This solution is used within the U.S.. It combines standards associated with US: NTCIP Warning Device with those for I–F: SNMPv3/TLS. The US: NTCIP Warning Device standards include a composite of upper–layer standards that support monitoring for unsafe traffic activities and displaying warning to drivers. The I–F: SNMPv3/TLS standards include lower–layer standards that support secure center–to–field and field–to–field communications using simple network management protocol (SNMPv3); implementations are strongly encouraged to use the TLS for SNMP security option for this solution to ensure adequate security.
Level | DocNum | FullName | Description |
---|
Mgmt | NTCIP 1201 | NTCIP Global Object (GO) Definitions | This standard defines SNMP objects (data elements) used by a wide range of field devices like time and versioning information. |
---|
Mgmt | IETF RFC 3411 | An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks | This standard (RFC) defines the basic architecture for SNMPv3 and includes the definition of information objects for managing the SNMP entity's architecture. |
---|
Mgmt | IETF RFC 3412 | Message Processing and Dispatching for the Simple Network Management Protocol (SNMP) | This standard (RFC) contains a MIB that assists in managing the message processing and dispatching subsystem of an SNMP entity. |
---|
Mgmt | IETF RFC 3413 | Simple Network Management Protocol (SNMP) Applications | This standard (RFC) includes MIBs that allow for the configuration and management of remote Targets, Notifications, and Proxys. |
---|
Mgmt | IETF RFC 3414 | User–based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3) | This standard (RFC) contains a MIB that assists in configuring and managing the user–based security model. |
---|
Mgmt | IETF RFC 3415 | View–based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP) | This standard (RFC) contains a MIB that supports the configuration and management of the View–based access control model of SNMP. |
---|
Mgmt | IETF RFC 3416 | Version 2 of the Protocol Operations for the Simple Network Management Protocol (SNMP) | This standard (RFC) defines the message structure and protocol operations used by SNMPv3. |
---|
Mgmt | IETF RFC 3418 | Management Information Base (MIB) for the Simple Network Management Protocol (SNMP) | This standard (RFC) defines the MIB to configure and manage an SNMP entity. |
---|
Mgmt | IETF RFC 4293 | Management Information Base for the Internet Protocol (IP) | This standard (RFC) defines the MIB that manages an IP entity. |
---|
Security | IETF RFC 6353 | Transport Layer Security (TLS) Transport Model for the Simple Network Management Protocol (SNMP) | This standard (RFC) defines how to use the TLS authentication service to provide authentication within the access control mechanism of SNMP. |
---|
ITS Application Entity | NTCIP 1209 | NTCIP Object Definitions for Transportation Sensor Systems (TSS) | This standard defines SNMP objects (data elements) to monitor and control transportation system sensors that measure real–time vehicular traffic information. |
---|
ITS Application Entity | NTCIP 1205 | NTCIP Objects for CCTV Camera Control | This standard defines SNMP objects (data elements) for control and monitoring of closed–circuit television (CCTV) camera controllers. |
---|
ITS Application Entity | NTCIP 1203 | NTCIP Object Definitions for Dynamic Message Signs (DMS) | This standard defines SNMP objects (data elements) for monitoring and controlling dynamic message signs (such as variable message signs). |
---|
Facilities | IETF RFC 3411 | An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks | This standard (RFC) defines the basic architecture for SNMPv3 and includes the definition of information objects for managing the SNMP entity's architecture. |
---|
Facilities | IETF RFC 3412 | Message Processing and Dispatching for the Simple Network Management Protocol (SNMP) | This standard (RFC) contains a MIB that assists in managing the message processing and dispatching subsystem of an SNMP entity. |
---|
Facilities | IETF RFC 3413 | Simple Network Management Protocol (SNMP) Applications | This standard (RFC) includes MIBs that allow for the configuration and management of remote Targets, Notifications, and Proxys. |
---|
Facilities | IETF RFC 3414 | User–based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3) | This standard (RFC) contains a MIB that assists in configuring and managing the user–based security model. |
---|
Facilities | IETF RFC 3415 | View–based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP) | This standard (RFC) contains a MIB that supports the configuration and management of the View–based access control model of SNMP. |
---|
Facilities | IETF RFC 3416 | Version 2 of the Protocol Operations for the Simple Network Management Protocol (SNMP) | This standard (RFC) defines the message structure and protocol operations used by SNMPv3. |
---|
Facilities | NTCIP 1209 | NTCIP Object Definitions for Transportation Sensor Systems (TSS) | This standard defines SNMP objects (data elements) to monitor and control transportation system sensors that measure real–time vehicular traffic information. |
---|
Facilities | NTCIP 1205 | NTCIP Objects for CCTV Camera Control | This standard defines SNMP objects (data elements) for control and monitoring of closed–circuit television (CCTV) camera controllers. |
---|
Facilities | NTCIP 1203 | NTCIP Object Definitions for Dynamic Message Signs (DMS) | This standard defines SNMP objects (data elements) for monitoring and controlling dynamic message signs (such as variable message signs). |
---|
TransNet | IETF RFC 2460 | Internet Protocol, Version 6 (IPv6) Specification | This standard (RFC) specifies version 6 of the Internet Protocol (IPv6), also sometimes referred to as IP Next Generation or IPng. |
---|
TransNet | IETF RFC 4291 | IP Version 6 Addressing Architecture | This standard (RFC) defines the addressing architecture of the IP Version 6 (IPv6) protocol. It includes the IPv6 addressing model, text representations of IPv6 addresses, definition of IPv6 unicast addresses, anycast addresses, and multicast addresses, and an IPv6 node's required addresses. |
---|
TransNet | IETF RFC 4443 | Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification | This standard (RFC) defines the control messages to manage IPv6. |
---|
TransNet | IETF RFC 793 | Transmission Control Protocol | This standard (RFC) defines the main connection–oriented Transport Layer protocol used on Internet–based networks. |
---|
Access | NTCIP 2104 | NTCIP SP–Ethernet | This standard defines the Access Layer for center–to–field communications where the local connection is some variant of Ethernet. |
---|
One significant or possibly a couple minor issues. For existing deployments, the chosen solution likely has identified security or management issues not addressed by the communications solution. Deployers should consider additional security measures, such as communications link and physical security as part of these solutions. They should also review the management issues to see if they are relevant to their deployment and would require mitigation. For new deployments, the deployment efforts should consider a path to addressing these issues as a part of their design activities. The solution does not by itself provide a fully secure implementation without additional work.
