Standard No.:	GB/T 33008.1-2016
Chinese Name:	工业自动化和控制系统网络安全 可编程序控制器（PLC） 第1部分：系统要求
English Name:	Industrial automation and control system security—Programmable logic controller(PLC)—Part 1:System requirements
Professional Classification:	N10 Industrial automation and control device in general
ICS Classification:	25.040
Issued by:
Issued on:	2016-10-13
Implemented on:	2017-05-01
Status:	VALID
Language:	English
File Format:	PDF
Word Count:	18000 words
Price(USD):	540 (USD)
Delivery:	via email in 1-5 business day

1 Scope
This part of GB/T 33008 specifies the security requirements of programmable controller system, including those of communications, direct or indirect, between PLC and other systems.
This part is applicable to engineering designer, equipment manufacturer, system integrator, user, and assessment & certification body, etc.
2 Normative References
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
Industrial Control System Security—Part 1: Assessment Specification
3 Terms, Definitions and Abbreviations
3.1 Terms and Definitions
For the purposes of this standard, the following terms and definitions apply.
3.1.1
programmable (logic) controller; PLC
digitally operating electronic system, designed for use in an industrial environment, which uses a programmable memory for the internal storage of user-oriented instructions for implementing specific functions such as logic, sequencing, timing, counting and arithmetic, to control, through digital or analogue inputs and outputs, various types of machines or processes. Both the PLC and its associated peripherals are such designed that they can be easily integrated into an industrial control system and easily used in all their intended functions.
Note: The abbreviation PLC is used in this standard to stand for programmable controllers, as is the common practice in the automation industry. The use of PC as an abbreviation for programmable controllers leads to confusion with personal computers.
[GB/T 15969.1-2007, Definition 3.5]
3.1.2
programmable controller system or PLC-system
user-built configuration, consisting of a programmable controller and associated peripherals, that is necessary for the intended automated system. It consists of units interconnected by cables or plug-in connections for permanent installation and by cables or other means for portable and transportable peripherals.
[GB/T 15969.1-2007, Definition 3.6]
3.1.3
vulnerability
defect or weakness in terms of system design, implementation or operation and management, which may be improperly used to compromise the system integrity or security policy
[GB/T 30976.1-2014, Definition 3.1.1]
3.1.4
identify
identification and discrimination of a certain assessment factor