The URL can be used to link to this page

Home My WebLink About20240806IPC to Staff Response No. 32(a) - Attachment 1 - Project Plan.pdf Response to Staff Request No.32a-Attachment 1 Idaho Power Company Single VendorPlatform EMS / SCADA Phase Business Requirements IT BSA: Nicole Gooch August 2023 sY+I� �� ,�` 'fit .�, •, ,,�'' L- :1� Idaho Power Business Requirements 11Page Business Requirements Idaho Power Business Requirements Document Usage This document is not a checklist and does not provide guidance on how to properly identify, gather, analyze, validate, and verify requirements, and must not be used as such. It is solely for documenting the final outcome of the activities performed during the appropriate phase of the project. uocument References SVP Business Case • SharePoint: Grid Modernization > Single Vendor Platform RFP > Financials > Business Case • https://spillway/it/GridMod/SVP- RFP/Financials/Business%20Case/SVP%20BC.docx?d=wdfaaObcce28e4flf8bl6lbd23fcdelfe Common Grid —SVP—Working Requirements • SharePoint: Grid Modernization > Single Vendor Platform Phase 1 EMS > Requirements • https://spillway/it/G rid Mod/SingleVendorPIatform/Requ ire ments/Common%20G rid%20-%20SVP%20- %20Working%2ORequirements.xlsx?d=wefa866f9802845f4bc8e47dO5eedef95 Final SOW TOC v.1 • SharePoint: Grid Modernization > Single Vendor Platform Phase 1 EMS > Requirements > Conformance Files • https://spillway/it/GridMod/SingleVendorPIatform/Requirements/Conformance%20Files/Final%20SO W%20TOC%20v.1.xlsx?d=w84e616ca45374fcb91ae18f739fOe7e0 SVP Phase 1 RTM • SharePoint: Grid Modernization > Single Vendor Platform Phase 1 EMS >Testing • https://spillway/it/GridMod/SingleVendorPIatform/Testing/SVP%20Phase%201%20RTM.xlsx?d=wa182 aef22bfb47ecbfc8e72323908e66 BUSINESS REQUEST Business Request Overview Prior to the SVP project, Idaho Power leveraged three stand-alone grid control systems for managing the bulk electric system, optimizing distribution assets, and responding to customer outages. Because these systems are independent, they require three sets of hardware, three network models, three support organizations, and complex integrations between the systems. These systems are as follows: • Energy Management System (EMS/SCADA), currently GE-Alstom, which monitors and controls transmission and generation assets and distribution feeder relays • Outage Management System (OMS), currently CGI Pragma, which tracks and reports on outages and manages outage restoration activities 2 1 P a g e Idaho Power Business Requirements • Integrated Volt/Var Control (IVVC), currently OSI monarch, a Distribution Management System (DMS) based system which monitors and controls the load tap changers (LTC), voltage regulators and capacitors on distribution feeders This project will consolidate these systems into a common platform. Consolidating the disparate systems under a single vendor platform should reduce total cost of ownership, lower cyber security threats, and improve user proficiency and organizational support. The common architecture will allow IPC to optimize internal support structures through shared resources and reduce IPC's total cost of ownership through bundling support and licensing costs. Idaho Power has also been investing in distribution management technologies as part of our Grid Modernization roadmap, specifically laying the foundation for an Advanced Distribution Management System (ADMS) platform. An ADMS will provide significant enhancements in modeling, control, and system awareness needed to support the grid of tomorrow. The ADMS implementation would also provide real-time load flow and new advanced applications such as fault locating, isolation and system restoration (FLISR), enhanced switch order management, and Distributed Energy Resource Management (DERMS) tools. The real-time load flow and distributed energy resource (DER) awareness will improve Idaho Power's operational visibility into the distribution network and provide more direct control to operators, improving reliability to our customers and increasing our ability to effectively manage additional distributed generation. As DERs continue to grow, IPCs ability to support customer owned generation and manage volatility must grow with it. The first phase of SVP will consist of implementing OSI's EMS and SCADA systems and transitioning our current users of the GE-Alstom system to OSI's. This requirements document specifies what will be delivered within the initial phase for EMS/SCADA. Business Goals and Objectives Overall SVP (all phases) Business Objectives ID # OBJECTIVE KEY RESULTS STRATEGIC ALIGNMENT/DRIVER OBJ1 Reduce IPC's TCO 1. Reduce maintenance costs Improve the Core 2. Minimize integrations Business Enhance the Brand OBJ2 Optimize support 1. Produce/provide streamlined and Improve the Core teams and consistent training across all modules Business resources with a of the ADMS shared support 2. Provide a common user experience 3. Leverage IPC's existing resources to organization improve operational flexibility with common knowledge and people 3 1 P a g e Business Requirements Idaho Power OBJ3 Improve 1. Provide a platform for system Improve the Core operational operations to achieve improved Business efficiency reliability and resiliency 2. Improve power system monitoring and Enhance the Brand control capabilities Keep Employees Safe 3. Provide a basis for continued and and Engaged effective operations during severe weather events and other disruptions 4. Extend existing systems and leverage a consolidated SCADA for transmission and distribution (T&D) 5. Increase operator awareness, reducing the risk of human performance error OBJ4 Establish a 1. Enhance visibility and control of Improve the Core foundation for system operations to accommodate Business future grid high penetration of DER operations 2. Coordinated system control with single Enhance the Brand vendor platform to manage DR's and Grow Financial all generation Strength 3. Enhance grid control with a DER-aware ADMS for widespread distributed generation resources 4 Page Idaho Power Business Requirements BUSINESS PROCESS OVERVIEW Current State System Current State Architecture Diagrams for EMS/SCADA in GE-Alstom Current State EMS Integrations EMS Integrations w qle®r: Eoad F—tIt otn W athe. webA-. F start TI WIT MSTags Corp Email SenJers -'�\ nl g duks ' A Inad n �AyuafiYl ® Ge ratio Water Inatl N IVGauge Time of EMS Email Fore t Tie n IN ether tubers FI SunsH e All App p rye F rc[ AISOEIM PI pshet ADS Data Historian E Gen/ETSR orr Rion DOTS She! F --►j S..A CITRIX T S. ik Tra IMP U Dab DO SCADA Bztk.p SCADA Web _ OMS Datae4in }}I�� OP{_RH OE�ge dg E Ed EM�'e -Se7♦y_B A RBSE RTU SGDAWEBA %Se 1-T-4.Server Fik Tra A.- rB SGDAWEBB SI KO I_ --I IWC/DMS UnemWted TEg �T AT&T WECC NET BPA/CAISO/PGE/PAC/NVEP EMS 5 � Page Business Requirements Idaho Power Current EMS Architecture Configuration WebFGServer WebFGServer WebFGServer WebFGServer DBSEQ HABITAT HABITAT DBSEQ I DBSEQ Client I I SCADA WebFGServer 1� �Z weu' 'awes SCADA EMS EMS EMS C��^• CFGCTRL CFGLTft I CFGCTRL F6CTRL Node A I I ode B cFccrR� STAND arn cFccrR� f ou cFcZi L3LED UG L WebFGServervoerR� SCADA WebFGSe-,.EMSTR EN' FGCL CFGCTRLCFGCTRL WebFGServerWebFGServer WebFGServer WebFGServer L— — HABITAT DBSEQ DBSEQ HABITAT Node C Node D RPSTANDBY RMSTANDBY ��tMiltTt��• SYTt ASSM EMS —■ A�� .,d. 01a IIAIIA VOU an •fltt C/o rt/A 01O tlr{aVINIUM SRt a SM1t MI � Ww.Cw K►A �® • t1Tt. Iolt K W I l/. 0101 RSMTWUA A •SM 0 1OA Tt/A • O � Dail M1JlT1ltII a 0 srtt D PON tt/. 6 Page Idaho Power Business Requirements Current State Processes A current process inventory will be cataloged and progress on updates tracked within Current Process Inventory Log, found on Single Vendor Platform Phase 1 EMS SharePoint site under Process Documents section (Process Documents - Contains Confidential & Proprietary-All Documents). Those processes include: • Alarm Management o Communications Alarms o Control Sequence Scheduler • Automatic Generation Control • Capacity and Energy Emergencies • Changing Alarm Settings for Temporary Need • Communications Issues • Contingency Reserve Deployment • Control Room Communications • Distribution/Transmission System Monitoring • Dynamic Schedule Implementation and Monitoring • Emergency Operations o Load shedding o Loss of Control Center o Loss of EMS • EMS Operation • FAA Notifications • Fire Operations • Generation Curtailment • Geomagnetic Disturbance • Hydro Management • ICCP Modeling • Inadvertent Accumulation Monitoring • Inhibiting Alarms • Loss of Communications • Managing Alarms • Monitor and Maintain Transmission System Voltage • Real-time Contingency Analysis • Real-time Interchange Adjustment and Override • Real-time System Monitoring • Real-time Transmission Operations • Remedial Action Schemes • Setting Generation Basepoints • Situational Awareness/Network Apps • System Switching and Clearances 7 Page Business Requirements Idaho Power • Tag Out Procedures • Transferring Files Out of EMS Network Procedure • Unit Start-up and Shutdown • Variable Generation Curtailment • Viewing and Searching Alarms • WPP Reserve Sharing Process Proposed Future State System Future State Architecture Diagrams —A11 Phases of SVP The following drawing shows the conceptual architecture of the whole solution, including EMS, SCADA and ADMS. The specific details of the systems architecture for each phase of the project, in which different main components will be deployed, will be included in the corresponding requirements document for that phase (phase 1, the EMS and SCADA implementation, is included in this document below). • .os►. SAA A ►t V. � O •rrrM _ ftmor4m CIO �g AD As illustrated in the diagram above, the solution's conceptual architecture includes two sites, Primary and Secondary, and different working environments with system components distributed in them. The solution then is logically structured into the following environments: 1. Production Environment— Replicated in both sites, BCW Production System (PROD-A) and BOBN Production System (PROD-B). This environment includes the following system components SCADA, EMS, GMS, OMS and DMS. 2. Quality Assurance/Staging Environment - Replicated in both sites, BCW QA System (QA-A) and BOBN QA System (QA-B). This environment includes all the Data Base management and system support tools required to use this environment as the staging environment to ensure quality processes for any change that need to be applied to the system 8 1 P a g e Idaho Power Business Requirements 3. Demilitarized zone - Replicated in both sites, BCW DMZ System (DMZ-A) and BOBN DMZ System (DMZ- B). The DMZ is the environment where all access and data exchange with external systems and applications happens. All interfaces, including the GIS interface to import the Distribution model will be implemented in the DMZ. 4. Development Environment (DEV) — Implemented only in the Main site to be used as a sand box to develop, deploy and verify system changes before their deployment to QA. 5. Dispatcher Training Simulator Environment (DTS) - Implemented only in the Main site to provide the capabilities needed for IPC in training its personnel on the operation of the new system. The DTS will provide all the necessary user interfaces and computing capabilities to train individual operators and/or an entire control room crew. A fully functional DEV environment will be delivered at the beginning of the project. This initial DEV will not be required to include all the functionality described in the specification, but it will support IPC's database, displays and interface development activities as well as facilitate point validation and checkout. Future State Processes A process inventory will be cataloged and progress on updates for Future State tracked within Current Process Inventory Log, found on Single Vendor Platform Phase 1 EMS SharePoint site under Process Documents section (Process Documents - Contains Confidential & Proprietary-All Documents). The following processes are believed to need some level of update as a part of the Phase 1 EMS implementation. • Alarm Management: o Communications Alarms o Control Sequence Scheduler • Automatic Generation Control • Capacity and Energy Emergencies • Changing Alarm Settings for Temporary Need • Contingency Reserve Deployment • Distribution/Transmission System Monitoring • Dynamic Schedule Implementation and Monitoring • Emergency Operations o Load shedding o Loss of Control Center o Loss of EMS • EMS Operation • FAA Notifications • Fire Operations • Generation Curtailment • Hydro Management • ICCP Modeling • Inadvertent Accumulation Monitoring • Inhibiting Alarms • Loss of Communications 9 Page Business Requirements Idaho Power • Managing Alarms • Monitor and Maintain Transmission System Voltage • Real-time Contingency Analysis • Real-time Interchange Adjustment and Override • Real-time System Monitoring • Real-time Transmission Operations • Remedial Action Schemes • Setting Generation Basepoints • Situational Awareness/Network Apps • System Switching and Clearances • Tag Out Procedures • Transferring Files out of EMS Network Procedure • Unit Start-up and Shutdown • Variable Generation Curtailment • Viewing and Searching Alarms • WPP Reserve Sharing Process DETAIL REQUIREMENTS Organize content by sub-system,feature, or user as needed. Assumptions or Process Dependencies List any assumptions or process dependencies that have been identified when defining the system or regarding the solution. To toggle between the different levels of this list, click in the line, and click the Increase Indent or Decrease Indent button in the Paragraph section of the Home tab. A-1 Ops Net will need to be expanded to meet the needs of the single vendor platform A-2 Ops Net and the SVP leadership team will need to maintain open communication and complimentary designs as that environment will be utilized for some of the SVP systems A-3 Wherever possible the project team will limit any expansion of our CIP environment A-4 The existing OMS-EMS integration will likely need to be re-worked temporarily to connect OSI EMS to CGI OMS prior to the OSI OMS being implemented A-5 A WECC audit is slated for 2024 which needs taken into consideration during SVP EMS/SCADA phase planning to avoid any negative impacts to that audit 101Page Idaho Power Business Requirements Business Rules/Constraints EMS and SCADA NERC CIP Compliance Standard Requirement High-Level Description CIP-002-5.1a R1 BES Cyber Asset Identification CIP-002-5.1a R1.1 High Impact BES Cyber Systems CIP-002-5.1a R1.2 Medium Impact BES Cyber Systems CIP-002-5.1a R2 Review & approve BES Cyber Asset Identification CIP-002-5.1a R2.1 Review R1 Identification CIP-003-8 R2 Cyber Security Plans for Low Impact BES Cyber Systems CIP-003-8 R2 - Att. 1 Electronic access controls for Low Impact BCS Section 3 CIP-003-8 R2 - Att. 1 Permit only necessary inbound & outbound electronic access. Section 3.1 CIP-003-8 R2 - Att. 1 Implement authentication for Dial-Up for Low Impact BCS Section 3.2 CIP-003-8 R2 - Att. 1 Implement, except under CIP Exceptional Circumstances, one or more Section 5 plans to mitigate the risk of the introduction of malicious code to Low Impact BCS (LIBCS) via Transient Cyber Asset (TCA) & Removable Media (RM) CIP-003-8 R2 - Att. 1 For TCAs managed the IPC, if any, use one or a combination of the Section 5.1 following in an ongoing or on-demand manner: AV software, including manual or managed updates of signatures or patterns; Application whitelisting; or other method(s) to mitigate the introduction of malicious code CIP-003-8 R2 - Att. 1 For TCAs managed by a party other than IPC, if any, 5.2.1 - Use one or a Section 5.2 combo. of the following prior to connecting the TCA to a LIBCS: review of AV update level, AV update process used by the party, app. whitelisting used by the party, use of live OS & software executable only from read- only media, system hardening & other methods to mit. the intro. of mal. code & 5.2.2 - For any method used pursuant to 5.2.1, det. whether any add. mit. actions are necessary & implement prior to connecting to the TCA 111Page Business Requirements Idaho Power Standard Requirement High-Level Description CIP-003-8 R2 - Att. 1 For RM, use each of the following: 5.3.1 - Method(s) to detect malicious Section 5.3 code on RM using a CA other than a BCS; & 5.3.2 - Mitigation of the threat of detected malicious code on the RM prior to connecting RM to a LIBCS CIP-004-6 R5 Access Revocation Program CIP-004-6 R5.1 For terminations, remove unescorted physical access & Interactive Remote Access within 24 hrs. of the termination action CIP-004-6 R5.2 For reassignments or transfers, revoke the authorized electronic & unescorted physical by the end of the next calendar day CIP-004-6 R5.4 For terminations, revoke non-shared user accounts within 30 calendar days CIP-004-6 R5.5 For terminations, change passwords for shared accounts within 30 calendar days CIP-005-6 R1 Electronic Security Perimeter CIP-005-6 R1.1 All applicable Cyber Assets connected to a network via a routable protocol shall reside within a defined ESP CIP-005-6 R1.2 All External Routable Connectivity must be through an identified Electronic Access Point (EAP) CIP-005-6 R1.3 Require inbound & outbound access permissions, including reason for granting access & denying by default CIP-005-6 R1.4 Where technically feasible, perform authentication when establishing Dial- up Connectivity with applicable Cyber Assets CIP-005-6 R1.5 Have one or more methods for detecting known or suspected malicious communications for both inbound & outbound communications CIP-005-6 R2 Interactive Remote Access Management CIP-005-6 R2.1 Utilize an Intermediate System such that a Cyber Asset initiating interactive remote access does not directly access an applicable Cyber Asset CIP-005-6 R2.2 For all Interactive Remote Access sessions, utilize encryption that terminates at an Intermediate System CIP-005-6 R2.3 Require multi-factor authentication for all interactive remote access sessions CIP-005-6 R2.4 Have one or more methods for determining active vendor remote access sessions (including Interactive Remote Access and system-to-system remote access) 121Page Idaho Power Business Requirements Standard Requirement High-Level Description CIP-005-6 R2.5 Have one or more method(s) to disable active vendor remote access (including Interactive Remote Access and system-to-system remote access) CIP-005-7 R3 Vendor Remote Access Management for EACMS and PACS CIP-005-7 R3.1 Have one or more method(s) to determine authenticated vendor initiated remote connections CIP-005-7 R3.2 Have one or more method(s) to terminate authenticated vendor initiated remote connections and control the ability to reconnect CIP-007-6 R1 Ports & Services CIP-007-6 R1.1 Where technically feasible, enable only logical network accessible ports that have been determined to be needed by the Responsible Entity CIP-007-6 R1.2 Protect against the use of unnecessary physical input/output ports used for network connectivity, console commands, or removable media CIP-007-6 R2 Security Patch Management CIP-007-6 R2.1 A patch management process for tracking, evaluating & installing cyber security patches for applicable CAs CIP-007-6 R2.2 At least one every 35 calendar days, evaluate security patches for applicability that have been released