IEC 62351-5:20 23定义了应用配置文件(A-profile)安全通信机制，指定了用于保护基于或源自IEC 60870-5《远动设备和系统-传输协议》的所有协议的操作的消息、过程和算法。 为了使本文件中描述的措施生效，它们必须被协议本身的规范所接受和引用。编写本文档是为了启用该过程。 本文档的后续受众是实现这些协议的产品的开发人员。 为了理解工作的目的和要求，本文件的部分内容也可能对经理和行政人员有用。 本文件从一般到具体的工作组织如下:？条款2至4提供背景术语、定义和参考文献。 ？条款5描述了本说明书旨在解决的问题。 ？条款6一般地描述了该机制，而没有参考特定的协议。 ？条款7和8更精确地描述了该机制，并且是本说明书的主要规范性部分。 ？条款9定义了这种安全通信机制的互操作性要求。 ？第10条描述了引用本文件的其他标准的要求。 组织对本文档中描述的事件和错误情况的响应应由组织的安全策略定义，并且超出了本文档的范围。 本国际标准取消并取代IEC TS 62351-5发表于2013年。它构成技术修订。本国际标准的主要变更为: a)在每个控制站/受控站关联上执行安全通信机制。 b)添加、更改或删除用户的用户管理已被删除。 c)删除了改变更新密钥的对称方法。 d)审查了非对称方法来改变更新密钥。 e)删除质询/答复程序和概念。 f)攻击模式概念被安全数据消息交换机制所取代。 g)增加了应用数据的认证加密。 h)已更新允许的安全算法列表。 i)计算消息序列号的规则已更新 j）增加了事件监控和日志记录

IEC 62351-5:2023 defines the application profile (A-profile) secure communication mechanism specifying messages, procedures and algorithms for securing the operation of all protocols based on or derived from IEC 60870-5, Telecontrol Equipment and Systems – Transmission Protocols.
For the measures described in this document to take effect, they must be accepted and referenced by the specifications for the protocols themselves. This document is written to enable that process.
The subsequent audience for this document is intended to be the developers of products that implement these protocols.
Portions of this document may also be of use to managers and executives in order to understand the purpose and requirements of the work.
This document is organized working from the general to the specific, as follows:
？ Clauses 2 through 4 provide background terms, definitions, and references.
？ Clause 5 describes the problems this specification is intended to address.
？ Clause 6 describes the mechanism generically without reference to a specific protocol.
？ Clauses 7 and 8 describe the mechanism more precisely and are the primary normative part of this specification.
？ Clause 9 define the interoperability requirements for this secure communication mechanism.
？ Clause 10 describes the requirements for other standards referencing this document.
The actions of an organization in response to events and error conditions described in this document are expected to be defined by the organization’s security policy and they are beyond the scope of this document.

This International Standard cancels and replaces IEC TS 62351-5 published in 2013. It constitutes a technical revision. The primary changes in this International Standard are:
a) The secure communication mechanism is performed on per controlling station/controlled station association.
b) User management to add, change or delete a User, was removed.
c) Symmetric method to change the Update Key was removed.
d) Asymmetric method to the change Update Key was reviewed.
e) Challenge/Reply procedure and concepts were removed.
f) Aggressive Mode concept was replaced with the Secure Data message exchange mechanism.
g) Authenticated encryption of application data was added.
h) The list of permitted security algorithms has been updated.
i) The rules for calculating messages sequence numbers have been updated
j) Events monitoring and logging was added