextGo to the next procedure in the getting started process,“Configuring network settings”on page4. Configure a network connection using the LCD panelAbout this taskNote:You cannot use an IPv6address when using the LCD panel.If using an IPv6address,connect to the network using a serial console.Procedure1.Determine and record your subnet mask and default gateway.When you start the appliance,theappliance has an address assigned to e this IP address for setup or change it to a desiredaddress.2.Press Enter on the LCD panel.The LCD displays a message asking if you want to set up thenetwork.3.Select OK,and then press Enter.4.Press Enter again to display the IP Address screen.If you do not want to change the IP address,record the address for your records,then press Enter to move onto the Subnet Mask screen.If you want to change the address to another IPv4address,use this screen.IBM Security Network Intrusion Prevention System Getting Started Instructions for GX7000Series Appliances35.Press UP and DOWN to select numbers and then press the Right arrow to move to the next field.6.When you have completed all the fields,press Enter.7.Select OK to move forward,and then press Enter to confirm your selection.8.Provide the subnet mask and default gateway just like the IP address.9.After you enter all your network information,a final confirmation screen appears.Select OK to saveall network information and enable the Management port,or select Cancel to not save anyinformation.10.After you confirm the settings,the appliance generates a temporary,case-sensitive password.Recordthis password;you must use it when you log on to the appliance.11.Connect to the appliance using a secure network connection and the appliance's IP address tocomplete the initial configuration.What to do nextGo to the next procedure in the getting started process,“Configuring network settings.”Configuring network settingsConfigure your appliance using a version of IPS Setup(either web-based or on the appliance)after using zero configuration networking or after configuring a network connection using a serial console or the LCD panel.Configure appliance settingsUse one of the following procedures to access IPS Setup depending on the method used to connect the appliance to the network.Note:IPS Setup offers the option to upload a license.The appliance needs a properly configured license file to run at full capability.For more information concerning uploading licenses,see the section“Install the product license”on page5.Method ActionsZero configuration networking 1.From the Bonjour menu,select the Network IPSsystem you want to configure.The Network IPSname is displayed as"IBM Security<MODEL>-<SERVICE>[ID#]"2.At the unconfigured login prompt,type the followinglogin credentials,and then press Enter:v Username=adminv Password=admin3.Follow the on screen instructions to complete thesetupNote:For specific information on this procedure,see theInstallation Guide at /infocenter/sprotect/v2r8m0/index.jsp,in the IBMSecurity Network IPS section.4Network IPS Appliances:IBM SecurityMethod ActionsSerial console 1.Connect to the appliance using a secure networkconnection and the appliance's IP address2.At the unconfigured login prompt,type the followinglogin credentials,and then press Enter:v Username=adminv Password=admin3.Follow the on screen instructions to complete thesetupLCD panel 1.Connect to the appliance using a secure networkconnection and the appliance's IP address2.At the unconfigured login prompt,type the followinglogin credentials,and then press Enter:v Username=adminv Password=the case-sensitive password theappliance generated for you3.Follow the on screen instructions to complete thesetupConnecting to IPS Local Management InterfaceIPS Local Management Interface is the web-based management interface you use to monitor appliance status,to configure and manage settings,and to review and manage appliance activities.About this taskProcedure1.Start your web browser.2.Type https://<appliance IP address>or type https://<appliance host name>if you are using aDNS server.3.If needed,log in using the user name admin and the applicable IPS Local Management Interfacepassword.Install the product licenseIBM Security Network IPS requires a properly configured license file in order to run at full capability. You must save the license file to the appropriate location so that the IPS Local Management Interface software can locate and acknowledge it.About this taskRegister your customer license and download the license from the IBM Security Registration Center.If the license was not uploaded during initial configuration,install the license using the menu option Manage System Settings→Updates and Licensing→Administration.Note:For more information on installing a product license and applying initial updates,see the Installation Guide located at /infocenter/sprotect/v2r8m0/index.jsp,in the IBM Security Network IPS section.IBM Security Network Intrusion Prevention System Getting Started Instructions for GX7000Series Appliances5Apply initial updatesEnsure you have applied the latest updates to the appliance.You can install the following update types:v Firmware updates:These updates include new program files,fixes or patches,enhancements,or Help updates.v Intrusion prevention updates:These updates contain the most recent security content provided by the IBM X-Force research and development team.Apply initial updates using the menu option Manage System Settings→Updates and Licensing→Administration.Note:For specific information on installing a product license and applying initial updates,see the Installation Guide located at /infocenter/sprotect/v2r8m0/index.jsp,in the IBM Security Network IPS section.Next stepsRecovery CDsTo create a recovery CD of your IBM Network Security IPS firmware,download and save the firmware from the IBM Security Download Center located at /download/.Find information about installing Network IPS firmware in the Installation Guide located on the IBM Security Product Information Center at /infocenter/sprotect/v2r8m0/index.jsp,in the IBM Security Network IPS section.Getting the latest documentationTo configure advanced settings,including management,security,and firewall settings,see the applicable User Guide or Help system for more information.Find the latest documentation on the IBM Security Product Information Center at /infocenter/sprotect/v2r8m0/index.jsp. Customer SupportIBM Security Solutions provides technical support to customers that are entitled to receive support.Before you contact IBM Security Solutions about a problem,see the IBM Support Portal at/support/entry/portal/Overview/Software/Software_support_%28general%29.If you need to contact technical support,use the methods described in the IBM Software Support Guide at /webapp/set2/sas/f/handbook/home.html.The guide provides the following information:v Registration and eligibility requirements for receiving supportv Customer support telephone numbers for the country in which you are locatedv A list of information you must gather before contacting customer support6Network IPS Appliances:IBM SecurityCopyright statement©Copyright IBM ernment Users Restricted Rights—Use,duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.IBM Security Network Intrusion Prevention System Getting Started Instructions for GX7000Series Appliances7。

微信小程序在苹果上出现[request：fail发生了SSL错误无法建立与该服务器的安全连。。。

微信⼩程序在苹果上出现[request：fail发⽣了SSL错误⽆法建⽴与该服务器的安全连。

由于原本的服务器出故障，在使⽤临时服务器的时候出现苹果⽆法加载⼩程序出现request:fail 发⽣了 SSL 错误⽆法建⽴与该服务器的安全连接。

的问题问题原因:2017年1⽉1⽇起，苹果强制所有 app 满⾜ HTTPS，即 iOS9 推出的 App Transport Security (ATS) 特性。

输⼊域名，通过苹果ATS检测发现临时服务器并不⽀持TSL1.2，不满⾜ATS特性，所以需要配置服务器，打开TSL1.2解决步骤:1.运⾏regedit打开注册表2.启⽤TLS1.2进⼊[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols]找到TL2 1.1 和TLS 1.2 将⾥⾯Server和Client两项的值均改为DisabledByDefault [值 = 0]Enabled [值 = 1]如果没有TLS1.1,TLS 1.2就新建右键->新建->项->新建TLS 1.1,TLS 1.2TLS 1.1和TLS 1.2 右键->新建->项->新建Server, Client在新建的Server和Client中都新建如下的项(DWORD 32位值), 总共4个3.禁⽤SSL2.0将SSL 2.0->Client中的值均改为0DisabledByDefault [值 = 0]Enabled [值 = 0]上⾯是⼿动更改注册表的⽅法。

也可以将以下代码新建⽂本⽂件, 后缀名改为.reg，然后双击⾃动导⼊1 Windows Registry Editor Version 5.002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols]3 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0]4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client]5"DisabledByDefault"=dword:000000006"Enabled"=dword:000000007 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]8 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]9"DisabledByDefault"=dword:0000000010"Enabled"=dword:0000000111 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]12"DisabledByDefault"=dword:0000000013"Enabled"=dword:0000000114 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1]15 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]16"DisabledByDefault"=dword:0000000017"Enabled"=dword:0000000118 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]19"DisabledByDefault"=dword:0000000020"Enabled"=dword:00000001最后重启服务器，再进⾏域名检测检测结果成功便可以正确访问⼩程序了。