since the last evaluation from the source or sources identified in Part 2.1 CIP-007-6 R2.3 For applicable patches identified in Part 2.2, within 35 calendar days of the evaluation completion, take one of the following actions: Apply the applicable patches; or create a dated mitigation plan; or revise an existing mitigation plan CIP-007-6 R2.4 For each mitigation plan created or revised in Part 2.3, implement the plan within the timeframe specified in the plan CIP-007-6 R3 Malicious Code Prevention CIP-007-6 R3.1 Deploy method(s) to deter, detect or prevent malicious code CIP-007-6 R3.2 Mitigate the threat of detected malicious code CIP-007-6 R3.3 For those methods identified in Part 3.1 that use signatures or patterns, have a process for the update of the signatures or patterns CIP-007-6 R4 Security Event Monitoring CIP-007-6 R4.1 Log events at the BES Cyber System level or at the Cyber Asset level for ID of, & after-the-fact investigation of, cyber security incidents 131Page Business Requirements Idaho Power Standard Requirement High-Level Description CIP-007-6 R4.2 Generate alerts for security events that the responsible entity determines necessitates an alert CIP-007-6 R4.3 Where technically feasible, retain applicable event logs identified in Part 4.1 for at least 90 consecutive calendar days CIP-007-6 R4.4 Review a summarization or sampling of logged events as determined by the responsible entity at intervals no greater than 15 calendar days CIP-007-6 R5 System Access Controls CIP-007-6 R5.1 Have a method(s) to enforce authentication of interactive user access where technically feasible CIP-007-6 R5.2 Identify & inventory all known enabled default or other generic account types, either by system, by location or by system type(s) CIP-007-6 R5.3 Identify individuals who have authorized access to shared accounts CIP-007-6 R5.4 Change known default passwords, per Cyber Asset capability CIP-007-6 R5.5 For password-only authentication for interactive user access, either technically or procedurally enforce the following password parameters: Password length, three or more different types of characters (upper/lower case alphabetic, numeric, non alphanumeric) CIP-007-6 R5.6 Where technically feasible, for password-only authentication for interactive user access, either technically or procedurally enforce password changes or an obligation to change the password at least once every 15 calendar months CIP-007-6 R5.7 Where technically feasible either: Limit the number of unsuccessful authentication attempts or generate alerts after a threshold of unsuccessful authentication attempts CIP-009-6 R1 Recovery Plan Specifications CIP-009-6 R1.1 Conditions for activation of the recovery plan(s) CIP-009-6 R1.2 Roles and responsibilities of the responders CIP-009-6 R1.3 One or more processes for the backup & storage of information required to recover BES Cyber System functionality CIP-009-6 R1.4 One or more processes to verify the successful completion of the backup processes in Part 1.3 &to address any backup failures 141Page Idaho Power Business Requirements Standard Requirement High-Level Description CIP-009-6 R1.5 One or more processes to preserve data, per Cyber Asset capability, for determining the cause of a Cyber Security Incident that triggers activation of the recovery plan(s) CIP-009-6 R2 Recovery Plan Implementation &Testing CIP-009-6 R2.1 Test each of the recovery plans referenced in R1 at least once every 15 calendar months CIP-009-6 R2.2 Test a representative sample of information used to recover BES Cyber System functionality at least once every 15 calendar months CIP-009-6 R2.3 Test each recovery plans referenced in R1 at least once every 36 calendar months through an operational exercise of the recovery plans in an environment representative of the production environment. CIP-009-6 R3 Change Control CIP-009-6 R3.1 No later than 90 calendar days after completion of a recovery plan test or actual recovery, document lessons learned or the absence of any lessons learned, update the recovery plan & notify persons or groups with defined roles in the recovery plan CIP-009-6 R3.2 No later than 60 calendar days after a change to the roles or responsibilities, responders, or technology that the Responsible Entity determines would impact the ability to execute the recovery plan, update the recovery plan & notify person or group with a defined role in the recovery plan of the updates CIP-010-3 R1 Configuration Change Management CIP-010-3 R1.1 Develop a baseline configuration, individually or by group which shall include: OS or firmware, any commercially available or open-source application software, any custom software, any logical network accessible ports & security patches applied CIP-010-3 R1.2 Authorize & document changes that deviate from the existing baseline configuration CIP-010-3 R1.3 For a change that deviates from the existing baseline configuration, update the baseline configuration as necessary within 30 calendar days of completing the change CIP-010-3 R1.4 For a change that deviates from the existing baseline configuration: Prior to the change determine required cyber security controls in CIP-005 & CIP- 007 that could be impacted by the change. Following the change, verify 151Page Business Requirements Idaho Power Standard Requirement High-Level Description that required cyber security controls determined in 1.4.1 are not adversely affected & document the results of the verification CIP-010-3 R1.5 Where technically feasible for each change that deviates from the existing baseline configuration: Prior to implementing any change in the production environment test the change in a test or production environment, document the results of the test. If test environment was used document the differences between the test & production environments CIP-010-3 R1.6 Prior to a change that deviates from the existing baseline configuration associated with baseline items in Parts 1.1.1, 1.1.2 and 1.1.5, &when the method to do so is available to the Responsible Entity from the software source: Verify the identity of the software source; &Verify the integrity of the software obtained from the software source CIP-010-3 R2 Configuration Monitoring CIP-010-3 R.2.1 Monitor at least one every 35 calendar days for changes to the baseline configuration CIP-010-3 R3 Vulnerability Assessments CIP-010-3 R3.1 At least once every 15 calendar months, conduct a paper or active vulnerability assessment CIP-010-3 R3.2 Where technically feasible, at least once every 36 calendar months: Perform an active vulnerability assessment & document the results of the testing. If a test environment was used, the differences between the test & the production environment CIP-010-3 R3.3 Prior to adding a new applicable Cyber Asset to a production environment, perform an active vulnerability assessment of the new Cyber Asset CIP-010-3 R3.4 Document the results of the assessments conducted according to Parts 3.1, 3.2 & 3.3 &the action plan to remediate or mitigate vulnerabilities identified in the assessments CIP-010-3 R4 Transient Cyber Asset (TCA) & Removable Media (RM) CIP-010-3 R4- Att. 1 TCAs Managed by the Responsible Entity Section 1 CIP-010-3 R4- Att. 1 TCA Management Section 1.1 161Page Idaho Power Business Requirements Standard Requirement High-Level Description CIP-010-3 R4- Att. 1 TCA Authorization Section 1.2 CIP-010-3 R4- Att. 1 Software Vulnerability Mitigation Section 1.3 CIP-010-3 R4- Att. 1 Section 1.4 CIP-010-3 R4- Att. 1 Unauthorized Use Mitigation Section 1.5 CIP-010-3 R4- Att. 1 TCAs Managed by a Party other than the Responsible Entity Section 2 CIP-010-3 R4- Att. 1 Software Vulnerabilities Mitigation Section 2.1 CIP-010-3 R4- Att. 1 Introduction of malicious code mitigation Section 2.2 CIP-010-3 R4- Att. 1 For any method used to mitigate software vulnerabilities or malicious code Section 2.3 as specified in 2.1 & 2.2, determine whether any additional mitigation actions are necessary & implement such actions prior to connecting the TCA CIP-010-3 R4- Att. 1 RM Section 3 CIP-010-3 R4- Att. 1 RM Authorization Section 3.1 CIP-010-3 R4- Att. 1 Malicious Code Mitigation Section 3.2 CIP-011-2 R2 BES Cyber Asset Reuse and Disposal CIP-011-2 R2.1 Prior to the release for reuse of applicable Cyber Assets that contain BES Cyber System Information the Responsible Entity shall take action to prevent the unauthorized retrieval of BES Cyber System Information from the Cyber Asset data storage media CIP-011-2 R2.2 Prior to the disposal of applicable Cyber Assets that contain BES Cyber System Information, the responsible entity shall take action to prevent the unauthorized retrieval of BES Cyber System Information from the Cyber Asset or destroy the data storage media 171Page Business Requirements Idaho Power Standard Requirement High-Level Description CIP-012-1 R1 Real-time assessment & real-time monitoring data transmitted between Control Centers. CIP-012-1 R1.1 Identification of security protection used to mitigate the risks posed by unauthorized disclosure & unauthorized modification of Real-time Assessment & Real-time monitoring data while being transmitted between Control Centers; CIP-012-1 R1.2 Identification of where the Responsible Entity applied security protection for transmitting Real-time Assessment & Real-time monitoring data between Control Centers; & CIP-012-1 R1.3 If the Control Centers are owned or operated by different Responsible Entities, identification of the responsibilities of each Responsible Entity for applying security protection to the transmission of Real-time Assessment & Real-time monitoring data between those Control Centers. Operations and Planning Reliability Standards NERC Compliance Standard Requirement High-Level Description BAL-001-2 R1-R2 Real Power Balancing Control Performance BAL-002-3 R1-R3 Disturbance Control Standard —Contingency Reserve for Recovery from a BAL-003-2 R1, R3 Frequency Response and Frequency Bias Setting BAL-004-WECC-3 R1-R8 Automatic Time Error Correction BAL-005-1 R1-R7 Balancing Authority Control COM-002-4 R5-R7 Operating Personnel Communications Protocols EOP-004-4 R2 Event Reporting EOP-005-3 R1-R31 R10 System Restoration from Blackstart Resources EOP-008-2 R1, R4-R8 Loss of Control Center Functionality EOP-010-1 R3 Geomagnetic Disturbance Operations EOP-011-1 R1-R2 Emergency Operations IRO-001-4 R2 Reliability Coordination — Responsibilities IRO-006-5 R1 Reliability Coordination — Transmission Loading Relief (TLR) IRO-010-3 R3 Reliability Coordinator Data Specification and Collection 181Page Idaho Power Business Requirements Standard Requirement High-Level Description IRO-017-1 R2 Outage Coordination PER-003-2 R2-R3 Operating Personnel Credentials PER-005-2 R1-R6 Operations Personnel Training TOP-001-5 R1-R3, R5, R7-18, Transmission Operations R20-R21, R23-R24 TOP-003-4 R1-R21 R5 Operational Reliability Data TOP-010-1(i) R1-R4 Real-time Reliability Monitoring and Analysis Capabilities VAR-001-5 R1-R6, E.A.13, E.A.14, Voltage and Reactive Control E.A.16 VAR-002-4.1 R1-R3 Generator Operation for Maintaining Network Voltage Schedules VAR-501-WECC-3.1 R2 Power System Stabilizer (PSS) Functional Requirements Priority Scale High Required—Must have functionality essential to core processes. Medium Preferred—Greatly improves efficiency; Provides additional functionality that benefits customers or staff;Affects multiple users or departments. Low Nice to have—Provides minimal additional functionality benefitting a small number of customers or users. Single statements of individual functions and capabilities;things that the solution must do for its users;function=action; what the system 'shall'or 'will'do. Req# Solution Area Category Detail Priority TOC# REQ0030 System Functional The new system shall have at a minimum the following high-level High 02-048 Overview Overview functionality: 02-049 02-050 1. SCADA functions: 02-051 a. Data Acquisition (Front End Processors) 02-052 b. Data Processing 02-053 c. Event and Alarm Processing 02-054 d. Supervisory Control 02-055 02-056 e. Tagging 02-057 f. ICCP Data Exchange 02-058 g. Limit Manager 02-059 h. Alarm& Event Processing 02-060 i. Real-Time Calculations 02-061 j. Disturbance Data Collection 02-062 k. Load Shed & Restore 02-063 02-064 191Page Business Requirements Idaho Power Req# Solution Area Category Detail Priority TOC# I. Under Frequency Load Shed Monitor 02-065 2. User Interface functions: 02-066 a. Graphical User Interface 02-067 b. User Access and Authentication 02-068 02-069 c. User Operations 02-070 d. Data Trending 02-071 e. Playback 02-072 f. Support and Maintenance Displays 02-073 3. Database and Display Management: 02-074 a. Source Data Base Management System 02-075 b. Real Time Data Base 02-076 02-077 c. Display Development and Management 02-078 4. Historical Information Storage and Reporting functions: 02-079 a. Historical Database Management 02-080 b. Data Collection and Storage 02-081 c. Data Archival and Retrieval 02-082 d. Analytics 02-083 02-084 e. Data Access 02-085 f. Time Reconciliation 02-086 g. Historical Playback 02-087 h. Reports 02-088 5. Transmission Network Analysis functions: 02-089 a. Network Model Builder 02-090 b. Execution Modes(Real Time and Study) 02-091 02-092 c. Network Topology Processor 02-093 d. State Estimator 02-094 e. Transmission Power Flow 02-095 f. Contingency Analysis 02-096 g. Load Forecasting 02-110 6. Generation Control and Dispatch functions: 02-111 a. Automatic Generation Control (AGC) 02-112 02-114 b. Reserve Monitor c. Interchange Scheduling d. Energy Accounting e. EIM Market Support f. Variable Energy Resource(VER)Curtailment 9. Dispatcher Training Simulator a. Production System Simulator b. EMS Power System Simulator d. Instructor Module REQ0032 System Production The Production Environment shall be the real-time environment High 02-116 Overview Environment of the system with all the components(SCADA, EMS,GMS,OMS and DMS)and shall consist of a Primary Production System (to be located at BCW)and Secondary Production System (to be located at BOBN). 20 Page Idaho Power Business Requirements Req# Solution Area Category Detail Priority TOC# REQ0033 System Production The proposed solution shall support the Hot-Standby for the main High 02-117 Overview Environment components and Active/Active for the Front Ends and ICCP functions. REQ0034 System Production The Vendor's proposed HW configuration for the Production High 02-118 Overview Environment environments shall take into consideration the sizing, performance and availability requirements included in this specification. REQ0035 System Production Overview Environment 21 Page C � Idaho Power Business Requirements Req# Solution Area Category Detail Priority TOC# Use Case Briefs (To-be) List the proposed Use Cases that are known at this time. Include a brief, one-line description of each use case. Use "Use Case"template for documenting Use Cases. UC# ACTOR GOAL BRIEF PRIORITY UC-1 UC-2 UC UC-4 UC-5 NON-FUNCTIONAL REQUIREMENTS Quality Attributes Quality characteristics that a system should possess; what a system should be. (Examples:performance, availability, security, reliability, etc.). 0,Tq toggle between the different levels of this list, click in the line, and click the Increase Indent or Decrease Indent button in the Paragraph section of the Home tab. qa-2 QUALITY ATTRIBUTE REQUIREMENTS PRI.; REF. QA-3 Users: Number of users, locations, roles, FERC Classifications CIA-1.1 ENTER TEXT HERE Security: Authentications, remote or wireless access, data classification, etc. QA-2.1 ENTER TEXT HERE Availability: Up-time, back-up, recovery, maintenance window, etc. 231Page Business Requirements Idaho Power QA-3.1 Maximum Tolerable Downtime (MTD)—In the event of a major service outage (fire,flood, etc.), this is the maximum time the CBF can function without the supporting IT system. Scale: Choose an item. QA-3.2 Recovery Time Objective (RTO)—In the event of a limited service outage,this is the time period in which the business would expect the system to be fixed and able to support the Critical Business Function (CBF). Scale: Choose an item. QA-3.3 Recovery Point Objective (RPO)—In the event of a system outage,this is the amount of data the CBF could lose. Idaho Power currently performs backups every 24 hours. Scale: Choose an item. QA-3.4 Disaster Recovery Plan—If the MTD is anything other than Tier 4, a Disaster Recovery Plan is required before implementation. Disaster Recovery Plan Required: Choose an item. Usability: Efficient organization, consistency, intuitive, user-friendly, documentation and training. QA 4 QA-4.1 ENTER TEXT HERE. Reliability: Probability operation completes without failure, time between failures. Ms QA-5.1 ENTER TEXT HERE. qA-6 Performance: Response time, number of transactions,volume of data, etc. QA-6.1 ENTER TEXT HERE. 4A-% Supportability: System Admin, problem resolution, upgrades, support, back-up, restore, and archive. QA-7.1 ENTER TEXT HERE. TOC Req ID Solution Area Category Description 05-002 Cyber Security 05 Cyber The proposed solution shall provide for a highly Security secure environment, which only allows authorized users to interact with the system and consequently with IPC facilities. 05-003 Cyber Security 05 Cyber A multi-level security strategy shall be inherent in Security the design of the provided configuration including, as a minimum, the following: 05-004 Cyber Security 05 Cyber 1. Use of firewalls to only allow authorized users Security access into the System LAN(s) and computing environment. 241Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description 05-005 Cyber Security 05 Cyber 2. Use of unique user name and password on all Security servers and workstations for general operating system user login. 05-006 Cyber Security 05 Cyber 3. Use of unique user name and password for login Security into the User Interface. 05-007 Cyber Security 05 Cyber 4. Use of Areas of Responsibility and Console Security Partitions to allow control, monitoring, and viewing for authorized users and disable such capability of unauthorized users. 05-008 Cyber Security 05 Cyber 5. If using a Web-based User Interface, disable use Security of all control functions from the Web-based User Interface. 05-009 Cyber Security 05 Cyber 6. All user accounts shall be compatible with a Security LDAP-type provisioning system. 05-010 Cyber Security 05 Cyber 7. Use of generic or shared user accounts shall not Security be permitted. 