N290.7-14 (R2021)

Preface

This is the first edition of CSA N290.7, Cyber security for nuclear power plants and small reactor facilities. 

The CSA N-Series of Standards provides an interlinked set of requirements for the management of nuclear facilities and activities. CSA N286 provides overall direction to management to develop and implement sound management practices and controls, while the other CSA nuclear Standards provide technical requirements and guidance that support the management system. This Standard works in harmony with CSA N286 and does not duplicate the generic requirements of CSA N286; however, it may provide more specific direction for those requirements. 

This Standard reflects the operating experience of the Canadian nuclear power industry. 

Users of this Standard are reminded that the design, manufacture, construction, commissioning, operation, and decommissioning of nuclear facilities in Canada are subject to the provisions of the Nuclear Safety and Control Act and its supporting Regulations. 

Scope

1.1

This Standard covers the cyber security of new and existing nuclear power plants (NPPs) and small reactor facilities. 

Note: This Standard may provide guidance for nuclear facilities other than NPPs and small reactor facilities, using a graded approach. 

1.2

This Standard addresses cyber security at nuclear power plants and small reactor facilities for the following computer systems and components: 

a) systems important to nuclear safety

b) nuclear security 

c) emergency preparedness 

d) production reliability

e) safeguards 

f) auxiliary assets or systems which, if compromised, exploited, or failed, could adversely impact Item (a), (b), (c), (d) or (e)

1.3

This Standard pertains to the securing of essential computer systems and components against cyber attacks resulting in loss of availability, degradation or loss of ability to perform their intended function, compromise of their integrity, and loss of confidentiality of their information. 

1.4

This Standard does not apply to business systems (e.g., work management), and offline engineering systems (e.g., analytical, scientific, and design computer programs as per CSA N286.7). 

1.5

In this Standard, shall is used to express a requirement, i.e., a provision that the user is obliged to satisfy in order to comply with the standard; should is used to express a recommendation or that which is advised but not required; and may is used to express an option or that which is permissible within the limits of the standard. 

Notes accompanying clauses do not include requirements or alternative requirements; the purpose of a note accompanying a clause is to separate from the text explanatory or informative material. 

Notes to tables and figures are considered part of the table or figure and may be written as requirements. 

Annexes are designated normative (mandatory) or informative (non-mandatory) to define their application.

An update to this product is available.

To receive notifications when an amendment, new edition or update is available to your standard no matter how you purchased it, please register on the Standards Update Service. After registering, enter the List ID for the relevant standard. The List ID can be found in the “CSA Standards Update” section within the first few pages of the standard you’ve purchased. Once notified, you can then update your standard accordingly.

PDF Format Purchased from the CSA Store

If you have purchased or subscribed to a standard from the CSA Store in PDF format, login to your CSA OnDemand^TM account to access the updated PDF.

Paper Format Purchased or Purchased from Reseller

If you have purchased a paper copy of the standard from the CSA Store or purchased a standard in paper or PDF format from one of our resellers, login to the Standards Update Service to download the updates in PDF format. 

eBook Format Purchased

If you have purchased a standard in eBook format, login to the CSA Reader App to download the updated version of the standard.