LogTag记录仪快速入门指南说明书

This Quick-Start guide covers preparation, use and maintenance to assist you in getting the best results from your LogTag.P roductsLogTag Recorders offer a variety of different models. The product range is constantly being updated and new models added, so visit the LogTag Website at frequently to get the latest information and news about upcoming product releases.the LogTag most appropriate to your measuring and monitoring task will ensure the best results.LogTags have a number of featuresin common: a green OK LED, a red ALERT LED, a START/MARK but-ton and a mounting lug.G ettinG startedAll you need to use the LogTag Re-cording system are a LogTag Interface, a PC running Windows 2000 or later, the LogTag Analyzer PC application and the LogTag Recorder itself. Don’tplug the interface into the computer just yet, this will be done at the conclusion of the software installation.s oftware i nstallationBefore using a LogTag Recorder you will need to download the LogTag Analyzer software from LogTag’s web site at/software/software.htm. After registering you will be e-mailed with a link, from where you can download the stan-dard version or the unicode version for languages with special characters such as Chinese.Once downloaded, start the executable to initiate the installation process; please note you will need limited administrator rights to do this.Wait until finished before installing your inter-face.i nterface i nstallationAfter the installation is complete, you will see a new icon on your desktop. You can now plug your interface into a USB port, or an RS232 port if you were supplied this type of interface. For USB interfaces the drivers will now install automatically. Your operating system will notify you once the driver installation has succeeded. You can usemultiple interfaces on one computer and also mix RS232 and USB interfaces.When all interfaces are installed you are ready to proceed.c onfiGurinG a l oG t aGYou will need to configure a LogTag if you want to take readings with it. Insert the LogTag into the interface, contacts in first and the LED’s towards the interface label as shown in the picture on the right.Start the software. The easiest way to configure the LogTag for a trip is the use of the LogTag Wizard by clicking on the ‘Wizard’ toolbar button or selecting ‘LogTag’-’Wizard’ from the menu.The Wizard will• Query all interfaces and any loggers inside them• Download any data from loggers found and save them to files • Allow you to enter parameters for a new trip, like shown in this screen:• Upload the new configuration to the loggersYou can enter parameters such as start method (push button or date/time), logging interval (30 seconds to 18 hours), logging duration, start delay, access passwords and not to forget Alert values, which are used for the Alert LED activation and the reporting functions in LogTag Analyzer, and also add a description about your trip.a nalysinG the resultsOnce loggers have completed a trip, you can use the LogTag Ana-lyzer software to analyse and archive the data, to export them toother programs such as MS Excel or to e-mail them and upload them to an off-site server.A number of controls and displays assist you in operating the soft-ware.• Menu • Toolbars • Status• Data window with graph, list, summary and averaging tabs • Multichart windows and annotations for adding notes• Context menus allowing quick access to the most used functions.Q uick S tart G uideProduct TypeIntegrated Temperature SensorIntegrated Humidity SensorSensor Probe Display Temperature RangeMemoryTRIX-8●-40ºC to 85ºC 8,000 samples HAXO-8●●-40ºC to 85ºC 8,000 samples SRIC-4●-20ºC to 65ºC4,000 samples TREX-8●-40ºC to 99ºC 8,000 samples TRIL-8●-80ºC to 40ºC 8,000 samples TREL-8●-80ºC to 40ºC 8,000 samples SRIL-8●-80ºC to 40ºC 8,000 samples TRID30-7●●-30ºC to 60ºC7770 samplesTable 1: LogTag Logger Models• ♦Signal SequenceOccurrenceLogTag wake-upsignal Sequence of four alternate flashes of green-red LED’s • displayed after configuration has been successfully applied to the LogTag • when a LogTag is woken up from hibernation state Not to be mixed up with...LogTag start-upsignalSequence of sixteen alternate flashes of green-red LED’s• displayed when the LogTag starts its recording cycleMark signalSequence of five simultaneous flashes of green and red LED’s • displayed when pressing start/mark button while recording to indicate an inspection mark in the software • displayed directly after the start-up signal following a push button start where arecording delay has been configured. In this instance the start-up signal is repeated when the actual recording begins Logging active, noalert present Single flash of green LED every 4 seconds (approx.)• indicates LogTag is recording• This is not displayed when pre-start is active and the main logging cycle has not yet started. It is also not displayed when the green LED has been turned off in the configuration screen Logging finished, no alert present Single flash of green LED every 8 seconds (approx.)• indicates LogTag has finished recording• This is not displayed when the green LED has been turned off in the configuration screen. Will also be displayed when unit has been woken up from hibernation Alert condition presentSingle flash of red LED every 4 seconds• displayed when the LogTag has detected an alert condition and the Alert LED has been activatedIf an alert is present you cannot determine if the unit is still logging or has fin-ished its log cycle. If the Alert LED has not been activated during configuration, in essence the visual indicators have been disabled, and the green LED will flash every 4 or 8 seconds as munication The green LED will flash occasionally • during communication with the interface the green LED will flash occasionally; no information is conveyed in this Start button pressred LED glows faintly• This is by design but conveys no informationTable 2: Light PatternsFor a full list of features please see the LogTag Analyzer User Guide, which can be accessed through the Help Menu. You can also call up on-line help information for all windows and dialogue buttons by pressing the F1 key.l oG t aG i ndicatorsThe LogTag Recorder itself can give you important status information by flashing its indicators in different patterns. Both the red ‘Alert’ and the green ‘OK’ LED’s convey information about configuration and trip parameters, Alert status and give feedback when users interact with the START/MARK button.You will find a summary of the indicator patterns with a description about their meaning in table 2 on the right.s tart /M arK ButtonOnce a LogTag has been configured, pressing the START/MARK button has a different outcome depending on what the logger is doing at the time the button is pressed.• If the logger is configured for a push button start, pressing this button will activate the main recording. There is no need to be con-cerned about any lost data if the user forgetsto press this button, as a pre-start recording feature can be activated, logging data evenbefore the trip is started.• Once the LogTag has been started, pressing the button will insert an inspection mark in the data recordings, which is displayed when viewing the data in the software.• If configured, Alert Conditions can be reset when this button is pressed.c ustoMisinG the s oftwareThe software allows you to customise many of the features to your individual require-ments. Not only can you change some of the more basic options like display language and temperature units, but also adapt some of the more advanced parameters for e-mail and FTP functions, storage folder location, file name and frequency for automatic software updates.G ettinG the riGht r esultsWhen you use the LogTag units, please take a moment to consider the application and howto best approach the monitoring task. Allow the units to be located in a place with good air movement, make sure HAXO units are not lying flat so water and dust cannot gather around the sensor filter and pro-vide adequate insulation around access holes for sensors with probes.c ertificationsLogTag has achieved certification with a number of Authorities,demonstrating the quality and suitability of the LogTag Recorders for applications where accuracy and consistency is required. Such certifica-tions have - amongst others- been issued by such organisations as the FCC, CE, C-TICK, TÜV and the WHO.fda t itle 21 cfr 11Compliance to the FDA requirements is available to users via a special server utility, available on request, which can log events and be used to digitally sign data files.M aintenanceLogTag data loggers are rugged and need little maintenance, it does pay however to observe some basic rules when handling the recorders to maximise their use.B attery rePlaceMentAll LogTag data loggers have a replaceable battery. In some products, however, these batteries are soldered to the electronics to avoid contact issues that exist with other branded loggers; you will need some solder-ing expertise and a battery replacement kit from your distributor. Please also note that the products do contain a non-rechargeable Lithium Bat-tery, which must be disposed of in accordance with local regulations.h iBernationTo prolong the life of your data logger, you can hibernate it between trips via LogTag Analyzer when it is not being used for extended peri-ods. Please refer to the User Guide in the section about ‘Hibernation’c aliBrationAll LogTag Recorders can be calibrated with spe-cial utility software, which will be made available to calibration labs upon request. Re-calibrated loggers can be identified and traced back to the calibrating lab thus reducing the risk of fraudu-lent data tampering.B asic t rouBleshootinGw ater inGressPlease carefully observe the IP rating for your unit and remember that none of the LogTag products can be immersed into liquids.c ontact c leaninGKeep the three metal contacts at the back of the logger clean and free from tape residue, dirt or other contaminants, as these usually result in communications problems. If required, clean them with a soft pencil eraser, but don’t use abra-sive materials as you may permanently damage them.G ettinG h elPIf after studying the User Guide you still need further information, please visit the Support sec-tion of the LogTag Recorders website.t hanK y ou ......for choosing LogTag Recorders, we are looking forward to working with you!。