05-012 Cyber Security 05.02 NERC The system proposed by the Vendor shall be Critical compliant with all applicable NERC CIP Standards. Infrastructure Protection (CIP) Standards 05-014 Cyber Security 05.02 NERC If a specific CIP standard(s) is under review or Critical revision during SOW phase, IPC shall have the Infrastructure option of testing the new standard during FAT, if Protection (CIP) applicable. Standards 05-017 Cyber Security 05.02 NERC 1. CIP-005-5-R1 Electronic Security Perimeter(s) - Critical Electronic Security Perimeter Infrastructure Protection (CIP) Standards 05-018 Cyber Security 05.02 NERC 2. CIP-005-5-R2 Electronic Security Perimeter(s) — Critical Interactive Remote Access Management Infrastructure 251Page Business Requirements Idaho Power TOC Req ID Solution Area Category Description Protection (CIP) Standards 05-019 Cyber Security 05.02 NERC 3. CIP-006-6 R1 Part 1.10— Physical Security- Critical Restrict physical access to cabling Infrastructure Protection (CIP) Standards 05-020 Cyber Security 05.02 NERC 4. CIP-007-6-R1 Systems Security Management— Critical Ports and Services Infrastructure Protection (CIP) Standards 05-021 Cyber Security 05.02 NERC 5. CIP-007-6-R2 Systems Security Management— Critical Security Patch Management Infrastructure Protection (CIP) Standards 05-022 Cyber Security 05.02 NERC 6. CIP-007-6-R3 Systems Security Management— Critical Malicious Code Prevention Infrastructure Protection (CIP) Standards 05-023 Cyber Security 05.02 NERC 7. CIP-007-6-R4 Systems Security Management— Critical Security Event Monitoring. Infrastructure Protection (CIP) Standards 05-024 Cyber Security 05.02 NERC 8. CIP-007-6-115 Systems Security Management— Critical System Access Control Infrastructure Protection (CIP) Standards 05-025 Cyber Security 05.02 NERC 9. CIP-009-6-R1.3 Recovery Plans for BES Cyber Critical Assets— Recovery Plan Specifications. Including Infrastructure detailed documentation of the recovery processes for each type of BES Cyber Asset 26 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description Protection (CIP) Standards 05-026 Cyber Security 05.02 NERC 10. CIP-010-2 R1 Configuration Change Critical Management and Vulnerability Assessments — Infrastructure Configuration Change Management Protection (CIP) Standards 05-027 Cyber Security 05.02 NERC 11. CIP-010-2 R2 Configuration Change Critical Management and Vulnerability Assessments — Infrastructure Configuration Monitoring Protection (CIP) Standards 05-028 Cyber Security 05.02 NERC 12. CIP-010-2 R3 Configuration Change Critical Management and Vulnerability Assessments— Infrastructure Vulnerability Assessments Protection (CIP) Standards 05-029 Cyber Security 05.02 NERC 13. CIP-010-2 R4 Configuration Change Critical Management and Vulnerability Assessments — Infrastructure Transient Cyber Assets and Removable Media Protection (CIP) Standards 05-031 Cyber Security 05.02 NERC This documentation shall include descriptions of Critical any 3rd party products necessary to achieve Infrastructure compliance. Protection (CIP) Standards 05-032 Cyber Security 05.02 NERC The Vendor shall be responsible for the integration Critical of these additional products into the system. Infrastructure Protection (CIP) Standards 05-033 Cyber Security 05.02 NERC Starting with FAT, a configuration management Critical and monitoring tool shall be used by both the Infrastructure Vendor and IPC. 271Page Business Requirements Idaho Power TOC Req ID Solution Area Category Description Protection (CIP) Standards 05-035 Cyber Security 05.02 NERC Finally, the requirements in this section of the Critical specification shall also be applicable to all 3rd Infrastructure party products proposed by the Vendor. Protection (CIP) Standards 05-036 Cyber Security 05.02.01 If there are cases where a NERC Technical Technical Feasibility Exception (TFE) would be required due Feasibility to a limitation in the proposed EMS that prevents Exceptions full compliance, the Vendor shall be responsible for providing all required documentation along with mitigation and remediation documentation. 05-037 Cyber Security 05.02.01 IPC will review and approve this documentation Technical and the Vendor shall be responsible for Feasibility implementation of the approved mitigation steps. Exceptions 05-039 Cyber Security 05.02.02 1. Security Awareness training per NERC CIP-004-6- Vendor R1 or current approved NERC CIP version. The Personnel vendor shall provide evidence of personnel Compliance training taken and a copy of the training material (CIP-004-6) shall be made available, if requested. 05-040 Cyber Security 05.02.02 2. Cyber Security training including yearly Vendor requirement per NERC CIP-004-6-132 Personnel Compliance (Cl P-004-6) 05-041 Cyber Security 05.02.02 3. System access management requirements per Vendor NERC CIP-004-6-R5 Personnel Compliance (Cl P-004-6) 05-042 Cyber Security 05.02.02 4. Access revocation requirements per NERC CIP- Vendor 004-6-R5 Personnel 28 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description Compliance (Cl P-004-6) 05-043 Cyber Security 05.02.02 The Vendor shall maintain all supporting Vendor documentation to show compliance with these Personnel requirements. Compliance (Cl P-004-6) 05-044 Cyber Security 05.02.02 This documentation shall be provided to IPC yearly Vendor and upon request from IPC. Personnel Compliance (Cl P-004-6) 05-046 Cyber Security 05.02.02 Prior to the start of any training, the Vendor shall Vendor provide IPC copies of the training material for Personnel review and approval. Compliance (Cl P-004-6) 05-047 Cyber Security 05.02.02 Only the approved training material shall be used Vendor and the Vendor shall provide updates to IPC when Personnel the training material is updated. Compliance (Cl P-004-6) 05-048 Cyber Security 05.02.02 IPC may also elect to have the Vendor personnel Vendor take the IPC training. Personnel Compliance (Cl P-004-6) 05-049 Cyber Security 05.02.02 In regards to access revocation (CIP-004-6-R5). The Vendor Vendor shall provide immediate notification to IPC Personnel upon determination that access is no longer Compliance required for an individual so that adequate time is (CIP-004-6) permitted to remove all access. 05-050 Cyber Security 05.02.02 The Vendor shall provide details about its Vendor notification process, including the timeframe for Personnel notifying customers of termination of personnel or cases in which personnel will no longer need 291Page Business Requirements Idaho Power TOC Req ID Solution Area Category Description Compliance physical or logical access the utility's sites or (CIP-004-6) systems. 05-051 Cyber Security 05.02.02 The Vendor shall also provide summary Vendor documentation to attest to its workforce receiving Personnel position-appropriate cybersecurity training. Compliance (Cl P-004-6) 05-052 Cyber Security 05.02.02 This includes specialized training for those involved Vendor in the design, development, manufacture, testing, Personnel shipping, installation, operation, and maintenance Compliance of products procured by IPC. (Cl P-004-6) 05-055 Cyber Security 05.02.03 At the end of the project and upon IPC request, the Information Vendor shall return or document the secure Protection (CIP- disposal of IPC's data and IPC-owned hardware 011-2) that is no longer needed by the Vendor. 05-056 Cyber Security 05.02.03 The vendor shall provide attestation that all Information personnel involved with this project have signed Protection (CIP- non-disclosure or confidentiality agreements to 011-2) protect customer information. 05-057 Cyber Security 05.03.01 The Vendor shall provide a list of accounts that are Default and recommended to remain active and those that can Well-Known be disabled, removed, or modified. Accounts 05-058 Cyber Security 05.03.01 IPC shall review this list, modify if necessary, and Default and provide written approval. Well-Known Accounts 05-059 Cyber Security 05.03.01 The Vendor shall disable, remove, or modify all the Default and accounts pursuant to the approved Well-Known recommendation prior to the start of FAT. Accounts 05-060 Cyber Security 05.03.01 Once changed, new accounts shall not be Default and published except that the new account 30 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description Well-Known information and passwords shall be provided by Accounts the Vendor via protected media. 05-061 Cyber Security 05.03.01 Prior to the start of FAT, the Vendor shall provide a Default and documented procedure that provides detailed Well-Known steps to change all default system and application Accounts passwords. 05-062 Cyber Security 05.03.01 All default system and application passwords shall Default and be changed prior to connecting the system to the Well-Known IPC network. Accounts 05-063 Cyber Security 05.03.01 In addition, the passwords for these accounts shall Default and be changed 7 days prior to placing the system into Well-Known production. Accounts 05-064 Cyber Security 05.03.01 Additionally, IPC shall have the ability to change Default and these passwords on demand. Well-Known Accounts 05-065 Cyber Security 05.03.01 As specified by IPC, accounts for emergency Default and operations shall be placed in a highly secure Well-Known configuration and documentation on their Accounts configuration shall be provided to IPC. 05-066 Cyber Security 05.03.02 User The system shall employ the strongest encryption Session method commensurate with the technology Management platform and response time constraints. 05-067 Cyber Security 05.03.02 User All communication of user credentials shall not be Session transmitted in clear text. Management 05-068 Cyber Security 05.03.02 User The system shall not provide any auto-fill Session functionality during operating system login, or Management allow anonymous logins 05-069 Cyber Security 05.03.02 User The Vendor shall configure the procured product Session such that when a session or inter-process Management communication is initiated from a less privileged 311Page Business Requirements Idaho Power TOC Req ID Solution Area Category Description application, access shall be limited and enforced at the more critical side. 05-070 Cyber Security 05.03.02 User The ability to generate a report of all system users Session shall be provided with information such as last Management login, last password change, date of next password change, and account status as a minimum. (e.g., active, inactive, locked, etc.). 05-071 Cyber Security 05.03.02 User The Vendor shall document options for defining Session access and security permissions, user accounts, Management and applications with associated roles. 05-074 Cyber Security 05.03.02 User • multiple concurrent logins using the same Session authentication credentials Management 05-075 Cyber Security 05.03.02 User • allow applications to retain login information Session between sessions Management 05-076 Cyber Security 05.03.02 User • provide any auto-fill functionality during login Session Management 05-077 Cyber Security 05.03.02 User • allow anonymous logins Session Management 05-078 Cyber Security 05.03.02 User The system shall provide the ability to define login Session banners that are presented to the users when Management establishing an interactive session with any systems or devices. 05-079 Cyber Security 05.03.02 User IPC shall have the ability to define and maintain Session the content of these banners. Management 05-081 Cyber Security 05.03.02 User The system shall provide account-based and Session group-based configurable session-based logout Management and timeout settings (e.g., alarms and human- machine interfaces) 32 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description 05-082 Cyber Security 05.03.03 Single It shall be possible to configure any console for Sign-On single sign-on capability. 05-083 Cyber Security 05.03.03 Single The Vendor shall ensure that account access for Sign-On single sign-on is equivalent to that enforced as a result of direct login. 05-084 Cyber Security 05.03.03 Single The Vendor shall use a secure method of Sign-On authentication (e.g., strong two-factor authentication) to allow single sign-on to a suite of applications. 05-085 Cyber Security 05.03.03 Single The Vendor shall protect key files and access Sign-On control lists used by the single-sign-on system from non-administrative user read, write, and delete access. 05-086 Cyber Security 05.03.03 Single The single-sign-on system shall resolve each Sign-On individual user's credentials, roles, and authorizations to each application. 05-087 Cyber Security 05.03.03 Single The Vendor shall provide documentation on Sign-On configuring a single-sign-on system, as well as documentation showing equivalent results in running validation tests against the direct login and the single sign-on. 05-088 Cyber Security 05.03.03 Single When a user logs into the operating system, Sign-On authentication shall also apply to all system applications. 05-089 Cyber Security 05.03.03 Single If the Vendor is unable to provide this Sign-On functionality, caching of the users application credentials shall be a suitable alternative. 05-090 Cyber Security 05.03.03 Single If caching is utilized, it shall be configurable on a Sign-On user-by-user basis. 05-091 Cyber Security 05.03.04 The system shall provide a central repository, such Authentication as a LDAP service, to authenticate users for all Policies and systems and applications. Such system shall reside Management within the system network. 331Page Business Requirements Idaho Power TOC Req ID Solution Area Category Description 05-093 Cyber Security 05.03.04 The Vendor shall deliver a product that adheres to Authentication standard authentication protocols. Policies and Management 05-094 Cyber Security 05.03.04 This system shall allow for, at a minimum, selection Authentication of password length, frequency of change, setting of Policies and required password complexity, number of login Management attempts, inactive session logout, screen lock by application, and denial of repeated or recycled use of the same password. 05-095 Cyber Security 05.03.04 At the time of system delivery, the all those Authentication settings shall be utilized to configure the system. Policies and Management 05-096 Cyber Security 05.03.04 IPC shall be able to modify these settings Authentication throughout the project and will notify the Vendor Policies and of the new settings. Management 05-098 Cyber Security 05.03.04 If necessary, the Vendor shall specify 3rd party Authentication software required to accomplish the enforcement Policies and of these requirements. Management 05-099 Cyber Security 05.03.04 The Vendor shall be responsible for integration of Authentication the specified 3rd party software. Policies and Management 05-100 Cyber Security 05.03.04 The Vendor shall identify any instances where the Authentication defined password requirements cannot be Policies and enforced by the operating system or application. Management 05-101 Cyber Security 05.03.04 The Vendor shall provide a document listing all Authentication authentication methods implemented in the Policies and proposed solution. Management 34 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description 05-102 Cyber Security 05.03.04.01 The system shall support, at a minimum, the Password requirements in NERC CIP-007-6 R5.5. Strength 05-104 Cyber Security 05.03.04.01 1. Null (blank) passwords are strictly prohibited. Password Strength 05-105 Cyber Security 05.03.04.01 2. General account passwords must be a minimum Password of twelve (12) characters in length and Service Strength account passwords must be a minimum of twenty five (25) characters in length. 05-106 Cyber Security 05.03.04.01 3. Passwords may not solely comprise proper Password names or dictionary words. Strength 05-107 Cyber Security 05.03.04.01 4. Passwords must use characters from three of Password the following categories: lowercase alpha, Strength uppercase alpha, numeric and "special" characters. 05-108 Cyber Security 05.03.04.01 5. Provide password dictionary that allows for Password keywords to be disallowed. Strength 05-109 Cyber Security 05.03.04.01 6. Passwords shall not contain a derivative of the Password user name Strength 05-110 Cyber Security 05.03.04.02 The system shall support, at a minimum,the Password Age requirements in NERC CIP-007-6 R5.6. 05-112 Cyber Security 05.03.04.02 1. IPC shall have the ability to set password aging Password Age requirements on a user or per group basis. 05-113 Cyber Security 05.03.04.02 2. IPC shall have the ability to set password history Password Age requirements on a user or per group basis. 05-114 Cyber Security 05.03.04.02 3. IPC shall have the ability to set password expiry Password Age notification requirements on a user or per group basis. 05-115 Cyber Security 05.03.04.02 4. Users shall be notified at every login that their Password Age password will expire soon starting at an administrator definable number of days before 351Page Business Requirements Idaho Power TOC Req ID Solution Area Category Description expiration of their current password and repeating on every subsequent login until the password expiration date 05-116 Cyber Security 05.03.04.02 5. Require the user to change the password prior Password Age to accessing the system on or after the password expiration date 05-117 Cyber Security 05.03.04.03 IPC shall have the ability to set password Password uniqueness requirements on a user or per group Uniqueness basis based on their current Password Policy. 05-118 Cyber Security 05.03.04.03 No default passwords may be used. Password Uniqueness 05-119 Cyber Security 05.03.04.04 IPC shall have the ability to set account lockout Account policies on a user or per group basis. Lockout 05-120 Cyber Security 05.03.04.04 When an account lockout happens, an event shall Account be logged to the Central Logging System as Lockout described in Section 5.5 Central Logging of this document. 05-121 Cyber Security 05.03.04.05 Application passwords shall not be stored inside of Password an application ("hard-coded"). Protection 05-122 Cyber Security 05.03.04.05 System passwords shall not be stored in cleartext, Password including in databases, scripts, environment Protection variables, configuration files, code etc. 05-123 Cyber Security 05.03.04.05 Application passwords shall not be retained Password between sessions nor auto-fill functionality be Protection enabled, except in support of SSO requirements in Section 5.5.3 above. 05-124 Cyber Security 05.03.04.05 Application passwords shall be one-way encrypted Password (hashed and salted) and stored in a system- Protection protected password file that can be accessed as needed by the application, and only by the application. 36 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description 05-125 Cyber Security 05.03.04.05 The system shall ensure that all users have unique Password user accounts and that no generic accounts shall Protection be utilized. 05-126 Cyber Security 05.03.04.05 All passwords shall not be stored electronically or Password in Vendor supplied hardcopy documentation in Protection clear text unless the media is physically protected. 05-127 Cyber Security 05.03.05 The system shall provide a mechanism to log Account account activity, application and operating system, Auditing and which is auditable. Logging 05-128 Cyber Security 05.03.05 The system shall time stamp, encrypt, and control Account access to audit trails and log files as per the Auditing and configuration decided by IPC. Logging 05-129 Cyber Security 05.03.05 IPC shall be able to define the time zone utilized Account for the timestamps (e.g., GMT, etc.). Auditing and Logging 05-130 Cyber Security 05.03.05 The system shall forward all audit trail information Account to IPC's Central Logging system via agent Auditing and forwarder, Syslog or SNMP entry. Logging 05-131 Cyber Security 05.03.05 The system shall have the capability to forward log Account files via SYSLOG over UDP 514 and secure SYSLOG Auditing and over UDP 6514. Logging 05-132 Cyber Security 05.03.05 The system shall provide a forensics account Account auditing tool for any cases where the auditing Auditing and information cannot be forwarded to the Central Logging Logging system. 