US: NTCIP Generic Device - SNMPv3/TLS

Description

This solution is used within the U.S.. It combines standards associated with US: NTCIP Generic Device with those for I–F: SNMPv3/TLS. The US: NTCIP Generic Device standards include upper–layer standards required to implement center–to–field communications for any device functionality. The I–F: SNMPv3/TLS standards include lower–layer standards that support secure center–to–field and field–to–field communications using simple network management protocol (SNMPv3); implementations are strongly encouraged to use the TLS for SNMP security option for this solution to ensure adequate security.

Includes Standards

LevelDocNumFullNameDescription
MgmtNTCIP 1201NTCIP Global Object (GO) DefinitionsThis standard defines SNMP objects (data elements) used by a wide range of field devices like time and versioning information.
MgmtIETF RFC 3411An Architecture for Describing Simple Network Management Protocol (SNMP) Management FrameworksThis standard (RFC) defines the basic architecture for SNMPv3 and includes the definition of information objects for managing the SNMP entity's architecture.
MgmtIETF RFC 3412Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)This standard (RFC) contains a MIB that assists in managing the message processing and dispatching subsystem of an SNMP entity.
MgmtIETF RFC 3413Simple Network Management Protocol (SNMP) ApplicationsThis standard (RFC) includes MIBs that allow for the configuration and management of remote Targets, Notifications, and Proxys.
MgmtIETF RFC 3414User–based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)This standard (RFC) contains a MIB that assists in configuring and managing the user–based security model.
MgmtIETF RFC 3415View–based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)This standard (RFC) contains a MIB that supports the configuration and management of the View–based access control model of SNMP.
MgmtIETF RFC 3416Version 2 of the Protocol Operations for the Simple Network Management Protocol (SNMP)This standard (RFC) defines the message structure and protocol operations used by SNMPv3.
MgmtIETF RFC 3418Management Information Base (MIB) for the Simple Network Management Protocol (SNMP)This standard (RFC) defines the MIB to configure and manage an SNMP entity.
MgmtIETF RFC 4293Management Information Base for the Internet Protocol (IP)This standard (RFC) defines the MIB that manages an IP entity.
SecurityIETF RFC 6353Transport Layer Security (TLS) Transport Model for the Simple Network Management Protocol (SNMP)This standard (RFC) defines how to use the TLS authentication service to provide authentication within the access control mechanism of SNMP.
ITS Application EntityNTCIP 1205NTCIP Objects for CCTV Camera ControlThis standard defines SNMP objects (data elements) for control and monitoring of closed–circuit television (CCTV) camera controllers.
FacilitiesIETF RFC 3411An Architecture for Describing Simple Network Management Protocol (SNMP) Management FrameworksThis standard (RFC) defines the basic architecture for SNMPv3 and includes the definition of information objects for managing the SNMP entity's architecture.
FacilitiesIETF RFC 3412Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)This standard (RFC) contains a MIB that assists in managing the message processing and dispatching subsystem of an SNMP entity.
FacilitiesIETF RFC 3413Simple Network Management Protocol (SNMP) ApplicationsThis standard (RFC) includes MIBs that allow for the configuration and management of remote Targets, Notifications, and Proxys.
FacilitiesIETF RFC 3414User–based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)This standard (RFC) contains a MIB that assists in configuring and managing the user–based security model.
FacilitiesIETF RFC 3415View–based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)This standard (RFC) contains a MIB that supports the configuration and management of the View–based access control model of SNMP.
FacilitiesIETF RFC 3416Version 2 of the Protocol Operations for the Simple Network Management Protocol (SNMP)This standard (RFC) defines the message structure and protocol operations used by SNMPv3.
FacilitiesNTCIP 1205NTCIP Objects for CCTV Camera ControlThis standard defines SNMP objects (data elements) for control and monitoring of closed–circuit television (CCTV) camera controllers.
TransNetIETF RFC 2460Internet Protocol, Version 6 (IPv6) SpecificationThis standard (RFC) specifies version 6 of the Internet Protocol (IPv6), also sometimes referred to as IP Next Generation or IPng.
TransNetIETF RFC 4291IP Version 6 Addressing ArchitectureThis standard (RFC) defines the addressing architecture of the IP Version 6 (IPv6) protocol. It includes the IPv6 addressing model, text representations of IPv6 addresses, definition of IPv6 unicast addresses, anycast addresses, and multicast addresses, and an IPv6 node's required addresses.
TransNetIETF RFC 4443Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) SpecificationThis standard (RFC) defines the control messages to manage IPv6.
TransNetIETF RFC 793Transmission Control ProtocolThis standard (RFC) defines the main connection–oriented Transport Layer protocol used on Internet–based networks.
AccessNTCIP 2104NTCIP SP–EthernetThis standard defines the Access Layer for center–to–field communications where the local connection is some variant of Ethernet.

Readiness: High–Moderate

Readiness Description

One significant or possibly a couple minor issues. For existing deployments, the chosen solution likely has identified security or management issues not addressed by the communications solution. Deployers should consider additional security measures, such as communications link and physical security as part of these solutions. They should also review the management issues to see if they are relevant to their deployment and would require mitigation. For new deployments, the deployment efforts should consider a path to addressing these issues as a part of their design activities. The solution does not by itself provide a fully secure implementation without additional work.

Issues

IssueSeverityDescriptionAssociated StandardAssociated Triple
Out of date (medium)MediumThe standard includes normative references to other standards that have been subject to significant changes that can impact interoperability or security of systems and the industry has not specified if and how these updates should be implemented for deployments of this standard.IETF RFC 6353 TLS for SNMP(All)
Update data to SNMPv3LowData has been defined for SNMPv1, but needs to be updated to SNMPv3 format.(None)(All)
Use TLS for SNMP OptionLowThe standard allows for multiple security mechanisms. The only defined mechanism that meets the requirements for C–ITS is the one based on TLS.(None)(All)

Supports Interfaces

SourceDestinationFlow
City of Pittsburgh Field DevicesCity of Pittsburgh Officesfield equipment status
Municipal Field DevicesMunicipal Officesfield equipment status
Municipal Field DevicesMunicipal Traffic Officesfield equipment status
PennDOT Field Devices – DistrictPennDOT County Maintenance Officesfield equipment status
PennDOT Field Devices – DistrictPennDOT District Eleven Officesfield equipment status
PennDOT Field Devices – DistrictPennDOT District Ten Officesfield equipment status
PennDOT Field Devices – DistrictPennDOT District Twelve Officesfield equipment status
PennDOT Field Devices – DistrictWestern Region Traffic Management Center (PennDOT)field equipment status
PennDOT Field Devices – District OneWestern Region Traffic Management Center (PennDOT)field equipment status
PennDOT Field Devices – StatePennDOT Statewide TMCfield equipment status
PTC Field DevicesPTC Officesfield equipment status