rcimps操作指南

rcimps操作指南英文回答：RCIMPS (Risk Control and Incident Management Planning System) is a comprehensive tool used for managing risks and incidents in various industries. It provides a systematic approach to identify, assess, and mitigate risks, as well as effectively respond to and manage incidents when they occur. The system is designed to streamline the risk management process and ensure that all necessary steps are taken to prevent or minimize the impact of potential incidents.One of the key features of RCIMPS is its risk assessment module. This module allows users to identify and evaluate potential risks associated with specificactivities or operations. It provides a structured framework for assessing the likelihood and severity of each risk, as well as determining appropriate control measures to mitigate them. By conducting thorough risk assessments,organizations can proactively identify and addresspotential vulnerabilities, reducing the likelihood of incidents occurring.In addition to risk assessment, RCIMPS also includes an incident management module. This module enables organizations to effectively respond to and manageincidents when they do occur. It provides a centralized platform for recording and tracking incidents, as well as facilitating communication and collaboration among relevant stakeholders. By using the incident management module, organizations can ensure that incidents are promptly and appropriately addressed, minimizing their impact on operations and reputation.RCIMPS also offers a range of reporting and analysis capabilities. Users can generate various reports and dashboards to monitor and analyze risks, incidents, and control measures. This allows organizations to identify trends, patterns, and areas for improvement, enabling them to continuously enhance their risk management strategies. By leveraging the data and insights provided by RCIMPS,organizations can make informed decisions and takeproactive measures to prevent incidents and mitigate risks.In conclusion, RCIMPS is a powerful tool for managing risks and incidents in various industries. It provides a systematic approach to identify, assess, and mitigate risks, as well as effectively respond to and manage incidents. By using RCIMPS, organizations can enhance their risk management strategies, minimize the likelihood and impactof incidents, and ensure the safety and security of their operations.中文回答：RCIMPS（风险控制和事件管理计划系统）是一种综合工具，用于管理各行业中的风险和事件。

Oracle Payment Interface安全指南说明书

Oracle® Payment Interface
Security Guide Release 6.2 E92437-01
December 2017
Copyright © 2010, 2017, Oracle and/or its affiliates. All rights reserved.
This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.
This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications.

nisp二级考试答案

nisp二级考试答案1. 在NISP二级考试中，以下哪项不是信息安全的基本属性？A. 机密性B. 完整性C. 可用性D. 可追溯性答案：D2. 信息安全策略的制定应该遵循哪些原则？A. 预防为主B. 动态平衡C. 风险管理D. 所有选项答案：D3. 在信息安全领域，密码学的主要作用是什么？A. 确保数据传输的机密性B. 验证数据的完整性C. 确认身份的真实性D. 所有选项答案：D4. 以下哪项不是信息安全管理体系ISO/IEC 27001标准的核心组成部分？A. 信息安全政策B. 风险评估C. 业务连续性计划D. 员工绩效考核答案：D5. 以下哪项不是信息安全事件响应过程中的关键步骤？A. 事件识别B. 事件分类C. 事件处理D. 事件预防答案：D6. 在NISP二级考试中，关于防火墙的描述，以下哪项是不正确的？A. 防火墙可以防止未授权的访问B. 防火墙可以监控网络流量C. 防火墙可以完全防止所有网络攻击D. 防火墙可以限制某些类型的网络流量答案：C7. 在信息安全领域，以下哪项不是常见的安全威胁？A. 恶意软件B. 网络钓鱼C. 系统漏洞D. 无线网络优化答案：D8. 在信息安全中，以下哪项措施不是用于防止内部威胁的？A. 访问控制B. 定期审计C. 员工培训D. 网络隔离答案：D9. 在NISP二级考试中，关于数据备份的描述，以下哪项是错误的？A. 数据备份是数据恢复的基础B. 数据备份可以减少数据丢失的风险C. 数据备份应该定期进行D. 数据备份是一次性完成的任务答案：D10. 在信息安全领域，以下哪项不是有效的安全防护措施？A. 使用强密码B. 定期更新软件C. 禁用不必要的服务D. 忽视安全警告答案：D。

3GPP TS 36.331 V13.2.0 (2016-06)