05-133 Cyber Security 05.03.06 Role- The system shall provide for user accounts with Based Access configurable access and permissions associated Control with the defined user role and shall adhere to least privileged permission schemes for all user accounts. 371Page Business Requirements Idaho Power TOC Req ID Solution Area Category Description 05-134 Cyber Security 05.03.06 Role- The Vendor shall verify that under no Based Access circumstances shall users be able to escalate Control privileges without logging into a role with higher- privileges first. 05-135 Cyber Security 05.03.06 Role- The system shall provide a mechanism to allow Based Access modification of users(s) role associations. Control 05-136 Cyber Security 05.04 System The Vendor shall provide documentation detailing Hardening all applications, utilities, system services, physical ports, logical ports, scripts, configuration files, databases, security patches, and all other software required and the appropriate configurations, including revisions and/or patch levels for each of the computer systems associated with the system. 05-137 Cyber Security 05.04 System This documentation shall indicate which of these Hardening items are required for normal operation and/or emergency operation. 05-138 Cyber Security 05.04 System The Vendor shall also verify and document that all Hardening services are patched by the latest patches released by the various vendors, e.g. OS, Oracle, Hardware manufacturers. 05-139 Cyber Security 05.04 System The Vendor shall provide notification of all known Hardening vulnerabilities affecting Vendor supplied or required OS, application, and third-party software within a mutually agreed timeframe and contractually defined timeframe after public disclosure. 05-140 Cyber Security 05.04 System The Vendor shall remove and/or disable all Hardening software components that are not required for the operation and maintenance of the system. Prior to the removal or disabling of these components, the Vendor shall provide the list of proposed impacted software components for IPC to review and approval. 05-141 Cyber Security 05.04 System The system shall also provide physical locking for Hardening all unused physical input/output ports used for 381Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description network connectivity, console commands, or Removable Media on any devices proposed by the Vendor. 05-142 Cyber Security 05.04 System The Vendor shall configure the procured product Hardening to allow IPC the ability to re-enable ports and/or services if they are disabled by software, and ensure that they can be enabled or disabled by IPC as needed. 05-143 Cyber Security 05.04 System The Vendor shall provide documentation on any Hardening and all components that are removed and/or disabled. The software to be removed and/or disabled shall include, but not limited to: 05-144 Cyber Security 05.04 System • Games Hardening 05-145 Cyber Security 05.04 System • Device drivers for product components not Hardening procured/delivered 05-146 Cyber Security 05.04 System • Messaging services (e.g., email, instant Hardening messenger, peer-to-peer file sharing) 05-147 Cyber Security 05.04 System • Source code Hardening 05-148 Cyber Security 05.04 System • Software compilers in user workstations and Hardening servers 05-149 Cyber Security 05.04 System • Software compilers for programming languages Hardening that are not used in system/solution 05-150 Cyber Security 05.04 System • Unused networking and communications Hardening protocols 05-151 Cyber Security 05.04 System • Unused administrative utilities, diagnostics, Hardening network management, and system management functions 05-152 Cyber Security 05.04 System • Backups of files, databases, and programs used Hardening only during system development 05-153 Cyber Security 05.04 System • All unused data and configuration files Hardening 391Page Business Requirements Idaho Power TOC Req ID Solution Area Category Description 05-154 Cyber Security 05.04 System If software cannot be removed or disabled the Hardening Vendor shall document a specific explanation and provide risk mitigating recommendations and/or specific technical justification. 05-155 Cyber Security 05.04 System The Vendor shall configure all system components Hardening and applications with least privilege concept. The Vendor shall document that changing or disabling access has been completed. 05-156 Cyber Security 05.04 System The Vendor shall document all changes to the Hardening systems and services and this documentation shall be provided prior to the start of FAT. 05-157 Cyber Security 05.04 System The Vendor shall disclose the existence of all Hardening known methods for bypassing computer authentication in the procured product, often referred to as backdoors, and provide written documentation that all such backdoors created by the Vendor have been permanently deleted from the system. 05-158 Cyber Security 05.04 System The Vendor shall verify and provide Hardening documentation for the procured product, attesting that unauthorized logging devices are not installed (e.g., key loggers, cameras, and microphones). 05-160 Cyber Security 05.04 System The Vendor shall recommend methods for IPC to Hardening prevent unauthorized changes to the Basic Input/Output System (BIOS) and other firmware. 05-161 Cyber Security 05.04 System If it is not technically feasible to protect the BIOS, Hardening or firmware, to reduce the risk of unauthorized changes, the Vendor shall document this case and provide mitigation recommendations. 05-162 Cyber Security 05.04 System The Vendor shall deliver a product that enables the Hardening ability for IPC to configure its components to limit access to and from specific locations (e.g., security zones, business networks, and demilitarized zones [DMZs]) on the network to which the components are attached, where appropriate, and provide 401Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description documentation of the product's configuration as delivered 05-163 Cyber Security 05.04 System The system shall provide the capability to Hardening implement full disk encryption with authentication on all physical disks 05-164 Cyber Security 05.04.01 The Vendor shall provide hardened baseline System Images images for all unique system configurations provided in the system. 05-165 Cyber Security 05.04.01 IPC will work with the Vendor to identify any IPC System Images specific configuration items and software expected to be included in the hardened baseline images. 05-166 Cyber Security 05.04.01 The Vendor shall incorporate the identified IPC System Images configuration items and software into the hardened baseline images used to configure all system's components. 05-167 Cyber Security 05.04.01 These images shall be established and approved by System Images IPC prior to configuration of the system and shall be used for configuration of all the components during the system staging activities. 05-168 Cyber Security 05.04.01 If changes are required to the approved baseline System Images images, the Vendor shall document the requested changes. 05-169 Cyber Security 05.04.01 No changes to the baseline images shall occur System Images without written approval from IPC. 05-170 Cyber Security 05.04.01 After approval is received, the Vendor shall System Images implement the changes and provide new baseline images to IPC within two weeks of receiving approval from IPC. 05-171 Cyber Security 05.04.01 The proposed solution for system image creation System Images shall support slipstreaming of new patches in the existing system images, or alternate method to easily update system images. 411Page Business Requirements Idaho Power TOC Req ID Solution Area Category Description 05-172 Cyber Security 05.04.01 The Vendor shall provide, as part of their response, System Images details on the image creation method (e.g., block, file, etc.) being proposed. 05-173 Cyber Security 05.04.01 The Vendor shall indicate, as part of their System Images response, any system that does not support usage of images for setup and configuration. 05-174 Cyber Security 05.04.01 In those cases, the Vendor shall configure each System Images system utilizing the documented configuration. 05-175 Cyber Security 05.04.01 The Vendor shall provide a report, for each system System Images that could not be configured using an image that shows how the system matches the documentation (e.g., screenshots, port scans, etc.). 05-176 Cyber Security 05.04.01 The Vendor shall verify and document that all System Images services are patched to current status. 05-177 Cyber Security 05.04.01 The Vendor shall also provide a solution to create System Images an image from an existing system. 05-179 Cyber Security 05.04.02 The Vendor shall disable using software all Removable removable media ports (USB) and devices (CD- Media ROM) on servers and workstations. 05-180 Cyber Security 05.04.02 The system shall permit administrator defined Removable users to have access to these devices by request or Media upon login. 05-181 Cyber Security 05.04.02 The Vendor shall provide a solution to scan any Removable removable media prior to usage with the system. Media The proposed solution may leverage the Anti-virus and Malware solution required by Section 5.8. 05-182 Cyber Security 05.04.02 The proposed solution may leverage the Anti-virus Removable and Malware required as it is specified in Section Media 5.8. 05-183 Cyber Security 05.04.03 The Vendor shall provide and update Change documentation of the system baseline Management configuration to include, at a minimum: and Baseline Configuration 42 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description 05-184 Cyber Security 05.04.03 1. Operating System(s) (including version) or Change firmware where no independent operating system Management exists; and Baseline Configuration 05-185 Cyber Security 05.04.03 2. Any commercially available or open-source Change application software (including version) Management intentionally installed and Baseline Configuration 05-186 Cyber Security 05.04.03 3. Any custom software installed; Change Management and Baseline Configuration 05-187 Cyber Security 05.04.03 4. Any logical network accessible ports; and Change Management and Baseline Configuration 05-188 Cyber Security 05.04.03 5. Any security patches applied. Change Management and Baseline Configuration 05-189 Cyber Security 05.04.03 6. Any access accounts enabled. Change Management and Baseline Configuration 05-190 Cyber Security 05.04.03 6. Any access accounts enabled. Change Management and Baseline Configuration 431Page Business Requirements Idaho Power TOC Req ID Solution Area Category Description 05-191 Cyber Security 05.04.03 The vendor shall be responsible for all Change Change Management to the baseline system software/ Management hardware until FAT is approved. and Baseline Configuration 05-192 Cyber Security 05.04.03 The vendor shall be responsible to comply with Change IPC's Change Management process after FAT is Management approved. and Baseline Configuration 05-193 Cyber Security 05.04.03 The Vendor shall provide the documentation of the Change initial system baseline images for approval by IPC. Management and Baseline Configuration 05-194 Cyber Security 05.04.03 Once approved, all changes made to the system Change baseline images shall result in updates to the Management associated baseline image documentation by the and Baseline Vendor. Configuration 05-196 Cyber Security 05.04.03 The vendor shall document all the changes to the Change system baseline software/ hardware, including Management database, displays and configuration after the and Baseline system has been fully tested at vendor's site during Configuration FAT. 05-197 Cyber Security 05.04.03 The vendor shall submit all the documentation/ Change paper trail for all the changes performed after FAT Management has been signed-off and approved by IPC. and Baseline Configuration 05-199 Cyber Security 05.05 System The Vendor shall provide a tool to perform Security configuration auditing for all systems. This tool Auditing shall perform an audit of all components and compare the results to the appropriate approved system baseline and approved user configuration. 44 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description 05-200 Cyber Security 05.05 System Any deviations from the baseline shall be identified Security and reported to an administrator via email. Auditing 05-202 Cyber Security 05.05 System It shall be able to execute the audit against a Security specific system, group of systems or all systems. Auditing 05-203 Cyber Security 05.05 System It shall be possible to execute the audits on Security demand or via a schedule. Auditing 05-204 Cyber Security 05.05 System Once started, the audit tool shall perform the Security whole process without user intervention. Auditing 05-205 Cyber Security 05.05 System The tool shall provide the ability to keep a history Security of audit results for an administrator configured Auditing time period. 05-207 Cyber Security 05.05 System 1. Verify the local firewall settings to ensure that Security only ports specified in the baseline ports Auditing configuration can be enabled. 05-208 Cyber Security 05.05 System 2. Verify the list of running services and the list of Security authorized services to ensure that only services Auditing specified in the baseline configuration are running (or are permitted to run). 05-209 Cyber Security 05.05 System 3. Verify all default accounts are in fact disabled. Security Auditing 05-210 Cyber Security 05.05 System 4. Verify current patch levels & flag missing Security patches. Auditing 05-211 Cyber Security 05.05 System 5. Verify system baseline conforms to that Security documented for the system following Section Auditing 5.4.3. 05-212 Cyber Security 05.05 System IPC will provide the list of all items to audit prior to Security FAT and the Vendor shall configure the security Auditing audit tool to match the list. 451Page Business Requirements Idaho Power TOC Req ID Solution Area Category Description 05-213 Cyber Security 05.05 System Solution provided shall support the ability to verify Security log data integrity. Auditing 05-215 Cyber Security 05.06 Central The system shall be able to interface and support Logging the current IPC Central Logging solution. 05-225 Cyber Security 05.06 Central If IPC elects to utilize the current solution, the Logging Vendor shall work with IPC in tuning the monitoring rules prior to go-live of the system. 05-226 Cyber Security 05.06 Central After go-live, the Vendor shall assist IPC in any Logging modifications to the rules during the System's Warranty period. 05-227 Cyber Security 05.06 Central The system shall provide a method to permit the Logging forwarding of logs and events from systems and applications to the Central Logging system. 05-229 Cyber Security 05.06 Central 1. Application, security, and system messages from Logging all operating systems. Auditing shall be enabled for the following: 05-230 Cyber Security 05.06 Central a. User Login/Logout Logging 05-231 Cyber Security 05.06 Central b. Account Management Logging 05-232 Cyber Security 05.06 Central c. File and Object Access Logging 05-233 Cyber Security 05.06 Central d. Process Tracking Logging 05-234 Cyber Security 05.06 Central e. Anti-Virus and anti-malware Logging 05-235 Cyber Security 05.06 Central f. Failed access attempts and successful and failed Logging login attempts 05-236 Cyber Security 05.06 Central g. Application configuration changes Logging 05-237 Cyber Security 05.06 Central 2. Web Server logs—if applicable Logging 46 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description 05-238 Cyber Security 05.06 Central 3. DBMS Logs Logging 05-239 Cyber Security 05.06 Central 4. User actions including, but not limited to, the Logging following: 05-240 Cyber Security 05.06 Central a. Login/Logout Logging 05-241 Cyber Security 05.06 Central b. Database changes/updates Logging 05-242 Cyber Security 05.06 Central c. Failover initiation Logging 05-243 Cyber Security 05.06 Central d. Enabling and disabling of devices Logging 05-244 Cyber Security 05.06 Central e. Starting and stopping of system applications Logging 05-245 Cyber Security 05.06 Central f. User account management Logging 05-246 Cyber Security 05.06 Central g. AOR changes and management Logging 05-247 Cyber Security 05.06 Central h. Display changes/updates Logging 05-248 Cyber Security 05.06 Central i. Failed access attempts and successful and failed Logging login attempts 05-249 Cyber Security 05.06 Central 5. Audit log generated by the system's Logging Management and Monitoring system outlined in System Services (Section 3 —System Software) of this specification. 05-250 Cyber Security 05.06 Central 6. HISR audit logs (excluding PI Historian). Logging 05-251 Cyber Security 05.06 Central 7. Other logs and messages specified elsewhere in Logging this specification. 05-252 Cyber Security 05.06 Central The Vendor shall provide a list of all log Logging management capabilities that the procured product is capable of generating and the format of 471Page Business Requirements Idaho Power TOC Req ID Solution Area Category Description those logs. This list shall identify which of those logs are enabled by default. 05-253 Cyber Security 05.06 Central The solution provided shall support two-factor Logging authentication for all access. 05-254 Cyber Security 05.06 Central Solution provided shall support confidentiality and Logging integrity security protection of log files 05-255 Cyber Security 05.07 Host- The system shall provide a configured Host Based Intrusion Intrusion Detection System (HIDS) for all systems Detection to the extent possible. 05-257 Cyber Security 05.07 Host- 1. Static files names Based Intrusion Detection 05-258 Cyber Security 05.07 Host- 2. Dynamic file name patterns Based Intrusion Detection 05-259 Cyber Security 05.07 Host- 3. System and user accounts Based Intrusion Detection 05-260 Cyber Security 05.07 Host- 4. Execution of unauthorized code Based Intrusion Detection 05-261 Cyber Security 05.07 Host- 5. Host utilization Based Intrusion Detection 05-262 Cyber Security 05.07 Host- 6. Process permissions Based Intrusion Detection 05-263 Cyber Security 05.07 Host- 7. System and user account connections Based Intrusion Detection 05-264 Cyber Security 05.07 Host- 8. System files Based Intrusion Detection 48 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description 05-265 Cyber Security 05.07 Host- 9. Application files Based Intrusion Detection 05-266 Cyber Security 05.07 Host- All information generated by the HIDS shall be Based Intrusion forwarded to IPC's Central Logging system. Detection 05-267 Cyber Security 05.07 Host- The Vendor recommended configuration shall not Based Intrusion negatively impact operation system functions. Detection 05-268 Cyber Security 05.08 Antivirus IPC currently utilizes Symantec, Cisco Secure and Malware Endpoint and Ivanti for Anti-Virus and Malware Software protection. The Vendor shall indicate in their Detection response if its solution supports IPC's current malware detection solution and the Vendor's recommend Anti-Virus and Malware software for the system based on past experience. 