Enterprise Integration Standards for Information Technology (IT)

1. Confidenciality
2. Integrity
3. Availability

It should be noted that CIA priorities are exactly the opposite of SAIC as implemented in ACS systems

This list is not meant to be exhaustive, but rather to describe the most important commonly-encountered standards. For a more detailed list of Enterprise Integration standards, see The PERA User Guides for your industry (e.g., chemical process or mainufacturing industry) and Principal Role (e.g., Owner/Operator or Vendor). Standards in User Guides are also organized according to the Discipline (Professional Role) responsible for implementing that standard.

These Standards are presented alphabetically, according to the Standards body responsible for writing and maintaining these standards. They are not divided by Enterprise Phase as many are used at more than one phase of the Enterprise Life Cycle.

IT standards are identified and reconciled during the Master Planning or Conceptual Engineering Phase; however, IT standards are more consistent across industries, and are also less likely to disrupt engineering design, since they have little impact on physical facilities (except for power, air conditioning and cabling)

• CEN TC310 WG1 is the working group that deals with Enterprise Modelling for Computer Integrated Manufacturing within TC310, the technical committee for Advanced Manufacturing Technologies. TC310 has primarily focused on discrete manufacturing.
• CEN work is coordinated with ISO TC184/SC5/WG1 (see below) under the Vienna agreement.

• Press Release announcing the release of the Draft of Cybersecurity Risk Management Process (RMP) Guideline for Public Comment

• ISA-95 Enterprise to Control System Integration
  • ISA-95 addresses the exchange of data between Control Systems and Manufacturing Execution Systems (MES). This presentation gives an introduction.

• ISO TC184 SC5 WG1 Enterprise Modelling and Architecture
• Supported by NIST (US National Institute of Standards & Technology)
• Coordinated with CEN TC310 WG1 (see above) under the "Brussels Agreement"
• ISO 15000 Electronic Business eXtensible Markup Language, or ebXML
• ISO 15704 Enterprise Modelling and Architecture
  Requirements for enterprise-referencing architecture and methodologies.  This document includes and updates certain PERA concepts.
• ISO 15926 Defines an Enterprise Life Cycle Data Exchange standard which is coordinated with ISO 14224 in the Reference Domain, and ISO 18435 & 13374 in the Execution Environment.
• ISO 27000 consists of the following 14 parts:
• ISO/IEC 27000 - Introduction and vocabulary.
  
• ISO/IEC 27001 – Foundation for an Information Security Management System (ISMS).
  
• ISO/IEC 27002 – Best practices for selecting and implementing security controls.
  
• ISO/IEC 27003 – Practical guidance on implementing ISO 27001 successfully.
  
• ISO/IEC 27004 – Methods to measure and evaluate the effectiveness of ISMS.
  
• ISO/IEC 27014 – Governance principles to align security with business objectives.
  
• ISO/IEC 27016 – Managing the economic aspects of information security investments.
  
• ISO/IEC 27017 – Security best practices for cloud computing environments.
  
• ISO/IEC 27018 – Protection of Personally Identifiable Information (PII) in the cloud.
  
• ISO/IEC 27032 – Cybersecurity guidance for securing networks and critical infrastructure
  
• ISO/IEC 27034-1 – Secure development practices for applications.
  
• ISO/IEC 27035-1 – A framework for managing cybersecurity incidents.
  
• ISO 55000 Asset Management Systems.
  • ISO 55000 provides an overview of asset management and asset management systems
  • ISO 55001 specifies requirements for an asset management system
  • ISO 55003 defines sector-specific, asset-specific or activity-specific technical requirements for an asset management system

MIMOSA - Machinery Information Management Open Systems Alliance
MIMOSA is a non-profit industry association, focused on enabling solutions leveraging supplier neutral, open standards, to establish an interoperable industrial ecosystem for Commercial Off The Shelf (COTS) solutions. Standards include:

• MIMOSA CCOM provides a Conceptual Common Object Model and canonical XML representation of that model, that addresses manufacturing, fleet, and facility environments
• Open O&M is an initiative of multiple industry standards organizations to provide a harmonized set of standards for the exchange of Operations and Maintenance data and the associated context.
• MIMOSA OSA-EAI provides asset management-related information standards, and
• The Manufacturing and Facilities Joint Working Groups offer end users a harmonized set of data exchange standards avoiding duplication of work.