3GPP TS 36.331 V13.2.0 (2016-06)Technical Specification3rd Generation Partnership Project;Technical Specification Group Radio Access Network;Evolved Universal Terrestrial Radio Access (E-UTRA);Radio Resource Control (RRC);Protocol specification(Release 13)The present document has been developed within the 3rd Generation Partnership Project (3GPP TM) and may be further elaborated for the purposes of 3GPP. The present document has not been subject to any approval process by the 3GPP Organizational Partners and shall not be implemented.This Specification is provided for future development work within 3GPP only. The Organizational Partners accept no liability for any use of this Specification. Specifications and reports for implementation of the 3GPP TM system should be obtained via the 3GPP Organizational Partners' Publications Offices.KeywordsUMTS, radio3GPPPostal address3GPP support office address650 Route des Lucioles - Sophia AntipolisValbonne - FRANCETel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16InternetCopyright NotificationNo part may be reproduced except as authorized by written permission.The copyright and the foregoing restriction extend to reproduction in all media.© 2016, 3GPP Organizational Partners (ARIB, ATIS, CCSA, ETSI, TSDSI, TTA, TTC).All rights reserved.UMTS™ is a Trade Mark of ETSI registered for the benefit of its members3GPP™ is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational PartnersLTE™ is a Trade Mark of ETSI currently being registered for the benefit of its Members and of the 3GPP Organizational Partners GSM® and the GSM logo are registered and owned by the GSM AssociationBluetooth® is a Trade Mark of the Bluetooth SIG registered for the benefit of its membersContentsForeword (18)1Scope (19)2References (19)3Definitions, symbols and abbreviations (22)3.1Definitions (22)3.2Abbreviations (24)4General (27)4.1Introduction (27)4.2Architecture (28)4.2.1UE states and state transitions including inter RAT (28)4.2.2Signalling radio bearers (29)4.3Services (30)4.3.1Services provided to upper layers (30)4.3.2Services expected from lower layers (30)4.4Functions (30)5Procedures (32)5.1General (32)5.1.1Introduction (32)5.1.2General requirements (32)5.2System information (33)5.2.1Introduction (33)5.2.1.1General (33)5.2.1.2Scheduling (34)5.2.1.2a Scheduling for NB-IoT (34)5.2.1.3System information validity and notification of changes (35)5.2.1.4Indication of ETWS notification (36)5.2.1.5Indication of CMAS notification (37)5.2.1.6Notification of EAB parameters change (37)5.2.1.7Access Barring parameters change in NB-IoT (37)5.2.2System information acquisition (38)5.2.2.1General (38)5.2.2.2Initiation (38)5.2.2.3System information required by the UE (38)5.2.2.4System information acquisition by the UE (39)5.2.2.5Essential system information missing (42)5.2.2.6Actions upon reception of the MasterInformationBlock message (42)5.2.2.7Actions upon reception of the SystemInformationBlockType1 message (42)5.2.2.8Actions upon reception of SystemInformation messages (44)5.2.2.9Actions upon reception of SystemInformationBlockType2 (44)5.2.2.10Actions upon reception of SystemInformationBlockType3 (45)5.2.2.11Actions upon reception of SystemInformationBlockType4 (45)5.2.2.12Actions upon reception of SystemInformationBlockType5 (45)5.2.2.13Actions upon reception of SystemInformationBlockType6 (45)5.2.2.14Actions upon reception of SystemInformationBlockType7 (45)5.2.2.15Actions upon reception of SystemInformationBlockType8 (45)5.2.2.16Actions upon reception of SystemInformationBlockType9 (46)5.2.2.17Actions upon reception of SystemInformationBlockType10 (46)5.2.2.18Actions upon reception of SystemInformationBlockType11 (46)5.2.2.19Actions upon reception of SystemInformationBlockType12 (47)5.2.2.20Actions upon reception of SystemInformationBlockType13 (48)5.2.2.21Actions upon reception of SystemInformationBlockType14 (48)5.2.2.22Actions upon reception of SystemInformationBlockType15 (48)5.2.2.23Actions upon reception of SystemInformationBlockType16 (48)5.2.2.24Actions upon reception of SystemInformationBlockType17 (48)5.2.2.25Actions upon reception of SystemInformationBlockType18 (48)5.2.2.26Actions upon reception of SystemInformationBlockType19 (49)5.2.3Acquisition of an SI message (49)5.2.3a Acquisition of an SI message by BL UE or UE in CE or a NB-IoT UE (50)5.3Connection control (50)5.3.1Introduction (50)5.3.1.1RRC connection control (50)5.3.1.2Security (52)5.3.1.2a RN security (53)5.3.1.3Connected mode mobility (53)5.3.1.4Connection control in NB-IoT (54)5.3.2Paging (55)5.3.2.1General (55)5.3.2.2Initiation (55)5.3.2.3Reception of the Paging message by the UE (55)5.3.3RRC connection establishment (56)5.3.3.1General (56)5.3.3.1a Conditions for establishing RRC Connection for sidelink communication/ discovery (58)5.3.3.2Initiation (59)5.3.3.3Actions related to transmission of RRCConnectionRequest message (63)5.3.3.3a Actions related to transmission of RRCConnectionResumeRequest message (64)5.3.3.4Reception of the RRCConnectionSetup by the UE (64)5.3.3.4a Reception of the RRCConnectionResume by the UE (66)5.3.3.5Cell re-selection while T300, T302, T303, T305, T306, or T308 is running (68)5.3.3.6T300 expiry (68)5.3.3.7T302, T303, T305, T306, or T308 expiry or stop (69)5.3.3.8Reception of the RRCConnectionReject by the UE (70)5.3.3.9Abortion of RRC connection establishment (71)5.3.3.10Handling of SSAC related parameters (71)5.3.3.11Access barring check (72)5.3.3.12EAB check (73)5.3.3.13Access barring check for ACDC (73)5.3.3.14Access Barring check for NB-IoT (74)5.3.4Initial security activation (75)5.3.4.1General (75)5.3.4.2Initiation (76)5.3.4.3Reception of the SecurityModeCommand by the UE (76)5.3.5RRC connection reconfiguration (77)5.3.5.1General (77)5.3.5.2Initiation (77)5.3.5.3Reception of an RRCConnectionReconfiguration not including the mobilityControlInfo by theUE (77)5.3.5.4Reception of an RRCConnectionReconfiguration including the mobilityControlInfo by the UE(handover) (79)5.3.5.5Reconfiguration failure (83)5.3.5.6T304 expiry (handover failure) (83)5.3.5.7Void (84)5.3.5.7a T307 expiry (SCG change failure) (84)5.3.5.8Radio Configuration involving full configuration option (84)5.3.6Counter check (86)5.3.6.1General (86)5.3.6.2Initiation (86)5.3.6.3Reception of the CounterCheck message by the UE (86)5.3.7RRC connection re-establishment (87)5.3.7.1General (87)5.3.7.2Initiation (87)5.3.7.3Actions following cell selection while T311 is running (88)5.3.7.4Actions related to transmission of RRCConnectionReestablishmentRequest message (89)5.3.7.5Reception of the RRCConnectionReestablishment by the UE (89)5.3.7.6T311 expiry (91)5.3.7.7T301 expiry or selected cell no longer suitable (91)5.3.7.8Reception of RRCConnectionReestablishmentReject by the UE (91)5.3.8RRC connection release (92)5.3.8.1General (92)5.3.8.2Initiation (92)5.3.8.3Reception of the RRCConnectionRelease by the UE (92)5.3.8.4T320 expiry (93)5.3.9RRC connection release requested by upper layers (93)5.3.9.1General (93)5.3.9.2Initiation (93)5.3.10Radio resource configuration (93)5.3.10.0General (93)5.3.10.1SRB addition/ modification (94)5.3.10.2DRB release (95)5.3.10.3DRB addition/ modification (95)5.3.10.3a1DC specific DRB addition or reconfiguration (96)5.3.10.3a2LWA specific DRB addition or reconfiguration (98)5.3.10.3a3LWIP specific DRB addition or reconfiguration (98)5.3.10.3a SCell release (99)5.3.10.3b SCell addition/ modification (99)5.3.10.3c PSCell addition or modification (99)5.3.10.4MAC main reconfiguration (99)5.3.10.5Semi-persistent scheduling reconfiguration (100)5.3.10.6Physical channel reconfiguration (100)5.3.10.7Radio Link Failure Timers and Constants reconfiguration (101)5.3.10.8Time domain measurement resource restriction for serving cell (101)5.3.10.9Other configuration (102)5.3.10.10SCG reconfiguration (103)5.3.10.11SCG dedicated resource configuration (104)5.3.10.12Reconfiguration SCG or split DRB by drb-ToAddModList (105)5.3.10.13Neighbour cell information reconfiguration (105)5.3.10.14Void (105)5.3.10.15Sidelink dedicated configuration (105)5.3.10.16T370 expiry (106)5.3.11Radio link failure related actions (107)5.3.11.1Detection of physical layer problems in RRC_CONNECTED (107)5.3.11.2Recovery of physical layer problems (107)5.3.11.3Detection of radio link failure (107)5.3.12UE actions upon leaving RRC_CONNECTED (109)5.3.13UE actions upon PUCCH/ SRS release request (110)5.3.14Proximity