Issue | Severity | Description | Associated Standard | Associated Triple |
---|
Use case not considered in design (critical) | High | While the indicated standards nominally address the information flow, the design details may not meet performance or other requirements because this particular use case was not the focus of the design effort. | (None) | PennDOT Field Devices – District=>work zone warning status=>PennDOT District Eleven Offices |
---|
Use case not considered in design (critical) | High | While the indicated standards nominally address the information flow, the design details may not meet performance or other requirements because this particular use case was not the focus of the design effort. | (None) | PennDOT Field Devices – District=>work zone warning status=>PennDOT County Maintenance Offices |
---|
Use case not considered in design (critical) | High | While the indicated standards nominally address the information flow, the design details may not meet performance or other requirements because this particular use case was not the focus of the design effort. | (None) | PennDOT Field Devices – District=>work zone warning status=>PennDOT District Twelve Offices |
---|
Use case not considered in design (critical) | High | While the indicated standards nominally address the information flow, the design details may not meet performance or other requirements because this particular use case was not the focus of the design effort. | (None) | PennDOT Field Devices – District=>work zone warning status=>PennDOT District Ten Offices |
---|
Use case not considered in design (critical) | High | While the indicated standards nominally address the information flow, the design details may not meet performance or other requirements because this particular use case was not the focus of the design effort. | (None) | City of Pittsburgh Field Devices=>lane management information=>City of Pittsburgh Traffic Management Center (CityTMC) |
---|
Data not fully defined (medium) | Medium | Some of the data elements for this information flow are not fully defined. | (None) | PennDOT County Maintenance Offices=>work zone warning device control=>PennDOT Field Devices – District |
---|
Data not fully defined (medium) | Medium | Some of the data elements for this information flow are not fully defined. | (None) | PennDOT District Ten Offices=>work zone warning device control=>PennDOT Field Devices – District |
---|
Data not fully defined (medium) | Medium | Some of the data elements for this information flow are not fully defined. | (None) | PennDOT Field Devices – District=>work zone warning status=>PennDOT District Ten Offices |
---|
Data not fully defined (medium) | Medium | Some of the data elements for this information flow are not fully defined. | (None) | PennDOT Field Devices – District=>work zone warning status=>PennDOT District Twelve Offices |
---|
Data not fully defined (medium) | Medium | Some of the data elements for this information flow are not fully defined. | (None) | PennDOT Field Devices – District=>work zone warning status=>PennDOT County Maintenance Offices |
---|
Data not fully defined (medium) | Medium | Some of the data elements for this information flow are not fully defined. | (None) | PennDOT Field Devices – District=>work zone warning status=>PennDOT District Eleven Offices |
---|
Data not fully defined (medium) | Medium | Some of the data elements for this information flow are not fully defined. | (None) | PennDOT District Twelve Offices=>work zone warning device control=>PennDOT Field Devices – District |
---|
Data not fully defined (medium) | Medium | Some of the data elements for this information flow are not fully defined. | (None) | Western Region Traffic Management Center (PennDOT)=>work zone warning device control=>PennDOT Field Devices – District |
---|
Out of date (medium) | Medium | The standard includes normative references to other standards that have been subject to significant changes that can impact interoperability or security of systems and the industry has not specified if and how these updates should be implemented for deployments of this standard. | IETF RFC 6353 TLS for SNMP | (All) |
---|
Update data to SNMPv3 | Low | Data has been defined for SNMPv1, but needs to be updated to SNMPv3 format. | (None) | (All) |
---|
Use TLS for SNMP Option | Low | The standard allows for multiple security mechanisms. The only defined mechanism that meets the requirements for C–ITS is the one based on TLS. | (None) | (All) |
---|