05-270 Cyber Security 05.08 Antivirus The Vendor shall quarantine (instead of and Malware automatically deleting) suspected infected files. Software Detection 05-271 Cyber Security 05.08 Antivirus The Vendor shall provide an updating scheme for and Malware malware signatures. Software Detection 05-272 Cyber Security 05.08 Antivirus The Vendor shall test and confirm compatibility of and Malware malware detection application patches and Software upgrades. Detection 05-273 Cyber Security 05.08 Antivirus In the event that Anti-Virus and Malware security and Malware software components cannot be deployed on any Software device in the proposed solution, the Vendor shall Detection provide details on the device, why and what mitigating actions can be implemented. This documentation shall be part of the Vendor response to this specification. 491Page Business Requirements Idaho Power TOC Req ID Solution Area Category Description 05-274 Cyber Security 05.08 Antivirus In addition, the Vendor shall provide letters on and Malware Vendor's letterhead which will be utilized for filling Software CIP Technical Feasibility Exceptions prior to the Detection system being delivered. 05-275 Cyber Security 05.08 Antivirus The Vendor shall also propose a solution for and Malware application "Whitelisting" to restrict execution of Software applications to only those allowed by policy. Detection 05-276 Cyber Security 05.09 Patch The Vendor shall provide the results of all patch Management testing, validation, mitigation, and the source or sources of the patches to IPC as outlined in the Section 19—System Maintenance & Warranty of this Technical Specification. 05-277 Cyber Security 05.09 Patch The Vendor shall describe the process for keeping Management the system up to date with the latest patches. 05-278 Cyber Security 05.09 Patch The vendor shall propose when the patching Management process to the system environments will fully transition from the vendor to IPC (e.g. Post FAT, beginning of SAT, before Go-Live). 05-280 Cyber Security 05.09 Patch The Vendor shall provide mitigation strategies Management when a patch(es) cannot be applied. 05-281 Cyber Security 05.09 Patch The Vendor shall provide documentation and Management updated baseline configurations when patches are applied —to include all items specified in Section 5.4.3 Baseline Configuration. 05-282 Cyber Security 05.09 Patch The Vendor shall provide a mechanism for Management deploying approved patches while maintaining system availability. 05-283 Cyber Security 05.09 Patch The system shall also provide a mechanism to audit Management all systems for current patch levels and missing patches. 05-284 Cyber Security 05.09 Patch The vendor shall digitally sign all installation Management packages, patches, and updates to allow the customer to confirm authenticity of the files. 501Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description 05-285 Cyber Security 05.10 Firewall The Vendor shall provide documentation Management describing all system traffic that must transverse any of the firewalls supporting the system networks. At a minimum, the documentation shall detail the following: 05-286 Cyber Security 05.10 Firewall 1. Source System(s) Management 05-287 Cyber Security 05.10 Firewall 2. Destination System(s) Management 05-288 Cyber Security 05.10 Firewall 3. Source Port(s) Management 05-289 Cyber Security 05.10 Firewall 4. Destination Port(s) Management 05-290 Cyber Security 05.10 Firewall 5. Detailed description of data being transmitted Management 05-291 Cyber Security 05.10 Firewall 6. Business need for such traffic Management 05-292 Cyber Security 05.10 Firewall 7. Description of protocols used Management 05-293 Cyber Security 05.10 Firewall In order to minimize the exposure to any rules Management created in the firewalls, the Vendor shall lock down all communications to a single or small range of network ports, requiring inbound and outbound access permissions, including the reason for granting access, and deny all other access by default. 05-294 Cyber Security 05.10 Firewall In order to minimize the exposure to any rule Management created in the firewall, the Vendor shall lock down the network segment to only allow the devices which need to communicate on the specified ports to access. 05-295 Cyber Security 05.11 ESP The Vendor shall recommend guidance on the Design and design and configuration of network security zones Documentation within the procured product. 511Page Business Requirements Idaho Power TOC Req ID Solution Area Category Description 05-296 Cyber Security 05.11 ESP The Vendor shall verify and document that Design and disconnection points are established between the Documentation network security zones and provide the methods to isolate the zones to continue limited operations. 05-297 Cyber Security 05.11 ESP Vendor shall provide documentation for all Design and delivered Electronic Security Perimeters (ESP) and Documentation when future changes to the system that impact the ESP. 05-298 Cyber Security 05.11 ESP The Vendor shall provide IPC with access, including Design and administrative as needed, to network components Documentation of the procured product, including firewalls. 05-299 Cyber Security 05.11 ESP The Vendor shall document all remote access entry Design and pathways and ensure that they can be enabled or Documentation disabled by IPC as needed. 05-300 Cyber Security 05.11 ESP The Vendor shall verify that the procured product Design and allows use of unique routable network address Documentation spaces (i.e., address spaces other than 192.168.0.0/16, 172.16.0.0/12, and 10.0.0.0/8 must be supported) that work within IPC's network. 05-301 Cyber Security 05.11 ESP Where this is not available, the Vendor shall offer Design and an alternative approach, with mitigating security Documentation measures, that is acceptable to IPC. 05-302 Cyber Security 05.11 ESP The Vendor shall provide the updated Design and documentation within 30 days of any change. Documentation 05-304 Cyber Security 05.11.01 The Vendor shall provide or utilize an existing Communication security-isolated environment outside the control Tunneling network (e.g., using a demilitarized zone [DMZ] or an equivalent or a superior form of security isolation) for the communications tunneling server to reside in. 05-305 Cyber Security 05.11.01 The Vendor shall use different authentication Communication credentials from those used for in-network Tunneling 52 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description communications when establishing control network access using communication tunneling 05-306 Cyber Security 05.11.01 The Vendor shall configure the communication Communication tunneling components of the procured product Tunneling (e.g., connectors, filters, and concentrators) to provide end-to-end protection (e.g., end-to-end encryption) of the data in transit. This shall address confidentiality and/or integrity, as specified by IPC. 05-307 Cyber Security 05.12 ESP The Vendor shall provide a solution for monitoring Monitoring all ESP access points. 05-308 Cyber Security 05.12 ESP This solution shall be implemented for all ESP's Monitoring established by the Vendor. 05-310 Cyber Security 05.12 ESP The provided system shall be integrated into the Monitoring system prior to the start of SAT. 05-311 Cyber Security 05.12 ESP The Vendor shall be responsible for the Monitoring configuration of the monitoring rules prior to go- live of the system. 05-312 Cyber Security 05.12 ESP After go-live, the Vendor shall assist IPC in any Monitoring modifications to the rules during the system Warranty period. 05-313 Cyber Security 05.12 ESP IPC shall be able to also use the monitoring Monitoring solution for other ESPs. Details as to the number of additional ESPs will be provided to the Vendor during system design. 05-315 Cyber Security 05.12 ESP 1. Log all successful communications across the Monitoring ESP boundary including timestamp, source host address, destination host address, source port, destination port and ESP access point 05-316 Cyber Security 05.12 ESP 2. Log all unsuccessful communications across the Monitoring ESP boundary including timestamp, source host address, destination host address, source port, destination port and ESP access point 05-317 Cyber Security 05.12 ESP 3. Support email notification based on user defined Monitoring rules 531Page Business Requirements Idaho Power TOC Req ID Solution Area Category Description 05-318 Cyber Security 05.12 ESP 4. Retain all log information for at least 90 days Monitoring 05-319 Cyber Security 05.12 ESP 5. Ability to generate and print reports from the Monitoring collected log information 05-320 Cyber Security 05.12 ESP 6. Ability to forward collected information to the Monitoring Central Logging system 05-321 Cyber Security 05.12 ESP IPC shall be able to define the time zone utilized Monitoring for the timestamps (e.g., GMT, etc.). 05-322 Cyber Security 05.12 ESP If IPC elects to utilize an existing solution, the Monitoring Vendor shall work with IPC in tuning the monitoring rules prior to go-live of the system. 05-323 Cyber Security 05.12 ESP Solution provided shall support two-factor Monitoring authentication for all access. 05-324 Cyber Security 05.12 ESP Solution provided shall support the ability to verify Monitoring log data integrity 05-325 Cyber Security 05.13 Network The Vendor shall provide an IDS solution for IDS Monitoring monitoring all internal, inbound and outbound ESP network traffic. 05-326 Cyber Security 05.13 Network This solution shall be implemented for all ESP's IDS Monitoring established by the Vendor. 05-328 Cyber Security 05.13 Network The provided system shall be integrated into the IDS Monitoring system prior to the start of SAT. 05-329 Cyber Security 05.13 Network The Vendor shall be responsible for configuration IDS Monitoring of the monitoring rules prior to go-live of the system. 05-330 Cyber Security 05.13 Network If IPC elects to utilize an existing solution, the IDS Monitoring Vendor shall work with IPC in tuning the monitoring rules prior to go-live of the system. 05-331 Cyber Security 05.13 Network After go-live, the Vendor shall assist IPC in any IDS Monitoring modifications to the rules during the system Warranty period. 05-333 Cyber Security 05.13 Network 1. Detect known or suspected malicious IDS Monitoring communications within the ESP and log timestamp, 54 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description source host address, destination host address, source port, destination port 05-334 Cyber Security 05.13 Network 2. Support email notification based on user defined IDS Monitoring rules 05-335 Cyber Security 05.13 Network 3. Retain all log information for at least 90 days IDS Monitoring 05-336 Cyber Security 05.13 Network 4. Ability to generate and print reports from the IDS Monitoring collected log information 05-337 Cyber Security 05.13 Network 5. Ability to forward collected information to the IDS Monitoring Central Logging system 05-338 Cyber Security 05.13 Network 6. Integrate with the proposed HIDS solution IDS Monitoring (Section 5.7) 05-339 Cyber Security 05.13 Network IPC shall be able to define the time zone utilized IDS Monitoring for the timestamps (e.g., GMT, etc.). 05-340 Cyber Security 05.13 Network The Vendor shall provide initial and routinely IDS Monitoring updated signatures for knowledge-based (also called signature-based) NIDS. 05-341 Cyber Security 05.13 Network Solution provided shall support two-factor IDS Monitoring authentication for all access. 05-342 Cyber Security 05.13 Network Solution provided shall support the ability to verify IDS Monitoring log data integrity 05-343 Cyber Security 05.14 Network The Vendor shall provide documentation Port describing all the logical IP ports and port ranges or Management services where needed to handle dynamic ports of all network attached devices (including servers, workstations, appliances and third party equipment) utilized by the system. 05-344 Cyber Security 05.14 Network This documentation shall be on a per device basis Port and shall indicate if the device has no provision for Management disabling or restricting logical ports. At a minimum, the documentation shall detail the following: 551Page Business Requirements Idaho Power TOC Req ID Solution Area Category Description 05-345 Cyber Security 05.14 Network 1. Server or Appliance Name Port Management 05-346 Cyber Security 05.14 Network 2. Enabled and listening port(s) Port Management 05-347 Cyber Security 05.14 Network 3. Software process, service and protocol that are Port bound to the port Management 05-348 Cyber Security 05.14 Network 4. Business need for such port to be open Port Management 05-349 Cyber Security 05.15 Remote Vendor shall provide recommendations for Access accessing the system remotely. Including remote access for the vendor from their facilities after cutover, 05-350 Cyber Security 05.15 Remote The recommended solution shall utilize a 'jump- Access host" configuration and two factor authentication. 05-351 Cyber Security 05.15 Remote The Vendor shall provide detailed documentation Access for vendor control of employee remote access to customer systems. 05-352 Cyber Security 05.15 Remote The proposed solution shall be compliant to all of Access the requirements in CIP-005-5-132 Electronic Security Perimeter(s) — Interactive Remote Access Management. 05-353 Cyber Security 05.16 Supply The vendor shall provide a bill of materials for third Chain party libraries, code, executables, and packages used in its solution 05-354 Cyber Security 05.16 Supply The vendor shall provide proof, upon request, of Chain irrecoverable destruction of the customer's data. 05-355 Cyber Security 05.16 Supply The vendor shall provide security audit reports Chain (SOC 2 type 2 or similar) of its organization and that of its suppliers, as well as frequency of re- assessment. 561Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description 05-356 Cyber Security 05.16 Supply The vendor shall provide documentation Chain identifying the country of origin for the procured product and its components (including hardware, software, and firmware). 05-357 Cyber Security 05.16 Supply The vendor shall provide documentation Chain identifying the country where maintenance on its hardware, software, and firmware takes place. 05-358 Cyber Security 05.16 Supply Prior to the delivery of the procured product, the Chain vendor shall provide summary documentation of publicly disclosed vulnerabilities in the procured product and the status of the vendor's disposition of those publicly disclosed vulnerabilities 05-359 Cyber Security 05.16 Supply After contract award, the vendor shall provide Chain summary documentation within 10 days of any identified security breaches involving the procured product or its supply chain to include a description of the breach, its potential security impact, its root cause, and recommended corrective actions involving the procured product 05-360 Cyber Security 05.16 Supply The Vendor shall provide hashes (MDS, SHA-1, Chain SHA-256) for digital delivery of procured products (e.g., software and data) to be validated and monitored to ensure the digital delivery remains as specified 05-361 Cyber Security 05.16 Supply The Vendor shall confirm that system Chain software/firmware images include digital signatures that are checked before allowing their execution. 05-363 Cyber Security 05.16 Supply The Vendor shall notify customer of any mergers, Chain acquisitions, and/or product line divestitures as soon as legally permissible 05-364 Cyber Security 05.16 Supply The Vendor shall describe and provide process Chain documentation for vendor's security processes in the following areas: 571Page Business Requirements Idaho Power TOC Req ID Solution Area Category Description 05-365 Cyber Security 05.16 Supply 1. Corporate architecture, IT infrastructure, Chain 05-366 Cyber Security 05.16 Supply 2. Change Control, Chain 05-367 Cyber Security 05.16 Supply 3. Access Management. Chain 05-368 Cyber Security 05.17 The Vendor shall provide vendor's vulnerability Vulnerabilities scanning process to customer. and Risk Management 05-369 Cyber Security 05.17 The Vendor shall describe frequency of scanning, Vulnerabilities whether external parties are engaged, and how and Risk findings are addressed. Management 05-370 Cyber Security 05.17 The Vendor shall provide its corporate governance Vulnerabilities and approval processes as they relate to security and Risk risk management. Management 05-371 Cyber Security 05.17 The Vendor shall describe its methods to minimize Vulnerabilities network exposure including defense in depth and Risk architecture (e.g. prevent internet accessibility, use Management of firewalls, and use of secure remote access techniques). 05-372 Cyber Security 05.17 The Vendor shall provide its documented security Vulnerabilities risk management and mitigation process to IPC. and Risk Management 05-373 Cyber Security 05.17 The Vendor shall confirm its cyber incident Vulnerabilities response plan contains a requirement to notify and Risk customers that purchased the impacted products Management or services within 24 hours of initiation of vendor's cyber incident response plan? 05-374 Cyber Security 05.17 The Vendor shall provide to IPC its incident Vulnerabilities response customer coordination plan. 58 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description and Risk Management 05-375 Cyber Security 05.17 The Vendor shall confirm that an annual review of Vulnerabilities all individuals' access to the utility's assets, and Risk systems, networks, information is conducted. Management 05-376 Cyber Security 05.17 Vendor shall provide a written listing of publicly Vulnerabilities known vulnerabilities related to the products or and Risk services being requested. Management 05-377 Cyber Security 05.18 Secure The Vendor shall provide evidence of secure Development coding practices as part of vendor's security Practices and development lifecycle, including static code Documentation analysis, elimination of backdoors, input validation (fuzz) testing, dynamic testing, penetration testing using positive and negative test cases. 05-378 Cyber Security 05.18 Secure The Vendor shall provide evidence of its Development mandatory secure coding practices provided to Practices and developers. Documentation 05-379 Cyber Security 05.18 Secure The Vendor shall provide evidence that code is Development migrated through graduated testing environments Practices and and tested for security vulnerabilities prior to Documentation being released to customers. 05-380 Cyber Security 05.18 Secure The Vendor shall place code and security related Development procedures and test scripts in escrow such that Practices and customer can continue vulnerability discovery and Documentation remediation should vendor leave the product space, be acquired, or declare bankruptcy 05-381 Cyber Security 05.18 Secure The vendor shall not provide any solution that Development includes any end-of-life software/components or Practices and software/components that will go end-of-life Documentation within 24 months. 05-382 Cyber Security 05.18 Secure The Vendor shall provide documentation on all Development vendor provided software and firmware, including scripts, macros, database commands, and 591Page Business Requirements Idaho Power TOC Req ID Solution Area Category Description Practices and interpreted code. Section 18, "System Documentation Documentation" of this specification includes more details about required system and project documentation. 