indication (110)5.3.14.1General (110)5.3.14.2Initiation (111)5.3.14.3Actions related to transmission of ProximityIndication message (111)5.3.15Void (111)5.4Inter-RAT mobility (111)5.4.1Introduction (111)5.4.2Handover to E-UTRA (112)5.4.2.1General (112)5.4.2.2Initiation (112)5.4.2.3Reception of the RRCConnectionReconfiguration by the UE (112)5.4.2.4Reconfiguration failure (114)5.4.2.5T304 expiry (handover to E-UTRA failure) (114)5.4.3Mobility from E-UTRA (114)5.4.3.1General (114)5.4.3.2Initiation (115)5.4.3.3Reception of the MobilityFromEUTRACommand by the UE (115)5.4.3.4Successful completion of the mobility from E-UTRA (116)5.4.3.5Mobility from E-UTRA failure (117)5.4.4Handover from E-UTRA preparation request (CDMA2000) (117)5.4.4.1General (117)5.4.4.2Initiation (118)5.4.4.3Reception of the HandoverFromEUTRAPreparationRequest by the UE (118)5.4.5UL handover preparation transfer (CDMA2000) (118)5.4.5.1General (118)5.4.5.2Initiation (118)5.4.5.3Actions related to transmission of the ULHandoverPreparationTransfer message (119)5.4.5.4Failure to deliver the ULHandoverPreparationTransfer message (119)5.4.6Inter-RAT cell change order to E-UTRAN (119)5.4.6.1General (119)5.4.6.2Initiation (119)5.4.6.3UE fails to complete an inter-RAT cell change order (119)5.5Measurements (120)5.5.1Introduction (120)5.5.2Measurement configuration (121)5.5.2.1General (121)5.5.2.2Measurement identity removal (122)5.5.2.2a Measurement identity autonomous removal (122)5.5.2.3Measurement identity addition/ modification (123)5.5.2.4Measurement object removal (124)5.5.2.5Measurement object addition/ modification (124)5.5.2.6Reporting configuration removal (126)5.5.2.7Reporting configuration addition/ modification (127)5.5.2.8Quantity configuration (127)5.5.2.9Measurement gap configuration (127)5.5.2.10Discovery signals measurement timing configuration (128)5.5.2.11RSSI measurement timing configuration (128)5.5.3Performing measurements (128)5.5.3.1General (128)5.5.3.2Layer 3 filtering (131)5.5.4Measurement report triggering (131)5.5.4.1General (131)5.5.4.2Event A1 (Serving becomes better than threshold) (135)5.5.4.3Event A2 (Serving becomes worse than threshold) (136)5.5.4.4Event A3 (Neighbour becomes offset better than PCell/ PSCell) (136)5.5.4.5Event A4 (Neighbour becomes better than threshold) (137)5.5.4.6Event A5 (PCell/ PSCell becomes worse than threshold1 and neighbour becomes better thanthreshold2) (138)5.5.4.6a Event A6 (Neighbour becomes offset better than SCell) (139)5.5.4.7Event B1 (Inter RAT neighbour becomes better than threshold) (139)5.5.4.8Event B2 (PCell becomes worse than threshold1 and inter RAT neighbour becomes better thanthreshold2) (140)5.5.4.9Event C1 (CSI-RS resource becomes better than threshold) (141)5.5.4.10Event C2 (CSI-RS resource becomes offset better than reference CSI-RS resource) (141)5.5.4.11Event W1 (WLAN becomes better than a threshold) (142)5.5.4.12Event W2 (All WLAN inside WLAN mobility set becomes worse than threshold1 and a WLANoutside WLAN mobility set becomes better than threshold2) (142)5.5.4.13Event W3 (All WLAN inside WLAN mobility set becomes worse than a threshold) (143)5.5.5Measurement reporting (144)5.5.6Measurement related actions (148)5.5.6.1Actions upon handover and re-establishment (148)5.5.6.2Speed dependant scaling of measurement related parameters (149)5.5.7Inter-frequency RSTD measurement indication (149)5.5.7.1General (149)5.5.7.2Initiation (150)5.5.7.3Actions related to transmission of InterFreqRSTDMeasurementIndication message (150)5.6Other (150)5.6.0General (150)5.6.1DL information transfer (151)5.6.1.1General (151)5.6.1.2Initiation (151)5.6.1.3Reception of the DLInformationTransfer by the UE (151)5.6.2UL information transfer (151)5.6.2.1General (151)5.6.2.2Initiation (151)5.6.2.3Actions related to transmission of ULInformationTransfer message (152)5.6.2.4Failure to deliver ULInformationTransfer message (152)5.6.3UE capability transfer (152)5.6.3.1General (152)5.6.3.2Initiation (153)5.6.3.3Reception of the UECapabilityEnquiry by the UE (153)5.6.4CSFB to 1x Parameter transfer (157)5.6.4.1General (157)5.6.4.2Initiation (157)5.6.4.3Actions related to transmission of CSFBParametersRequestCDMA2000 message (157)5.6.4.4Reception of the CSFBParametersResponseCDMA2000 message (157)5.6.5UE Information (158)5.6.5.1General (158)5.6.5.2Initiation (158)5.6.5.3Reception of the UEInformationRequest message (158)5.6.6 Logged Measurement Configuration (159)5.6.6.1General (159)5.6.6.2Initiation (160)5.6.6.3Reception of the LoggedMeasurementConfiguration by the UE (160)5.6.6.4T330 expiry (160)5.6.7 Release of Logged Measurement Configuration (160)5.6.7.1General (160)5.6.7.2Initiation (160)5.6.8 Measurements logging (161)5.6.8.1General (161)5.6.8.2Initiation (161)5.6.9In-device coexistence indication (163)5.6.9.1General (163)5.6.9.2Initiation (164)5.6.9.3Actions related to transmission of InDeviceCoexIndication message (164)5.6.10UE Assistance Information (165)5.6.10.1General (165)5.6.10.2Initiation (166)5.6.10.3Actions related to transmission of UEAssistanceInformation message (166)5.6.11 Mobility history information (166)5.6.11.1General (166)5.6.11.2Initiation (166)5.6.12RAN-assisted WLAN interworking (167)5.6.12.1General (167)5.6.12.2Dedicated WLAN offload configuration (167)5.6.12.3WLAN offload RAN evaluation (167)5.6.12.4T350 expiry or stop (167)5.6.12.5Cell selection/ re-selection while T350 is running (168)5.6.13SCG failure information (168)5.6.13.1General (168)5.6.13.2Initiation (168)5.6.13.3Actions related to transmission of SCGFailureInformation message (168)5.6.14LTE-WLAN Aggregation (169)5.6.14.1Introduction (169)5.6.14.2Reception of LWA configuration (169)5.6.14.3Release of LWA configuration (170)5.6.15WLAN connection management (170)5.6.15.1Introduction (170)5.6.15.2WLAN connection status reporting (170)5.6.15.2.1General (170)5.6.15.2.2Initiation (171)5.6.15.2.3Actions related to transmission of WLANConnectionStatusReport message (171)5.6.15.3T351 Expiry (WLAN connection attempt timeout) (171)5.6.15.4WLAN status monitoring (171)5.6.16RAN controlled LTE-WLAN interworking (172)5.6.16.1General (172)5.6.16.2WLAN traffic steering command (172)5.6.17LTE-WLAN aggregation with IPsec tunnel (173)5.6.17.1General (173)5.7Generic error handling (174)5.7.1General (174)5.7.2ASN.1 violation or encoding error (174)5.7.3Field set to a not comprehended value (174)5.7.4Mandatory field missing (174)5.7.5Not comprehended field (176)5.8MBMS (176)5.8.1Introduction (176)5.8.1.1General (176)5.8.1.2Scheduling (176)5.8.1.3MCCH information validity and notification of changes (176)5.8.2MCCH information acquisition (178)5.8.2.1General (178)5.8.2.2Initiation (178)5.8.2.3MCCH information acquisition by the UE (178)5.8.2.4Actions upon reception of the MBSFNAreaConfiguration message (178)5.8.2.5Actions upon reception of the MBMSCountingRequest message (179)5.8.3MBMS PTM radio bearer configuration (179)5.8.3.1General (179)5.8.3.2Initiation (179)5.8.3.3MRB establishment (179)5.8.3.4MRB release (179)5.8.4MBMS Counting Procedure (179)5.8.4.1General (179)5.8.4.2Initiation (180)5.8.4.3Reception of the MBMSCountingRequest message by the UE (180)5.8.5MBMS interest indication (181)5.8.5.1General (181)5.8.5.2Initiation (181)5.8.5.3Determine MBMS frequencies of interest (182)5.8.5.4Actions related to transmission of MBMSInterestIndication message (183)5.8a SC-PTM (183)5.8a.1Introduction (183)5.8a.1.1General (183)5.8a.1.2SC-MCCH scheduling (183)5.8a.1.3SC-MCCH information validity and notification of changes (183)5.8a.1.4Procedures (184)5.8a.2SC-MCCH information acquisition (184)5.8a.2.1General (184)5.8a.2.2Initiation (184)5.8a.2.3SC-MCCH information acquisition by the UE (184)5.8a.2.4Actions upon reception of the SCPTMConfiguration message (185)5.8a.3SC-PTM radio bearer configuration (185)5.8a.3.1General (185)5.8a.3.2Initiation (185)5.8a.3.3SC-MRB establishment (185)5.8a.3.4SC-MRB release (185)5.9RN procedures (186)5.9.1RN reconfiguration (186)5.9.1.1General (186)5.9.1.2Initiation (186)5.9.1.3Reception of the RNReconfiguration by the RN (186)5.10Sidelink (186)5.10.1Introduction (186)5.10.1a Conditions for sidelink communication operation (187)5.10.2Sidelink UE information (188)5.10.2.1General (188)5.10.2.2Initiation (189)5.10.2.3Actions related to transmission of SidelinkUEInformation message (193)5.10.3Sidelink communication monitoring (195)5.10.6Sidelink discovery announcement (198)5.10.6a Sidelink discovery