CHAPTER 2: PRODUCT DESCRIPTION
SECURITY
L60 LINE PHASE COMPARISON SYSTEM – INSTRUCTION MANUAL
2-5
2
2.2 Security
The following security features are available:
•
Password security — Basic security present by default
•
EnerVista security — Role-based access to various EnerVista software screens and configuration elements. The
feature is present by default in the EnerVista software.
•
CyberSentry security — Advanced security available using a software option. When purchased, the option is
automatically enabled, and the default Password security and EnerVista security are disabled.
2.2.0.1 EnerVista security
The EnerVista security management system is a role-based access control (RBAC) system that allows an administrator to
manage the privileges of multiple users. This allows for access control of UR devices by multiple personnel within a
substation and conforms to the principles of RBAC as defined in ANSI INCITS 359-2004. The EnerVista security
management system is disabled by default to allow the administrator direct access to the EnerVista software after
installation. It is recommended that security be enabled before placing the device in service.
Basic password or enhanced CyberSentry security applies, depending on purchase.
2.2.0.2 Password security
Password security is a basic security feature present by default.
Two levels of password security are provided: command and setting. Use of a password for each level controls whether all
users can enter commands and/or change settings.
Two types of connection security are provided: password entry from local or remote connection. Local access is defined as
any access to settings or commands via the front panel interface. This includes both keypad entry and the through a front
panel port. Remote access is defined as any access to settings or commands via any rear communications port. This
includes both Ethernet and RS485 connections. These two settings are on by default and apply to all users.
When entering a settings or command password via EnerVista or any serial interface, the user must enter the
corresponding connection password. If the connection is to the back of the L60, the remote password is used. If the
connection is to a front panel port, the local password applies. (These two local and remote password settings are not
shown the figure.)
Password access events are logged in the Event Recorder.
Demand
Pilot Scheme (POTT)
Digital Counters (8)
Setting Groups (6)
Digital Elements (48)
Time synchronization over IRIG-B or IEEE 1588
Direct Inputs and Outputs (32)
Time Synchronization over SNTP
Disconnect Switches
Transducer Inputs/Outputs
DNP 3.0 or IEC 60870-5-104 Communications
Trip Bus
Event Recorder
User Definable Display
Fault Location
User Programmable LEDs
Fault Reporting
User Programmable Pushbuttons
FlexElements™ (8)
User Programmable Self-Tests
FlexLogic Equations
Virtual Inputs (64)
IEC 60870-5-103 Communications
Virtual Outputs (96)
IEC 61850 Communications
VT Fuse Failure
IEC 62351-9 Data and Communications Security
Function
Function