05-383 Cyber Security 05.18 Secure The Vendor shall provide documentation related to Development all the required network communication paths, Practices and protocols, ports and services and provide business Documentation justifications for each. 05-384 Cyber Security 05.18 Secure The system shall monitor and provide information Development related to any installation attempt of unauthorized Practices and devices, such as key loggers, cameras, and Documentation microphones a. 05-385 Cyber Security 05.18 Secure The Vendor shall use data encryption in transit and Development at rest for any IPC data which leaves customer Practices and devices. Documentation 05-386 Cyber Security 05.18 Secure The Vendor shall confirm that IPC data will not Development leave the United States. Practices and Documentation 05-387 Cyber Security 05.18 Secure The Vendor shall provide documentation Development confirming vendor's solution is not susceptible to a Practices and man in the middle attack. Documentation 05-388 Cyber Security 05.18 Secure The Vendor shall provide documentation Development demonstrating that the Quality Assurance program Practices and implemented for all software and firmware used in Documentation the solution have undergone Quality Control testing to identify and correct potential cybersecurity weaknesses and vulnerabilities, include fuzz testing, static testing, dynamic testing, and penetration testing using positive and appropriate negative tests. 05-389 Cyber Security 05.19 The Vendor shall identify and document heartbeat Heartbeat signals or protocols used to monitor for system Signals availability and recommend whether any particular 60 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description protocols should be included in network monitoring and alerting. 05-390 Cyber Security 05.19 The Vendor shall provide examples of the Heartbeat heartbeat traffic that should be included in the Signals network monitoring. 04-001 DB 04 Database The Database Management System (DBMS) shall Management and Display provide tools to generate, update, maintain, and Management modify all relevant databases (real-time and source). 04-002 DB 04 Database These tools shall include those necessary to Management and Display maintain the database source files, historical data Management files and ICCP data files as well as the online and backup data files. 04-003 DB 04 Database Documentation including data dictionaries to Management and Display describe all databases shall be provided. Management 04-004 DB 04 Database A single source shall be established for each type Management and Display of data. Copies of the data shall be propagated to Management other databases. 04-005 DB 04 Database The user shall not be required to enter the same Management and Display data more than once. Management 04-006 DB 04 Database The system shall provide an audit tracking Management and Display capability for all changes to these databases. This Management audit log shall show what was changed, giving the original and new values, the date of the change, the console used to make the change, and the user ID used to make the change. 04-007 DB 04 Database The ability shall exist to "sort and search" this audit Management and Display log. Management 04-008 DB 04 Database The capability to generate automatic or on- Management and Display demand reports that summarize the difference Management between two consecutive database changes and their associated displays shall be provided. 611Page Business Requirements Idaho Power TOC Req ID Solution Area Category Description 04-009 DB 04 Database The system shall permit the usage of underscores Management and Display and dashes in any system point name (analog, Management status, accumulator, RTU, etc.). Examples of valid characters include: $ : . + # — ( ) & _/ J_. 04-010 DB 04 Database The Vendor shall indicate what symbols cannot be Management and Display used in the point name, and the minimum and Management maximum number of character restrictions for point names 04-011 DB 04 Database The system shall ensure referential and system Management and Display integrity as additions and modifications are Management performed on any database. For example, consistency between SCADA objects and the network model devices. 04-012 DB 04 Database The deletion of a data point shall ensure that Management and Display calculations, displays, interfaces and everywhere Management the point is used, are updated or the user informed of the integrity ramifications. 04-013 DB 04 Database All database entries shall be checked for validity Management and Display before being accepted. Management 04-014 DB 04 Database The system shall prevent unauthorized access to Management and Display the databases and ensure proper coordination for Management concurrent access by multiple users. 04-015 DB 04 Database The DBMS shall guarantee that the data is Management and Display consistent across all servers and modules. Management 04-016 DB 04 Database The redundancy of the databases needed to Management and Display maintain the levels of availability required shall be Management obtained by keeping the online and standby, as well as the primary and backup databases, synchronized and consistent. 04-017 DB 04 Database Similarly, online backup of the databases shall be Management and Display possible without affecting the use and Management performance of the system. 62 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description 04-018 DB 04 Database The Vendor shall explain in their response how the Management and Display consistency and synchronization are achieved in Management their system. 04-019 DB 04 Database The DBMS shall allow rollback of any database Management and Display changes previously activated as part of a Database Management job without affecting the operation of the system. 04-020 DB 04 Database The rollback capability of the database changes Management and Display shall be retained as long as the DB job that Management contained the changes is available in the DBMS system. 04-021 DB 04 Database Updates to the relevant databases shall meet the Management and Display performance requirements outlined in Appendix B, Management Table B.1-1 and shall not affect the operation of the system. 04-022 DB 04.01.02 The system shall provide a Single Source Database Management Source (SDB) to define and manage all the data utilized by Database the functions provided as part of the proposed system. 04-023 DB 04.01.02 The SDB shall provide the capability to include Management Source reference fields associated to network equipment Database like, for instance, a field to store the "physical location description" used for switching orders, clearances and safety documents. 04-024 DB 04.01.02 The system shall have a Master SDB that could Management Source reside in any of the system environments and Database provide the necessary tools to propagate the SDB to one or more of the secondary systems and/or other environments, where the Slave databases reside. For example, the Quality Assurance system (QAS) may be used as the Master SDB editing system and the production system may have a Slave SDB. Changes will be made to the Master SDB and applied to the QAS system for testing and validation. Once validated, the change(s) shall be migrated to the other slaves systems on a selective 63 Page Business Requirements Idaho Power TOC Req ID Solution Area Category Description basis, in this example to the Production Primary DB. 04-025 DB 04.01.02 It shall be possible for IPC to change which Management Source environment hosts the Master SDB since in some Database cases temporary use of the Primary Production environment as Master may be required. 04-027 DB 04.01.02 The SDB shall be replicated to the backup Management Source (alternate) site so that the functionality is available Database at the backup site in the event that the primary site is unavailable. The replication method shall ensure that no changes are lost. 04-028 DB 04.01.02 The system shall support the ability to implement Management Source any source database change online without the Database need for a system restart or a failover to another server. 04-029 DB 04.01.02 Users shall not be required to re-enter any Management Source manually entered data as a result of any database Database or software modifications that causes the restructuring of the database. 04-030 DB 04.01.02 Master SDB will be capable of maintaining one Management Source model for each of the applications (i.e. SCADA, Database ICCP, etc.) that can be applied to each of the systems (Development, QA, Production) without need for extensive manual configuration. 04-031 DB 04.01.02.01 An advanced database editor tool shall be Management Database provided for the creation and maintenance of all Editor system information including SCADA, ICCP, Transmission Power Applications, Distribution Power Applications and any system function/application that requires database structure and data editing. 04-032 DB 04.01.02.01 The accessibility of the editor tool from user- Management Database defined workstations in the system shall be Editor configurable. 64 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description 04-034 DB 04.01.02.01 1. Support for command lists and/or batch (bulk) Management Database file input (e.g. .mdb, .xIs, CSV, text, XML, etc.) Editor 04-035 DB 04.01.02.01 2. Support for an interactive editing mode through Management Database displays or forms Editor 04-036 DB 04.01.02.01 • Including entering multiple records/fields on the Management Database same display Editor 04-037 DB 04.01.02.01 3. Data entry shall be guided and users presented Management Database only with possible valid options to minimize invalid Editor data input including Help windows with contextual information and tooltips 04-038 DB 04.01.02.01 4. Referencing system data shall be done using Management Database logical names and not by address, location, index Editor or any other method 04-039 DB 04.01.02.01 5. Perform Data Validation for all data entry - local Management Database and global Editor 04-040 DB 04.01.02.01 6. Default values shall be used as much as possible Management Database for certain information during the point definition Editor to simplify user database entry. 04-041 DB 04.01.02.01 • These default values could be overwritten by the Management Database user. Editor 04-042 DB 04.01.02.01 7. Ability to use templates for different types of Management Database data entry, for instance to create substations, RTUs Editor and Channels. 04-043 DB 04.01.02.01 8. Use of queries, menus and templates to Management Database facilitate data entry Editor 04-044 DB 04.01.02.01 9. Capability to add, remove or edit any system Management Database database record. Editor 651Page Business Requirements Idaho Power TOC Req ID Solution Area Category Description 04-046 DB 04.01.02.01 10. Ability to create new records using copy/paste Management Database from existing records. Editor 04-047 DB 04.01.02.01 11. Definition of the communications data: Management Database Editor 04-048 DB 04.01.02.01 a. Drop down lists with appropriate data field Management Database values based on RTU protocol, channel, hardware Editor and point type. 04-049 DB 04.01.02.01 b. Ability to add, change, delete, rename, and Management Database validate substations, RTUs, Channels. Editor 04-050 DB 04.01.02.01 12. Capability to update ICCP Interface data, add, Management Database change and delete ICCP records, including, at a Editor minimum: 04-051 DB 04.01.02.01 • The DBMS shall ensure that duplicate ICCP Management Database Record IDs cannot be used within the same Link Editor Table for ICCP points. 04-052 DB 04.01.02.01 • Ensure that ICCP points reference implemented Management Database points only. Editor 04-053 DB 04.01.02.01 13. Capability to add, change, delete and validate Management Database status, of Redundant Data Value points. Editor 04-054 DB 04.01.02.01 14. Definition of real-time calculations (RTC). Management Database Editor 04-055 DB 04.01.02.01 • Create, change and delete Groups Management Database Editor 04-056 DB 04.01.02.01 • Create, change and delete Formulas Management Database Editor 66 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description 04-057 DB 04.01.02.01 • Create, change and delete Calculations Management Database Editor 04-058 DB 04.01.02.01 • Create change and delete Inputs/Outputs Management Database Editor 04-059 DB 04.01.02.01 • Create companion points when generating Management Database analog calculations Editor 04-060 DB 04.01.02.01 15. Editing of all application configuration data Management Database tables Editor 04-061 DB 04.01.02.01 16. Shall provide the ability to add/modify/delete Management Database system data validations (control Validations, DB Editor Validations) 04-062 DB 04.01.02.01 17. The ability to maintain LSR (Load Shed & Management Database Restoration) configuration data, create, change Editor and delete LSR entries. 04-063 DB 04.01.02.01 18. The ability to build the operational Management Database Transmission Network Model through graphic Editor display application tool: Add/Change/Delete Substations, Add/Change/Delete Equipment (e.g., Lines, Transformers, Buses, Breakers) 04-064 DB 04.01.02.01 19. The ability to model and update AGC data, add, Management Database change and delete Generators, Tie-Lines, Dynamic Editor Schedules, Frequency sources. 04-065 DB 04.01.02.01 20. The ability to maintain the operational Management Database Distribution Network Model with the electrical Editor attributes and data required by the Distribution Advanced Applications to run properly. 04-066 DB 04.01.02.01 21. The ability to model and update DTS data, add, Management Database change and delete Relay data, maintain equipment Editor parameters, maintain AGC and Network Apps tie- line mapping. 671Page Business Requirements Idaho Power TOC Req ID Solution Area Category Description 04-067 DB 04.01.02.01 22. The ability to maintain custom Management Database function/process/calculation database: Editor 04-068 DB 04.01.02.01 • Add/Change/Remove database (entries) that are Management Database used by Custom functions/process/calculations. Editor 04-069 DB 04.01.02.01 23. The ability to apply mass data updates against Management Database the database using SQL functionality or equivalent Editor and the ability to modify the value of specific field(s) based on specific selection criteria. 04-070 DB 04.01.02.01 24. The database editor shall include a version Management Database control function that shall reconcile online Editor database source changes. 04-071 DB 04.01.02.01 All modifications to the database shall only be Management Database applied upon authorized user request. Editor 04-072 DB 04.01.02.01 The Database Editor shall provide the ability for Management Database multiple users to add, modify and/or delete data Editor within the database at the same time. 04-073 DB 04.01.02.01 The system shall prevent multiple users from Management Database modifying the same data item. Editor 04-074 DB 04.01.02.01 It shall also be possible to group database changes Management Database into database update jobs or sets that can later be Editor applied to the real-time database. 04-075 DB 04.01.02.01 The application of these jobs to the online Management Database database shall not be contingent on other pending Editor jobs unless there is overlap of data items between the jobs. 04-076 DB 04.01.02.01 The system shall validate all changes prior to Management Database application to the SDB. Editor 68 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description 04-077 DB 04.01.02.01 If a conflict is detected with any other pending Management Database changes, the system shall notify the user and Editor prevent application of the update. 04-078 DB 04.01.02.01 During the update process, the user shall confirm Management Database acceptance of the update. If the update is not Editor confirmed, the system shall revert to the database prior to the start of the update or provide the ability to apply the changes with the conflicts. 04-079 DB 04.01.02.02 The DBMS shall perform incremental database Management Incremental modifications when applying the changes Update associated to each update job and avoid generational changes of the whole database. 04-080 DB 04.01.02.02 The system shall provide the ability to Management Incremental independently add/ modify/delete different Update portions of the data model attributes. 04-081 DB 04.01.02.02 Only the items changed by the job actions will be Management Incremental affected when applying the database changes. Update 04-082 DB 04.01.02.02 The system shall permit the user to request a full Management Incremental rollback of all changes or a partial rollback by point Update or data item of only the changes in conflict. 04-083 DB 04.01.02.03 The system shall maintain a backup of the source Management Source database to protect against data loss in the case of Database a failure of the system, user error and/or database Backup corruption. 04-086 DB 04.01.03 Real- The real-time database contains the system Management Time Database operational data accessed by the applications and shall be structured to support functions requiring efficient, high frequency, access such as RTU polling, SCADA processing and operations. 04-087 DB 04.01.03 Real- The data stored in the real-time database is Management Time Database therefore independent of where it is originated: manual entry, field devices, ICCP link or other applications. 691Page Business Requirements Idaho Power TOC Req ID Solution Area Category Description 04-088 DB 04.01.03 Real- The Real-Time database included in the system Management Time Database shall provide intuitive and user-friendly tools for creating and maintaining the database. 04-090 DB 04.01.03.01 All Real-Time database definition (schema) Management Real-Time changes shall come from the Source Database. Database Modifications 04-091 DB 04.01.03.01 The system shall not permit the modification of the Management Real-Time Real-Time database definitions without utilization Database of the source database. Modifications 04-092 DB 04.01.03.01 The ability for a user to apply source database Management Real-Time updates to the Real-Time database shall be Database configurable by User ID and/or workstation. The Modifications system shall validate all changes prior to committing the change. 04-093 DB 04.01.03.01 All changes shall be logged. Management Real-Time Database Modifications 04-094 DB 04.01.03.01 Online database updates should retrofit into the Management Real-Time databases and applications/displays where that Database database point is defined. Modifications 04-095 DB 04.01.03.01 The system process for bringing database changes Management Real-Time online shall ensure that RTU scanning and Database application processing shall not be negatively Modifications impacted, e.g. scan interruptions in the same channel. 