announcement pool selection (201)5.10.6b Sidelink discovery announcement reference carrier selection (201)5.10.7Sidelink synchronisation information transmission (202)5.10.7.1General (202)5.10.7.2Initiation (203)5.10.7.3Transmission of SLSS (204)5.10.7.4Transmission of MasterInformationBlock-SL message (205)5.10.7.5Void (206)5.10.8Sidelink synchronisation reference (206)5.10.8.1General (206)5.10.8.2Selection and reselection of synchronisation reference UE (SyncRef UE) (206)5.10.9Sidelink common control information (207)5.10.9.1General (207)5.10.9.2Actions related to reception of MasterInformationBlock-SL message (207)5.10.10Sidelink relay UE operation (207)5.10.10.1General (207)5.10.10.2AS-conditions for relay related sidelink communication transmission by sidelink relay UE (207)5.10.10.3AS-conditions for relay PS related sidelink discovery transmission by sidelink relay UE (208)5.10.10.4Sidelink relay UE threshold conditions (208)5.10.11Sidelink remote UE operation (208)5.10.11.1General (208)5.10.11.2AS-conditions for relay related sidelink communication transmission by sidelink remote UE (208)5.10.11.3AS-conditions for relay PS related sidelink discovery transmission by sidelink remote UE (209)5.10.11.4Selection and reselection of sidelink relay UE (209)5.10.11.5Sidelink remote UE threshold conditions (210)6Protocol data units, formats and parameters (tabular & ASN.1) (210)6.1General (210)6.2RRC messages (212)6.2.1General message structure (212)–EUTRA-RRC-Definitions (212)–BCCH-BCH-Message (212)–BCCH-DL-SCH-Message (212)–BCCH-DL-SCH-Message-BR (213)–MCCH-Message (213)–PCCH-Message (213)–DL-CCCH-Message (214)–DL-DCCH-Message (214)–UL-CCCH-Message (214)–UL-DCCH-Message (215)–SC-MCCH-Message (215)6.2.2Message definitions (216)–CounterCheck (216)–CounterCheckResponse (217)–CSFBParametersRequestCDMA2000 (217)–CSFBParametersResponseCDMA2000 (218)–DLInformationTransfer (218)–HandoverFromEUTRAPreparationRequest (CDMA2000) (219)–InDeviceCoexIndication (220)–InterFreqRSTDMeasurementIndication (222)–LoggedMeasurementConfiguration (223)–MasterInformationBlock (225)–MBMSCountingRequest (226)–MBMSCountingResponse (226)–MBMSInterestIndication (227)–MBSFNAreaConfiguration (228)–MeasurementReport (228)–MobilityFromEUTRACommand (229)–Paging (232)–ProximityIndication (233)–RNReconfiguration (234)–RNReconfigurationComplete (234)–RRCConnectionReconfiguration (235)–RRCConnectionReconfigurationComplete (240)–RRCConnectionReestablishment (241)–RRCConnectionReestablishmentComplete (241)–RRCConnectionReestablishmentReject (242)–RRCConnectionReestablishmentRequest (243)–RRCConnectionReject (243)–RRCConnectionRelease (244)–RRCConnectionResume (248)–RRCConnectionResumeComplete (249)–RRCConnectionResumeRequest (250)–RRCConnectionRequest (250)–RRCConnectionSetup (251)–RRCConnectionSetupComplete (252)–SCGFailureInformation (253)–SCPTMConfiguration (254)–SecurityModeCommand (255)–SecurityModeComplete (255)–SecurityModeFailure (256)–SidelinkUEInformation (256)–SystemInformation (258)–SystemInformationBlockType1 (259)–UEAssistanceInformation (264)–UECapabilityEnquiry (265)–UECapabilityInformation (266)–UEInformationRequest (267)–UEInformationResponse (267)–ULHandoverPreparationTransfer (CDMA2000) (273)–ULInformationTransfer (274)–WLANConnectionStatusReport (274)6.3RRC information elements (275)6.3.1System information blocks (275)–SystemInformationBlockType2 (275)–SystemInformationBlockType3 (279)–SystemInformationBlockType4 (282)–SystemInformationBlockType5 (283)–SystemInformationBlockType6 (287)–SystemInformationBlockType7 (289)–SystemInformationBlockType8 (290)–SystemInformationBlockType9 (295)–SystemInformationBlockType10 (295)–SystemInformationBlockType11 (296)–SystemInformationBlockType12 (297)–SystemInformationBlockType13 (297)–SystemInformationBlockType14 (298)–SystemInformationBlockType15 (298)–SystemInformationBlockType16 (299)–SystemInformationBlockType17 (300)–SystemInformationBlockType18 (301)–SystemInformationBlockType19 (301)–SystemInformationBlockType20 (304)6.3.2Radio resource control information elements (304)–AntennaInfo (304)–AntennaInfoUL (306)–CQI-ReportConfig (307)–CQI-ReportPeriodicProcExtId (314)–CrossCarrierSchedulingConfig (314)–CSI-IM-Config (315)–CSI-IM-ConfigId (315)–CSI-RS-Config (317)–CSI-RS-ConfigEMIMO (318)–CSI-RS-ConfigNZP (319)–CSI-RS-ConfigNZPId (320)–CSI-RS-ConfigZP (321)–CSI-RS-ConfigZPId (321)–DMRS-Config (321)–DRB-Identity (322)–EPDCCH-Config (322)–EIMTA-MainConfig (324)–LogicalChannelConfig (325)–LWA-Configuration (326)–LWIP-Configuration (326)–RCLWI-Configuration (327)–MAC-MainConfig (327)–P-C-AndCBSR (332)–PDCCH-ConfigSCell (333)–PDCP-Config (334)–PDSCH-Config (337)–PDSCH-RE-MappingQCL-ConfigId (339)–PHICH-Config (339)–PhysicalConfigDedicated (339)–P-Max (344)–PRACH-Config (344)–PresenceAntennaPort1 (346)–PUCCH-Config (347)–PUSCH-Config (351)–RACH-ConfigCommon (355)–RACH-ConfigDedicated (357)–RadioResourceConfigCommon (358)–RadioResourceConfigDedicated (362)–RLC-Config (367)–RLF-TimersAndConstants (369)–RN-SubframeConfig (370)–SchedulingRequestConfig (371)–SoundingRS-UL-Config (372)–SPS-Config (375)–TDD-Config (376)–TimeAlignmentTimer (377)–TPC-PDCCH-Config (377)–TunnelConfigLWIP (378)–UplinkPowerControl (379)–WLAN-Id-List (382)–WLAN-MobilityConfig (382)6.3.3Security control information elements (382)–NextHopChainingCount (382)–SecurityAlgorithmConfig (383)–ShortMAC-I (383)6.3.4Mobility control information elements (383)–AdditionalSpectrumEmission (383)–ARFCN-ValueCDMA2000 (383)–ARFCN-ValueEUTRA (384)–ARFCN-ValueGERAN (384)–ARFCN-ValueUTRA (384)–BandclassCDMA2000 (384)–BandIndicatorGERAN (385)–CarrierFreqCDMA2000 (385)–CarrierFreqGERAN (385)–CellIndexList (387)–CellReselectionPriority (387)–CellSelectionInfoCE (387)–CellReselectionSubPriority (388)–CSFB-RegistrationParam1XRTT (388)–CellGlobalIdEUTRA (389)–CellGlobalIdUTRA (389)–CellGlobalIdGERAN (390)–CellGlobalIdCDMA2000 (390)–CellSelectionInfoNFreq (391)–CSG-Identity (391)–FreqBandIndicator (391)–MobilityControlInfo (391)–MobilityParametersCDMA2000 (1xRTT) (393)–MobilityStateParameters (394)–MultiBandInfoList (394)–NS-PmaxList (394)–PhysCellId (395)–PhysCellIdRange (395)–PhysCellIdRangeUTRA-FDDList (395)–PhysCellIdCDMA2000 (396)–PhysCellIdGERAN (396)–PhysCellIdUTRA-FDD (396)–PhysCellIdUTRA-TDD (396)–PLMN-Identity (397)–PLMN-IdentityList3 (397)–PreRegistrationInfoHRPD (397)–Q-QualMin (398)–Q-RxLevMin (398)–Q-OffsetRange (398)–Q-OffsetRangeInterRAT (399)–ReselectionThreshold (399)–ReselectionThresholdQ (399)–SCellIndex (399)–ServCellIndex (400)–SpeedStateScaleFactors (400)–SystemInfoListGERAN (400)–SystemTimeInfoCDMA2000 (401)–TrackingAreaCode (401)–T-Reselection (402)–T-ReselectionEUTRA-CE (402)6.3.5Measurement information elements (402)–AllowedMeasBandwidth (402)–CSI-RSRP-Range (402)–Hysteresis (402)–LocationInfo (403)–MBSFN-RSRQ-Range (403)–MeasConfig (404)–MeasDS-Config (405)–MeasGapConfig (406)–MeasId (407)–MeasIdToAddModList (407)–MeasObjectCDMA2000 (408)–MeasObjectEUTRA (408)–MeasObjectGERAN (412)–MeasObjectId (412)–MeasObjectToAddModList (412)–MeasObjectUTRA (413)–ReportConfigEUTRA (422)–ReportConfigId (425)–ReportConfigInterRAT (425)–ReportConfigToAddModList (428)–ReportInterval (429)–RSRP-Range (429)–RSRQ-Range (430)–RSRQ-Type (430)–RS-SINR-Range (430)–RSSI-Range-r13 (431)–TimeToTrigger (431)–UL-DelayConfig (431)–WLAN-CarrierInfo (431)–WLAN-RSSI-Range (432)–WLAN-Status (432)6.3.6Other information elements (433)–AbsoluteTimeInfo (433)–AreaConfiguration (433)–C-RNTI (433)–DedicatedInfoCDMA2000 (434)–DedicatedInfoNAS (434)–FilterCoefficient (434)–LoggingDuration (434)–LoggingInterval (435)–MeasSubframePattern (435)–MMEC (435)–NeighCellConfig (435)–OtherConfig (436)–RAND-CDMA2000 (1xRTT) (437)–RAT-Type (437)–ResumeIdentity (437)–RRC-TransactionIdentifier (438)–S-TMSI (438)–TraceReference (438)–UE-CapabilityRAT-ContainerList (438)–UE-EUTRA-Capability (439)–UE-RadioPagingInfo (469)–UE-TimersAndConstants (469)–VisitedCellInfoList (470)–WLAN-OffloadConfig (470)6.3.7MBMS information elements (472)–MBMS-NotificationConfig (472)–MBMS-ServiceList (473)–MBSFN-AreaId (473)–MBSFN-AreaInfoList (473)–MBSFN-SubframeConfig (474)–PMCH-InfoList (475)6.3.7a SC-PTM information elements (476)–SC-MTCH-InfoList (476)–SCPTM-NeighbourCellList (478)6.3.8Sidelink information elements (478)–SL-CommConfig (478)–SL-CommResourcePool (479)–SL-CP-Len (480)–SL-DiscConfig (481)–SL-DiscResourcePool (483)–SL-DiscTxPowerInfo (485)–SL-GapConfig (485)。