NIST Computer Security Resource Center
CSRC is the Computer Security Division's Web site. It is used to encourage broad sharing of information security tools and practices, to provide a resource for information security standards and guidelines, and to identify and link key security Web resources to support the industry.

• NIST Cybersecurity Framework
  is a set of voluntary guidelines designed to help government organizations assess and improve their ability to prevent, detect, and respond to cybersecurity risks for critical infrastructure sectors. It has also been adopted across various non-governmental industries. Note that although it attempts to address both ACS and IT systems,(in our opinion) the clauses that address ACS requirements are much less developed than those in IEC/ISA 62443 and should therefore be used primarily for US Government systems and for IT systems in US critical infrastructure.
• NIST 800-53: Security and Privacy Controls for Information Systems and Organizations.
  

• Content work defining business processes, their messages and the data dictionary.
• Technical work comprised of XML design, development, UML repository work, and application architecture.

• UML Unified Modelling Language
  An object-oriented graphical language standard for expressing program design. Includes Class and Object diagrams, Structure diagrams, and Use Case diagrams.
• MOF Meta-Object Facility
  Defines a standardized repository for meta-data such as definitions of data types or UML models.
• XMI XML Metadata Interchange
  A format for interchange of meta-data such as transferring the model to the next step in a design process.
• CORBA Common Object Request Broker Architecture
  A vendor-independant specification of a way for computer applications to work together over networks. It includes an Interface Definition Language (IDL), and the GIOP and IIOP protocols. CORBA provides a standard way for applications in any language, on any operating system, or network to communicate with applications in any other language, on any other operating system, or network.
• CWM Common Warehouse Metamodel
  This specification describes metadata interchange among data warehousing, business intelligence, knowledge management and portal technologies.
• MDA Model Driven Architecture
  An open, vendor-neutral approach to system development based on UML, XMI, CWM and CORBA.

OPC Foundation is a cooperative industry body that develops royalty-free electronic business standards for trading partners within the Global Energy Industry. This includes data acquisition and transport standards.

• Standards library of electronic forms and EDI documents for the petroleum and pipeline industry
• OPC UA is a platform-independant service-oriented architecture specification that integrates all functionality from existing "classic" OPC specifications. Its 19 parts cover topics including: Security Model, Address Space Model, Services, Information Model, Mappings, Profiles, Data Access, Alarms and Conditions, Programs, Historical Access, Discovery, Aggregates, Architecture for Analyzers, PLCs, FDI, and Devices, as well as an ISA-95 Common Object Model.

PIDX International is an industry body that develops royalty-free electronic business standards for trading partners with the Global Energy Industry.

• Standards library of electronic forms and EDI documents for the petroleum and pipeline industry

• Process Control and
• P&IDs (Piping and Instrumentation Diagrams).

Profibus and Profinet International provides standards and testing for Profibus hardware and software including the PROFIBUS Industrial Data Highway Standard.

• XML is the universal format for structured documents on the web.
• XML is a subset of SGML which was developed by IBM. XML was issued by the W3C Consortium in 1998.
• It is has received rapid acceptance at all levels in the enterprise architecture for exchanging information between applications.
• It is also the basis for many related standards. including BPMN and B2MML

TIA / EIA Telecommunications Industry Association / Electronic Industries Association.

• The TIA/EIA 568 TIA/EIA 568 Commercial Building Telecommunication standard was jointly developed by TIA and EIA.
• The ISO/IEC-11801 Generic Customer Premises Cabling standard is an international cabling standard, based on the ANSI/TIA/EIA-568, that may be used for industrial control systems and premises cabling.
• The TIA/EIA 568 TIA/EIA 568 structured cabling standards define how to design, build, and manage a Structured Cabling System (SCS). An SCS has specific performance characteristics at each hierarchical level. For example, a workgroup LAN has lower-performance requirements than the building backbone network, which may, in turn, connect to a high speed single or multimode fiber-optic network.
• Category 5 TIA/EIA 568A and 568B Configuration is not an enterprise integration standard, but very handy if you need to make an ethernet cable to connect something !