04-096 DB 04.01.03.01 At no time should the users be required to re-enter Management Real-Time any operator entered data, e.g. overrides, tag, Database limits. Modifications 04-097 DB 04.01.03.01 Data point attribute values shall be preserved in Management Real-Time subsequent database changes. 701Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description Database Modifications 04-098 DB 04.01.03.02 The system shall maintain a backup of the Real- Management Real-Time Time database to protect against data loss in the Database case of a failure of the system. Backup 04-099 DB 04.01.03.02 The backup frequency shall be configurable to Management Real-Time minimize the potential data loss associated with a Database Real-Time database failure. Backup 04-100 DB 04.01.03.02 It shall be possible to perform backups of the real- Management Real-Time time database without the need to take the Database database offline. Backup 04-101 DB 04.01.03.02 Backup databases shall be preserved across system Management Real-Time input during power disruptions of any duration. Database Backup 04-103 DB 04.01.03.02 • Telemetered and calculated values (including Management Real-Time quality codes) Database Backup 04-104 DB 04.01.03.02 • Temporary elements Management Real-Time Database Backup 04-105 DB 04.01.03.02 • Control inhibit state Management Real-Time Database Backup 04-106 DB 04.01.03.02 • Manually entered values Management Real-Time Database Backup 711Page Business Requirements Idaho Power TOC Req ID Solution Area Category Description 04-107 DB 04.01.03.02 • Tag data Management Real-Time Database Backup 04-108 DB 04.01.03.02 • Alarm and event data Management Real-Time Database Backup 04-109 DB 04.01.03.02 • Operators Notes Management Real-Time Database Backup 04-110 DB 04.01.03.02 It shall also be possible to schedule periodic Management Real-Time backups of the Real-Time database to facilitate Database backup to removable media (i.e., tape). Backup 04-111 DB 04.01.03.02 The characteristics of the backups shall be Management Real-Time configured as part of the system backup services as Database described in Section 3.2.3 of this specification. Backup 04-112 DB 04.01.04 Real- The system shall provide a comprehensive set of Management Time Database tools and utilities to aid in the maintenance, Tools and debugging and security of the system databases Utilities including, but not limited to, the following: 04-113 DB 04.01.04 Real- 1. A utility to create snapshots of any database Management Time Database either by user request or by scheduled task Tools and Utilities 04-114 DB 04.01.04 Real- 2. Ability to search all system databases and Management Time Database displays for usage of a database object (e.g., Tools and SCADA points, etc.) and provide a summary to the Utilities user of all identified usage including all other applications, usage as calculation parameters, SCADA and external communication (e.g. ICCP) reference. 72 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description 04-115 DB 04.01.04 Real- • It shall be possible to identify all impacted Management Time Database displays whenever a database change is Tools and introduced. Utilities 04-116 DB 04.01.04 Real- 3. Utility to report all calculated database Management Time Database point/objects, their associated calculation Tools and formulas, associated parameters, including Utilities parameters specified as user defined constants, order (priority) of nested calculations, identification of any circular calculations, etc. 04-117 DB 04.01.04 Real- 4. Utility to monitor and present the status of the Management Time Database different databases in the multiple environments Tools and Utilities 04-118 DB 04.01.04 Real- 5. Structure and data consistency tools that run on Management Time Database demand by the users to verify the status of the Tools and databases Utilities 04-119 DB 04.01.04 Real- 6. Reporting tools to generate statistical and Management Time Database informational reports such as current size of the Tools and databases, number of elements of a certain type, Utilities etc. 04-120 DB 04.01.04 Real- 7. Ability to perform batch search and replace of Management Time Database database elements or types Tools and Utilities 04-121 DB 04.01.04 Real- 8. Tool/Utility to "dump" the database content, Management Time Database source structure or real-time data, to files that can Tools and be stored and later reloaded into the system Utilities 04-122 DB 04.01.04 Real- 9. Ability to generate the source database from the Management Time Database current real-time database Tools and Utilities 731Page Business Requirements Idaho Power TOC Req ID Solution Area Category Description 04-123 DB 04.01.04 Real- 10. Structured query language interface to the Management Time Database Real-Time database Tools and Utilities 04-124 DB 04.01.04.01 The Vendor shall provide a tool to compare the Management Database Data Bases between the different system Comparison environments. Tool 04-125 DB 04.01.04.01 Although the systems in the different Management Database environments shall be kept synchronized by the Comparison DBMS, a tool shall be provided so system Tool administrators can request a comparison between the databases in two environments. 04-126 DB 04.01.04.01 The tool shall return any discrepancy or mismatch Management Database between the databases describing in details the Comparison nature of the mismatch as well as the DB points or Tool displays affected. 04-127 DB 04.01.04.01 This tool shall log like any other event the time, Management Database user ID and results of the execution and keep an Comparison output file with the details of its execution. Tool 04-139 DB 04.01.06 To facilitate the migration to the new system, the Management Database Vendor shall provide a repeatable conversion Conversion process for the existing system database to the new system's databases. 04-140 DB 04.01.06 The conversion tools/processes shall include the Management Database Network Model currently used by IPC in the Conversion systems that operates. 04-141 DB 04.01.06 The conversion process should support full and/or Management Database incremental database and network model Conversion conversions. 04-142 DB 04.01.06 IPC and the Vendor will jointly decide and develop Management Database a database export format to be utilized during the Conversion conversion. 74 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description 04-144 DB 04.01.06 The Vendor shall be responsible for processing and Management Database importing this agreed data files into the new Conversion system to generate the needed Data Bases 04-145 DB 04.01.06 IPC shall be able to perform incremental database Management Database conversions with minimum assistance from the Conversion vendor in between full conversions. 04-146 DB 04.01.06 The vendor is responsible for performing as many Management Database export/import actions as required by the Conversion implementation project plan. At a minimum the following conversions shall be considered: before Pre-FAT/FAT, SAT, UAT/Go-Live. 04-148 DB 04.02 Display The Vendor shall provide a graphical-based display Management Development generation tool to generate and maintain displays, and as well as manage synchronization and distribution Management of displays across all applicable Operator consoles and/or UI servers among the system environments. 04-149 DB 04.02 Display It shall be possible for multiple users on the same Management Development server to be involved in the display building and and editing process. Management 04-150 DB 04.02 Display The system shall prevent multiple users from Management Development modifying the same display. and Management 04-152 DB 04.02 Display 1. Display Editor—An interactive, graphical-based Management Development tool used in the generation and maintenance of and displays and network model. The editor shall, at a Management minimum, support usage of: 04-153 DB 04.02 Display a. Display templates Management Development and Management 04-154 DB 04.02 Display b. Standard symbols/components Management Development 751Page Business Requirements Idaho Power TOC Req ID Solution Area Category Description and Management 04-155 DB 04.02 Display c. Custom symbols/components Management Development and Management 04-156 DB 04.02 Display 2. Display Dissemination Management— Management Development Coordinates the editing of displays between and multiple users and the distribution of displays Management across all applicable nodes within the system environments, including Production, QAS, PDS, DTS and DMZ. 04-157 DB 04.02 Display 3. Support Utilities— User support tools that aid Management Development display maintenance and analysis and Management 04-158 DB 04.02 Display The Display Management System shall support Management Development different types of displays. At a minimum, the use and of schematics (one-lines) and tabular displays shall Management be supported. 04-160 DB 04.02 Display The Display Management System shall support Management Development substation one-line diagrams and schematics for and the distribution network view of feeders and/or Management circuits. 04-162 DB 04.02 Display The Display Management System shall provide an Management Development audit tracking capability for all changes to displays. and Management 04-163 DB 04.02 Display This audit log shall show what was changed in the Management Development displays, the date of the change, the console used and to make the change and the user ID used to make Management the change. 04-164 DB 04.02 Display The ability shall exist to "sort and search" the audit Management Development log. 76 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description and Management 04-166 DB 04.02.01 The display editor shall provide the facility to Management Display Editor create, change and delete any kind of display supported in the system. 04-167 DB 04.02.01 The display editor shall be fully compatible with Management Display Editor the database and network model generation and editing function. 04-168 DB 04.02.01 The display editor shall be designed around a fully Management Display Editor interactive What You See Is What You Get (WYSIWYG) interface supporting a variety of construction options that simplify the building and modification of displays, like: 04-169 DB 04.02.01 1. Standard editing features such as copy, cut, Management Display Editor paste, delete, rotate, multiple undo's and redo's 04-170 DB 04.02.01 2. Object Global find and replace Management Display Editor 04-171 DB 04.02.01 3. Grouping of objects Management Display Editor 04-172 DB 04.02.01 4. Adjustable zoom level while editing Management Display Editor 04-173 DB 04.02.01 5. Configurable gridlines and snap-grids Management Display Editor 04-174 DB 04.02.01 6. Ability to select a font family, font size, color, Management Display Editor line type and line thickness for single objects, multiple selected objects or for whole displays 04-175 DB 04.02.01 7. Decluttering and overlays Management Display Editor 04-176 DB 04.02.01 8. Linking of any defined graphics symbol to any Management Display Editor database point. This should be accomplished using a selection dialog that is filtered by default to the station for which the display is being created. However, the user shall be able to modify the filter to display all or other filtered database points 771Page Business Requirements Idaho Power TOC Req ID Solution Area Category Description 04-177 DB 04.02.01 9. Establishing different symbol or display Management Display Editor conventions for the same database point on the same or on different displays 04-178 DB 04.02.01 10. Defining of dynamic display linkages to any Management Display Editor system database variable on any display to represent different data values 04-179 DB 04.02.01 11. Building and modification of display icons and Management Display Editor storing them in an easily accessible library 04-180 DB 04.02.01 12. Protecting any data field on any display against Management Display Editor user entry based on log-on identifiers 04-181 DB 04.02.01 13. Defining the visual representation of data Management Display Editor quality, tags, notes, limit conditions and other parameters associated to database elements 04-182 DB 04.02.01 14. Ability to execute scripts utilizing poke points Management Display Editor or menu commands. The Vendor shall specify, as part of their response, the scripting language utilized by their product. 04-183 DB 04.02.01 15. The ability to preview a display with its Management Display Editor dynamics links showing data in the real-time database. 04-184 DB 04.02.01 16. Support editing multiple displays in the same Management Display Editor session to cut, paste, drag and drop display elements between those displays. 04-185 DB 04.02.01 The system shall support the creation of new Management Display Editor displays from a blank display, existing display definition or a display template from a library 04-186 DB 04.02.01 The editor shall also provide the ability for users to Management Display Editor utilize symbols or components from both standard and custom libraries when editing displays. 04-187 DB 04.02.01 The display editor shall provide a method for the Management Display Editor users to create those custom libraries and save them for usage by all users of the display editor. 04-188 DB 04.02.01 The symbol libraries can be used for geographical Management Display Editor as well as schematics displays. 78 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description 04-189 DB 04.02.01 The initial libraries with custom symbols will be Management Display Editor defined during the Statement of Work phase and the Vendor shall be responsible for their creation. 04-190 DB 04.02.01 The users of the Display Editor shall not be Management Display Editor required to know or understand any scripting language when creating or modifying displays. 04-191 DB 04.02.01 The Display Editor shall support version control for Management Display Editor each display that includes the date, time, and "by whom" each display was last modified. 04-192 DB 04.02.01 The version control provided shall permit the user Management Display Editor to access prior versions of the display for reference or restoration. 04-193 DB 04.02.01 Display version control provided shall assist in Management Display Editor deployment and possible rollback of displays if needed. 04-194 DB 04.02.01 The system shall prevent multiple users from Management Display Editor modifying the same display concurrently. Once a User has opened a display for edit, the display shall be locked until it has been updated and the changes applied to the Production Environment or the user specifically releases the display. 04-196 DB 04.02.01 At a minimum, the Display Editor shall support the Management Display Editor definition of the following display elements: 04-197 DB 04.02.01 1. Fixed text Management Display Editor 04-198 DB 04.02.01 2. Drawing primitives (e.g., lines, polygons, arcs, Management Display Editor circles, text) 04-199 DB 04.02.01 3. Bit-mapped images Management Display Editor 04-200 DB 04.02.01 4. Data references (Floating Points, Integers, Digital Management Display Editor Status, etc.) 04-201 DB 04.02.01 5. Data Quality Indicators Management Display Editor 791Page Business Requirements Idaho Power TOC Req ID Solution Area Category Description 04-202 DB 04.02.01 6. Date and Time Information Management Display Editor 04-203 DB 04.02.01 7. Enterable fields with the corresponding Management Display Editor protections and validations (i.e., set points) 04-204 DB 04.02.01 8. User-selectable regions (i.e. poke points) Management Display Editor 04-205 DB 04.02.01 9. Hyperlinks Management Display Editor 04-206 DB 04.02.01 Drawing primitives, text, and formats shall refer to Management Display Editor common graphic attribute definitions for color, line width, fill pattern, font family, size, weight, etc. 04-207 DB 04.02.01 The visibility scale and declutter levels for each Management Display Editor element shall start from a default value in the editor. 04-208 DB 04.02.01.02.01 The user shall be able to place static background Management Static information or components (highways, property Background lines, geographic features, etc.) on displays that Information are not linked to any database point. 04-209 DB 04.02.01.02.01 Static backgrounds shall be in browser compatible Management Static format or bitmap pictures, such as the photograph Background of a power station, or DXF (Drawing Exchange Information Format) vector files to allow the user to import standard AutoCAD drawings. 04-210 DB 04.02.01.02.01 For geospatial displays, existing land base data Management Static and/or other geospatial base data (e.g. fire Background risk/progress) shall be imported for the static Information background. 04-211 DB 04.02.01.02.01 The Vendor shall provide drawing tools that allow Management Static the user to create background images in a variety Background of colors and shapes. Information 04-212 DB 04.02.01.02.02 During display building, the user shall be able to Management Dynamic Data define dynamic data fields and data elements. Presentation 80 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description 04-213 DB 04.02.01.02.02 The system shall link these fields and elements to Management Dynamic Data the database. The linkage from a display field to a Presentation database point shall be made such that any future modifications of the database (insertions, deletions, etc.) do not require redefinition or recompilation of a display. It shall be performed solely by using logical names. 04-214 DB 04.02.01.02.02 The system shall permit display presentation of Management Dynamic Data any status and/or value of any database item from Presentation any of the system's databases, including application data. 04-215 DB 04.02.01.02.02 The user creating the display shall be able to Management Dynamic Data specify the location on the display without Presentation limitation except for reserved areas such as headers and footers. 04-216 DB 04.02.01.02.02 The only bounds to the number of data items on a Management Dynamic Data display shall be the physical limitations of the Presentation viewport or screen. 04-218 DB 04.02.01.02.02 1. Graphical — User definable graphical objects, or Management Dynamic Data icons, which represent the current state and/or Presentation quality of a device, abnormal and alarm conditions, notes, tags. 04-219 DB 04.02.01.02.02 • Use of bar charts, meter dials and other graphic Management Dynamic Data widgets shall be supported. Presentation 04-220 DB 04.02.01.02.02 2. Numerical —Viewable using integer fields, real Management Dynamic Data fields, slider bars, meters, gauges and graphs. The Presentation system shall be configurable as to representing the alarm state of a point by the color of the numerical data. 04-221 DB 04.02.01.02.02 3. Text— Dynamic text data shall appear in fields or Management Dynamic Data scrollable text areas for larger blocks of text. The Presentation ability to change the foreground or background colors based on the quality of the data being displayed shall be provided and configurable by the user 811Page Business Requirements Idaho Power TOC Req ID Solution Area Category Description 04-222 DB 04.02.01.02.02 For all dynamic data presentations, the system Management Dynamic Data shall support flashing (blinking) of the element. Presentation This attribute can be associated to any status or value for any element. 