1、下载文档前请自行甄别文档内容的完整性，平台不提供额外的编辑、内容补充、找答案等附加服务。
2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
3、如文档侵犯您的权益，请联系客服反馈,我们会尽快为您处理(人工客服工作时间：9:00-18:30)。

The NIST Process Control Security Requirements Forum (PCSRF) and the Future of Industrial Control System SecurityKeith Stouffer, Joe Falco, Fred ProctorNational Institute of Standards and Technology (NIST)To be presented at 2004 TAPPI Paper SummitAtlanta, Georgia, May 3-5, 2004ABSTRACTThis paper will provide an overview of the Process Control Security Requirements Forum (PCSRF) and the System Protection Profile for Industrial Control Systems (SPP-ICS) document. The SPP-ICS presents a cohesive, cross-industry, baseline set of security requirements for new industrial process control systems. It is based on the ISO/IEC 15408 Common Criteria, a widely used standard for defining traditional IT security requirements. The SPP-ICS can be combined with specific pulp/paper security requirements to produce a document that addresses future security requirements for the pulp/paper industry.INTRODUCTIONThe widespread use of IT for remote monitoring and control of the electric power system and for controlling industrial processes in the oil and gas, water, chemical, pharmaceutical, food and beverage, pulp and paper, and other industries, has unintentionally introduced security vulnerabilities. The National Institute of Standards and Technology (NIST) is working with process control end users, vendors and integrators to improve the IT security of networked digital control systems used in industrial applications. This effort is being carried out through the Process Control Security Requirements Forum (PCSRF).The PCSRF is a working group of representatives from the various sectors that make up the process control industry and the vendors that design, produce, and/or integrate components and systems for the industry. The PCSRF is working with security professionals to assess the vulnerabilities and establish appropriate strategies for the development of policies and countermeasures that the U.S. process controls industry would employ through a combination of IT and non-IT mechanisms to reduce residual risk to an acceptable level. The Common Criteria for Information Technology Security Evaluation, also known as ISO/IEC 15408, is being used to document the results of this effort in the form of Common Criteria Protection Profile security specifications. The primary focus area of the group to improve the IT security of the computer control systems used in process industries, including electric utilities, petroleum (oil and gas), water, waste, chemicals, pharmaceuticals, pulp and paper, and metals and mining with an emphasis on industries considered to be part of the nation’s critical infrastructure.Securing these systems is a challenge. These systems are often time critical and are designed to maximize performance, reliability, flexibility, and safety. It can be difficult to balance these characteristics with security. Safety is the number one concern and security requirements cannot compromise the safety requirements of the system.In the past, these systems have typically been physically isolated and based on proprietary hardware and communications. Therefore, security has not been a significant consideration. Today, these systems are often connected to the corporate and business networks, use open/Commercial-Off-The-Shelf (COTS) components and are connected via Ethernet. This increased connectivity and use of common components is often very beneficial, but also increases the vulnerabilities of these systems.______________________________Commercial equipment and materials are identified, in order to adequately specify certain systems. In no case does such identification imply recommendation of endorsement by the National Institute of Standards and Technology, nor does it imply that the materials or equipment identified are necessarily the best available for the purpose.ISA-SP99 – ADDRESSING THE INSTALLED BASEThe Instrumentation, Systems, and Automation Society (ISA) is a global, cross-industry organization that includes representatives from all process control sectors. The focus of the organizations is more on Distributed Control Systems (DCS) and plant floor operations than Supervisory Control and Data Acquisition (SCADA) systems, but all process control disciplines are represented in this large organization.ISA-SP99 [1] is the Manufacturing and Control Systems Security Committee in the ISA. The committee was formed in the fall of 2002 to establish standards, recommended practices, technical reports, and related information that will define procedures for implementing electronically secure manufacturing and control systems and security practices and assessing electronic security performance. Guidance is directed towards those responsible for designing, implementing, or managing manufacturing and control systems and also applies to users, system integrators, security practitioners, and control systems manufacturers and vendors.Initially, ISA-SP99 has focused on documenting guidelines and considerations for control system security in two Technical Reports (TR): WG1/TR1 “Technologies”, and WG2/TR2 “Application and Practices.” The draft Technical Reports incorporate a great deal of information from other security standards and publications and add information specific to control systems. These Technical Reports are useful for identifying issues to consider and should be available for purchase in the near future.PCSRF – ADDRESSING THE FUTURETo address the future security requirements for industrial process control systems and components, NIST formed the Process Control Security Requirements Forum (PCSRF) [2] in the spring of 2001. The PCSRF is a working group of users, vendors, and integrators in the process control industry who are concerned about information security in an increasingly networked world. The PCSRF addresses the cyber security requirements for industrial process control systems and components, including DCS, SCADA systems, Programmable Logic Controllers (PLCs), Remote Terminal Units (RTUs), and Intelligent Electronic Devices (IEDs) - microprocessor-based protective relays. Members of the PCSRF represent the critical infrastructures and related process industries, including oil and gas, water, electric power, chemicals, pharmaceuticals, metals and mining, and pulp and paper. There are currently over 400 members in the PCSRF from government, academic and private sectors, including ABB, Emerson Process Management, Honeywell, Invensys, Rockwell, Cisco, Microsoft, Sun Microsystems, American Gas Association, BP, Chevron Texaco, Exxon Mobile, Association of Metropolitan Water Agencies, American Chemistry Council, Dow, Dupont, Eastman Kodak, Schering-Plough, Georgia-Pacific, I-4, ISA, National Defense University, Idaho National Engineering & Environmental Lab, Pacific Northwest National Lab, Sandia National Lab, Department of Homeland Security, National Security Agency and NIST.The main goal of the PCSRF is to increase the security of industrial process control systems through the definition and application of a common set of information security requirements for these systems. This will reduce the likelihood of successful cyber-attack on the nation’s critical infrastructures.Security Capabilities Profile (SCP) DocumentThe first document developed by PCSRF was the Security Capabilities Profile (SCP) [3]. The SCP is a document that serves as a means to reach consensus within and across the various industries regarding the security capabilities that are required in a secure industrial process control system. The document also serves as a vehicle to convey to the process control system and component vendors the security capabilities that are desired in new products for application in the industrial process control space.During initial information gathering exercises, the PCSRF identified vulnerabilities across the boundaries of the diverse participating industries. Industry specific working groups defined vulnerabilities specific to their process control system based on a minimal set of system functions and capabilities defined by the PCSRF. The results of the individual vulnerability assessments were analyzed and consolidated, by the PCSRF, into comprehensive statements of vulnerabilities that are listed in the SCP document.The document defines a superset of security capabilities that would exist in electronic programmable components that comprise an industrial control system. Each operational Industrial Control System (ICS) will need to apply these capabilities as appropriate for that system’s environment. The security and safety risks of the operational environment of the ICS must be assessed for each ICS. Based upon the security and safety risks in which the ICS components must operate, individual security capabilities will be specified, configured, and employed by customers to meet the overall security needs of the ICS. The specific configuration of the components to support organizational security and safety objectives is left to the system designers to implement. For each selected capability, the specific requirements statements should be reviewed and modified to provide the desired level of functionality and assurance in the same manner as requirements and assurance measures are selected to meet a Safety Integrity Level (SIL) as in IEC 61508 [4].The SCP and its derivatives will also serve as a basis for developing ISO/IEC 15408 Common Criteria compliant Protection Profiles to aid in development and verification of the security capabilities of industrial process control systems and components.Common Criteria Based ApproachThe Common Criteria (CC), ISO/IEC 15408 [5], is a meta-standard of criteria and constructs used to develop security specifications in support of the evaluation of products. The specifications define and characterize the security problem including assumptions about the operational environment, threats that may be encountered and policies that must be enforced. Also characterized is the intended approach to eliminate, minimize or monitor defined threats, and enforce stated policy. The specification defines functional requirements, specifying what the system is to do and assurance requirements, specifying what is done to verify that the system does exactly what it is supposed to. These CC requirements, selected from a catalog of criteria, are independent of technology and implementation. The finished specification is a formal CC Protection Profile (PP) for a product or system. A PP is applied to serve as an acquisition/procurement vehicle to specify the security requirements of a component or system design or to gauge the security features of available components or systems. A PP can also be applied to verify product compliance both at the component evaluation level and at the system certification level.System Protection Profile for Industrial Control Systems (SPP-ICS) DocumentThe System Protection Profile for Industrial Control Systems (SPP-ICS) [6] document is an extension of theISO/IEC 15408 Common Criteria to systems. This document is designed to present a cohesive, cross-industry, baseline set of security requirements for the procurement of new process control systems. The SPP-ICS considers an entire system and addresses requirements for the entire system lifecycle. The SPP-ICS also acts as a starting point for more specific system protection profiles (SCADA, DCS), for a specific instance of an industrial control system, and for component protection profiles (industrial controller authentication, sensor authentication, etc).The System Protection Profile for Industrial Control Systems (SPP-ICS) specifies the integrated set of security requirements for industrial control systems. The integrated set of requirements includes requirements for operating policies and procedures, requirements for information technology based system components, requirements for interfaces and interoperability between system components, and requirements for the physical environment and protection of the system.Because the SPP-ICS represents an integrated view of the requirements, special consideration is given to decomposition of security functionality and assignment of specific security functions to sub-systems or components of the overall integrated system. The goal of this aspect of analysis and design is to define security requirements for subsystems or system components at the lowest possible level while at the same time retaining the required level of assurance and security functionality for the integrated system as a whole.As shown in Figure 1, a generic industrial control system [7] consists of classes of components for the direct control of a process (the controller(s), actuators and sensors), a Human Machine Interface (HMI), and capabilities for remote diagnostics and maintenance. Measurement variables are transmitted to the controller from the process sensors. The controller interprets the signals and generates corresponding control signals that it transmits to the process actuators. Process changes result in new sensor signals, identifying the state of the process, to again be transmitted to the controller. The HMI allows a control engineer or operator to configure set points, control algorithms and parameters in the controller. The HMI also provides displays of process status information, including alarms and other means of notifying the operator of malfunctions. Diagnostic and maintenance tools, often made available via modem and Internet enabled interfaces, allow control engineers, operators and vendors to monitor and change controller, actuator, and sensor properties from remote locations. A typical industrial system contains a proliferation of control loops, HMIs and Remote Diagnostics and Maintenance tools built on an array of network protocols. Supervisory level loops and lower level loops operate continuously over the duration of a process at cycle times ranging on the order of minutes to milliseconds. Although not represented in the diagram, there are also human elements such as operators and non-technical elements such as operating procedures.DisturbancesFigure 1 Generic industrial control systemTo provide a context for evaluation of the system, a boundary called the System Target of Evaluation (STOE) must be defined. The STOE includes both the information technology based components and the non-information technology based elements implemented via policies and operating procedures, which are designed to meet the security objectives defined to counter threats to the ICS. Particular attention is given to the interaction and dependencies between the security subsystem and the overall industrial control system.The STOE focuses on protecting data integrity and system availability without interfering with safety system functions. Data integrity centers on protecting data flows to and from the controller and the other ICS components or subsystems. The STOE is also intended to protect system availability to assure continuity of operations. Confidentiality beyond that required to protect the security subsystem itself or to protect against specific attacks on the ICS is not considered to be a large risk.The scope of the STOE is depicted graphically in Figure 2. The boxes depict the primary system security functions. These functions are user authentication services (including user access control), physical access control, boundary protection, and data / device authentication. User authentication services control access to process control related computer systems including the human machine interface (HMI) and remote diagnostics and maintenance. In addition, user authentication is used by the physical access control system to authenticate personnel for physical access. Data / device authentication is shown as a separate function to emphasize the need for data and command signal authentication. Note that the corporate intranet is in the external environment of the STOE.The lines from actuator to controlled process and from controlled process to sensor indicate that these are physical connections representing the direct interactions that take place. The rest of the diagram depicts logical connections. Security controls based on management and operating procedures are not shown in the figure.The SPP-ICS is written for a generic industrial control system as a high-level statement of requirements. It provides a starting point for more specific and detailed statements of requirements for industrial control systems focused on a specific industry, company, or component. Pulp/paper specific security requirements can be combined with the SPP-ICS to produce a document that addresses future security requirements for the pulp/paper industry.Figure 2 SPP-ICS System Target of EvaluationNIST INDUSTRIAL CONTROL SYSTEMS SECURITY TESTBEDParallel to NIST PCSRF efforts, NIST has also initiated the development of a testbed consisting of several implementations of typical industrial control systems, networking equipment, as well as relevant sensors and actuators. This Industrial Control System Security Testbed is being used at NIST to develop test methods for validation and conformance testing of security implementations. The testbed is also being used to help identify system vulnerabilities as well as establish best practice guidelines.The two primary testbed implementations are a water distribution and a bottling plant simulation.The current network configuration of the NIST Industrial Control Systems Security Testbed is shown in Figure 3. The network is divided into two subnets, where one subnet supports the water distribution simulation and is protected by a software-based firewall, and the other supports the bottling plant simulation and is protected by a hardware-based firewall. These two subnets originate from a border router just after simulated Internet connectivity via a modem/hub device. Since wireless technology is becoming widely used in the industrial controls setting, the network was also equipped with both 802.11 and 802.15 wireless access points.Figure 3 NIST Industrial Control Systems Security TestbedThe water distribution simulation is designed as a SCADA system, and is shown in Figure 4. The system consists of three PLCs. Each PLC controls a tank level via a pump and an ultrasonic level transmitter with the additional capability to monitor tank input and output flows. One PLC serves as the Master Terminal Unit (MTU) and communicates with two other PLCs serving as Remote Terminal Units (RTUs). The MTU supplies water from its controlled tank to meet the demands of the two RTU controlled tanks. Water drained from the RTU tanks simulates user demand on the distribution system. The water distribution simulation is closed, so that water drained from the RTU tanks is fed to a holding tank to again be used to fill the MTU main supply tank. The entire SCADA system is controllable via a Human Machine Interface (HMI) running on a PC. The HMI is interfaced to the MTU via Ethernet. Each RTU is interfaced to the HMI through the MTU. MTU/RTU communication capabilities include Ethernet or serial using the Distributed Networking Protocol (DNP) v3.0. The SCADA system was built entirely with commercially available equipment and hardware including PLC hardware and software, HMI software, and software interfaces.Figure 4 Water distribution SCADA systemThe bottling plant simulation shown in Figure 5 uses industrial conveyor modules arranged to form a loop of continuously circulating bottles. The conveyor system has a station that ejects bottle that are missing labels. The conveyor drives, eject station actuator and sensors are interfaced to a DeviceNet network. DeviceNet, one of many industrial network standards, allows industrial devices such as sensors and actuators to be remotely managed by PCs or PLCs.Figure 5 Bottling plant simulationThe conveyor hardware and sensor network has been integrated so it can optionally be controlled by one of three controllers. The controllers include a commercial hardware PLC, a software based PLC that runs on a PC, and a Hybrid Control System (HCS) all interfaced through DeviceNet.CONCLUSIONSThe main goal of the PCSRF is to increase the security of industrial process control systems through the definition and application of a common set of information security requirements for industrial process control systems using the ISO/IEC 15408 Common Criteria.This will reduce the likelihood of successful cyber-attack on the nation’s critical infrastructures.A system protection profile had been written for a generic industrial control system as a high-level statement of security requirements. It provides a starting point for more specific and detailed statements of requirements for industrial control systems focused on a specific industry, company, or component. Specific pulp/paper specific security requirements can be combined with the system protection profile to produce a document that addresses future security requirements for the pulp/paper industry. A testbed consisting of several implementations of typical industrial control systems is being used at NIST to develop test methods for validation and conformance testing of security implementations.ACKNOWLEDGMENTSThe authors would like to thank the PCSRF members who provided their time and input to this effort and to Decisive Analytics for their development efforts to produce the SCP and SPP-ICS documents. This effort was funded by the United States Federal Government.REFERENCES1.ISA-SP99/MSTemplate.cfm?MicrositeID=988&CommitteeID=68212.Process Control Security Requirements Forum (PCSRF)/projects/processcontrol/3.Security Capabilities Profile (SCP), September 17, 2003./projects/processcontrol/members/documents/SCP-17-Sep-03.doc4.IEC 61508http://www.iec.ch/zone/fsafety/fsafety_entry.htmmon Criteria for Information Technology Security Evaluation, “Part1: Introduction and general model,CCIMB-99-031, Version 2.1,” 1999.6.System Protection Profile for Industrial Control Systems (SPP-ICS) Version 0.91, February 4, 2004./projects/processcontrol/members/documents/SPP-ICS-v0.91.doc7. Falco, J., Stouffer, K., Wavering, A., Proctor, F., “IT Security for Industrial Control Systems,” NISTIR 6859,February 2002.。