04-223 DB 04.02.01.02.02 The Display Editor shall have validation Management Dynamic Data mechanisms to verify the correct definition of the Presentation linkages in the display. 04-224 DB 04.02.01.02.02 Linkages that have an erroneous association to a Management Dynamic Data database element shall be graphically identified in Presentation the displays (specific color, crossed out, etc.) to ensure that the operators recognize the invalidity of the information for that linkage. 04-225 DB 04.02.01.03 Usage of menus ("pop-up" and "pull-down") and Management Menus and Toolbars shall be permitted on all displays. Toolbars 04-226 DB 04.02.01.03 The system shall provide the utility or tool for IPC Management Menus and to modify, add, or remove any existing menu and Toolbars toolbar items. 04-227 DB 04.02.02 A display validation and distribution function shall Management Display Update be provided to ensure that all display definitions and across all consoles and servers are consistent and Distribution up-to-date. 04-228 DB 04.02.02 All display changes and updates shall be made to Management Display Update the system dynamically, without requiring a and system restart/failover. Distribution 04-229 DB 04.02.02 Distribution and activation of displays shall be by a Management Display Update simple procedure that causes no noticeable and interruption of online system activity. Distribution 04-230 DB 04.02.02 The system shall provide the tools to distribute Management Display Update displays across all sites and to all environments the and same way that required for the SDB data update Distribution and propagation. 82 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description 04-231 DB 04.02.02 The user (i.e., System Administrator) shall be Management Display Update notified of any displays that fail to distribute and properly. Distribution 04-232 DB 04.02.02 All displays within the system shall refresh Management Display Update dynamically when a change/update has been and applied that affects any open displays; unless a Distribution point on a display has been selected for control or manual entry, i.e. the display change/update is applied after the display is unlocked. 04-233 DB 04.02.03.01 A facility to dump displays to files shall be Management Display Dump provided. Utilities 04-234 DB 04.02.03.01 The output file generated shall be suitable for Management Display Dump printing in a readable format. Utilities 04-235 DB 04.02.03.01 This file shall also be used to reload the displays Management Display Dump into the system. Utilities 04-236 DB 04.02.03.01 Dumping and reloading of displays shall be Management Display Dump provided for individual displays, display libraries, Utilities individual applications, or an entire application system. 04-237 DB 04.02.03.01 Dumping and reloading of displays shall be part of Management Display Dump the Display Management System and shall not Utilities affect the operation of the Display Editor or the operational system. 04-238 DB 04.02.03.02 The Vendor shall provide methods to list Management Display display/application cross-references. Management Tools 04-239 DB 04.02.03.02 There shall also be a method to search for displays Management Display referencing a particular data point and a method Management to generate a list with all the displays where a Tools specific data point is linked. 831Page Business Requirements Idaho Power TOC Req ID Solution Area Category Description 04-240 DB 04.02.03.02 There shall be a tool to run a validation check on Management Display the display database and generate a report with all Management the possible errors or problems detected. Issues Tools such as elements out of visibility ranges, incorrect linkages and sizing limits shall be presented as a result of this report. 04-246 DB 04.02.03.04 The Vendor shall provide services to migrate Management Display existing IPC displays to the Vendor's display Conversion standard for the new system. 04-247 DB 04.02.03.04 The Vendor shall convert IPC's provided displays Management Display (static picture and dynamic elements) and submit Conversion to IPC for review and acceptance. 04-248 DB 04.02.03.04 Once accepted, IPC shall take ownership of all Management Display displays and shall maintain the displays using the Conversion Vendor's standard Display Generation and Maintenance facility. 18-109 Documentation 16.07.03 The detailed design documents are intended as a Detailed Design second level of detail to the software functional Documents descriptions. 18-110 Documentation 16.07.03 In general, a detailed design document shall relate Detailed Design to a single software functional description. Documents 18-115 Documentation 16.07.03 The detailed software design documentation shall Detailed Design include, but shall not be limited to, the precise Documents design information needed for planning, analysis, and implementation of the software. 18-116 Documentation 16.07.03 It shall also include a clear description of how the Detailed Design software design entities are divided; a dependency Documents description specifying the dependent entities, their coupling, and required resources, an interfaces. 18-117 Documentation 16.07.03 The detailed software design documentation shall Detailed Design provide a detailed description of how the software Documents will support the functions described in the software functional description. 841Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description 18-118 Documentation 16.07.03 Detailed software design documentation shall Detailed Design include a diagram of the software indicating major Documents modules and an overview of the operation of each module. 18-119 Documentation 16.07.03 It shall describe data structures and flow, and a Detailed Design diagram or description of the manner in which the Documents modules interfaces with other modules. 18-120 Documentation 16.07.03 For each software module, the detailed software Detailed Design design documentation shall include, but shall not Documents be limited to, the following items: 18-121 Documentation 16.07.03 1. Program abstract. Detailed Design Documents 18-122 Documentation 16.07.03 2. General technical description of the module. Detailed Design Documents 18-123 Documentation 16.07.03 3. The module logic (the use of pseudo code or Detailed Design structured English is preferred). Documents 18-124 Documentation 16.07.03 4. External interfaces to the program including Detailed Design applicable calling sequences. Documents 18-125 Documentation 16.07.03 5. Initialization considerations. Detailed Design Documents 18-126 Documentation 16.07.03 6. Identification of any databases referenced or Detailed Design modified. Documents 18-127 Documentation 16.07.03 7. A high level flowchart or program design Detailed Design language to enhance the technical description of Documents the module. 18-128 Documentation 16.07.03 8. Error codes and error handling processes. Detailed Design Documents 851Page Business Requirements Idaho Power TOC Req ID Solution Area Category Description 18-129 Documentation 16.07.03 For each detailed design, each program module, Detailed Design including subroutines, shall be sufficiently Documents documented to allow an experienced programmer (with supervision of the designer) to perform the coding of the module, as well as allow IPC personnel to maintain such software in the future. 18-130 Documentation 16.07.03 All job control files (batch or make files) required Detailed Design for compilation, assembly, and linking of each Documents program shall be documented in detail as part of the detailed software design documentation. 18-001 Documentation 18 System The Vendor shall provide a complete set of system Documentation documentation for all equipment, applications and functions allowing IPC to fully utilize, use, test, accept, develop, and maintain the system. 18-002 Documentation 18 System The documentation provided shall describe the as- Documentation built system, including all hardware, software, and middleware as well as any software interfaces. In general, the documentation provided shall cover installation, system startup, functionality, operation, and maintenance. 18-079 Documentation 18.07 Software The Vendor shall supply documentation for all Documentation software to be supplied to IPC. 18-080 Documentation 18.07 Software The documentation shall include design Documentation descriptions, operating manuals, database descriptions and API descriptions. 18-081 Documentation 18.07 Software The software documents shall also include users Documentation guides needed to develop and maintain the complete systems including displays and database(s). 18-083 Documentation 18.07 Software 1. An inventory of all Vendor and 3rd Party Documentation software to be delivered along with a cross referenced index to the software documentation. The list shall also include version and license information. 86 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description 18-084 Documentation 18.07 Software 2. A System Overview document describing the Documentation software on a subsystem basis 18-085 Documentation 18.07 Software 3. Design documentation documenting the system Documentation being provided 18-086 Documentation 18.07 Software 4. User Manuals for all functions including Documentation database and display maintenance. These documents shall include user procedures and information for database input 18-087 Documentation 18.07 Software 5. Provide source for all 3rd Party software Documentation releases, updates, patches and security bulletins/notifications 18-088 Documentation 18.07.01 The Vendor shall provide documentation Software QA describing the Vendor's QA design and coding Design standards used to develop the system software. Standards 18-089 Documentation 18.07.01 These standards shall be adhered to for Software QA development of all software for the delivered Design system unless otherwise agreed to by both parties. Standards 18-091 Documentation 18.07.01 1. Software design processes Software QA Design Standards 18-092 Documentation 18.07.01 2. Quality assurance procedures Software QA Design Standards 18-093 Documentation 18.07.01 3. Design review methods Software QA Design Standards 18-094 Documentation 18.07.01 4. Software configuration control methods &tools Software QA Design Standards 871Page Business Requirements Idaho Power TOC Req ID Solution Area Category Description 18-095 Documentation 18.07.01 5. Revision history Software QA Design Standards 18-096 Documentation 18.07.01 6. Software Error Reporting and Tracking Software QA Design Standards 18-097 Documentation 18.07.01 7. Security Development Life Cycle (Example: MS Software QA security development life cycle) Design Standards 18-216 Documentation 18.11 Operator The Vendor shall submit for review and approval, Manuals Operator Manuals for all system functions. 18-217 Documentation 18.11 Operator These manuals shall describe the respective Manuals system configuration and all system functions along with operating procedures. 18-218 Documentation 18.11 Operator All application functions shall be included. Manuals 18-219 Documentation 18.11 Operator The manual(s) shall be written in non-technical Manuals English and organized for quick access to functions providing detailed procedures required by the Operator to perform. 18-220 Documentation 18.11 Operator The Operator Manual shall present, in a clear and Manuals concise manner, all information that the Operator needs to know to understand sufficiently and operate satisfactorily the system. 18-221 Documentation 18.11 Operator However, the manual shall not contain any Manuals descriptions of procedures for functions that are not performed by the Operator, such as data base editing; these procedures shall be contained in the Software Maintenance Documentation. 18-222 Documentation 18.11 Operator The manuals shall describe the system in a manner Manuals and in a level of detail sufficient for allowing the 88 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description Operator to detect and isolate problems in the system. 18-223 Documentation 18.11 Operator All alarm and invalid request messages shall be Manuals listed along with easily understood meanings and recommended remedial actions, where appropriate. 18-224 Documentation 18.12 User The Vendor shall furnish a User Interface Style Interface Style Guide, that describes the discretionary aspects of Guide the user interface including display design and implementation standards used for all Vendor provided displays and applications. 15-005 Interfaces 15 External During project implementation, the Vendor shall Interfaces develop a detailed design document for each interface subject to IPC's review and approval. 15-006 Interfaces 15 External The Vendor shall design the required interfaces Interfaces with sufficient redundancy and provide the necessary tools and processes to be managed by IPC Users without relying on the Vendor. 15-007 Interfaces 15 External The interfaces implemented as part of the system Interfaces shall also include data validation mechanisms to ensure that no data error or invalid data would cause the applications to crash or stop working properly. 15-008 Interfaces 15 External Any detected problem shall generate an error Interfaces message and be flagged to the user so appropriate actions can be taken. 15-011 Interfaces 15 External The EMS interfaces shall have the ability to use IEC Interfaces 61968-100 Edition 1.0 2013-07 standards to facilitate inter-application integration of utility enterprise applications. 15-014 Interfaces 15 External • IEC 61970-301 EMS API — Part 301: CIM base Interfaces 15-015 Interfaces 15 External • IEC 61970-552 EMS API — Part 552: CIM XML Interfaces Model Exchange format 891Page Business Requirements Idaho Power TOC Req ID Solution Area Category Description 15-019 Interfaces 15 External The system shall clearly indicate to the user and Interfaces enumerate in error logs any configuration error an interface detects as part of the validation and operation of the interface. 15-020 Interfaces 15 External All conditions checked by the validation/build Interfaces process associated with an interface shall have corresponding information clearly enumerated in the interface's validation/build log. 15-021 Interfaces 15 External If any pre-validation/pre-build check fails, Interfaces preventing the actual validation/build from executing, the user shall be notified, and the pre- check and failure information will be enumerated in a user-accessible log file. 15-023 Interfaces 15 External All interfaces that are developed by the Vendor, as Interfaces part of this work, will be sole property of IPC (please refer to the commercial section of this RFP for further details on IPC's rights and warranties associated to these interfaces). 15-024 Interfaces 15.01 The system shall provide a set of APIs to allow IPC Application access to all services and databases (Real Time, Programmable Historical, Network Applications, DB Source, Interfaces Incidents, Outages,...) available in the system. (APIs) 15-025 Interfaces 15.01 At a minimum the system shall include APIs to Application support direct access (read/write) to: Programmable Interfaces (APIs) 15-026 Interfaces 15.01 Any and all system databases, using logical Application names defined by IPC according to the rules Programmable established by the system. Interfaces (APIs) 15-027 Interfaces 15.01 • System and applications configuration Application parameters Programmable 90 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description Interfaces (APIs) 15-028 Interfaces 15.01 • Function/Application Triggers Application Programmable Interfaces (APIs) 15-029 Interfaces 15.01 • Error handling and logging error messages Application Programmable Interfaces (APIs) 15-030 Interfaces 15.01 • Generate alarms and events Application Programmable Interfaces (APIs) 15-031 Interfaces 15.01 • Schedule timers based on relative and absolute Application time Programmable Interfaces (APIs) 15-032 Interfaces 15.01 • Send and receive inter application messages Application Programmable Interfaces (APIs) 15-033 Interfaces 15.01 The provided APIs shall also be capable, at a Application minimum, to support the following: Programmable Interfaces (APIs) 15-034 Interfaces 15.01 • SQL-like commands on subsets of points based Application on SQL-like user-supplied criteria Programmable 911Page Business Requirements Idaho Power TOC Req ID Solution Area Category Description Interfaces (APIs) 15-035 Interfaces 15.01 • ODBC Driver Application Programmable Interfaces (APIs) 15-036 Interfaces 15.01 • Scripts/batch jobs at specified times Application Programmable Interfaces (APIs) 15-037 Interfaces 15.01 The capabilities of the APIs provided shall be Application demonstrated through the use of example Programmable applications. Interfaces (APIs) 15-038 Interfaces 15.01 The vendor shall list all APIs and SDKs included Application with the system and the underlying Programmable protocols/technologies used. Interfaces (APIs) 15-039 Interfaces 15.01.01 Real The system shall provide access to the Real-time Time Database database using Application Programmable API Interfaces (APIs). The following features shall be included, at a minimum, in the APIs provided: 15-040 Interfaces 15.01.01 Real 1. The ability to read or write to the database, Time Database including all point values, descriptions, or API parameters 15-041 Interfaces 15.01.01 Real 2. Provide direct access to all values in the Time Database database using logical names defined by IPC API according to the rules established by the system. 15-042 Interfaces 15.01.01 Real 3. Ability to access all elements of the database Time Database such as records, fields, and application API configuration parameters 92 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description 15-043 Interfaces 15.01.01 Real 4. The ability to generate alarms and events using Time Database the SCADA Alarms and Events processing function API 15-045 Interfaces 15.02 Interface The system shall support data exchange with to OSISoft PI multiple members of the PI collective. Historian 15-046 Interfaces 15.02 Interface The system shall provide those PI Historian to OSISoft PI instances with predefined data for long term Historian archiving as well as support the capability to request data from PI historian to be used in the system. 15-047 Interfaces 15.02 Interface The interface shall be based on PI's SDK or provide to OSISoft PI equivalent functionality to facilitate the Historian maintenance of the value mapping and definition of the parameters that control the interface using a user-friendly GUI. 15-048 Interfaces 15.02 Interface The PI Interface shall have the buffering to OSISoft PI mechanisms necessary to ensure that no data is Historian lost for a predefined period of time even in the case that the PI application at the other side is not available. The Vendor shall specify in its response the proposed buffering size for a sample time window, for instance for 1 hour. 15-049 Interfaces 15.02 Interface After the buffering time expires, the system shall to OSISoft PI use all the available storage space. Historian 15-050 Interfaces 15.02 Interface To facilitate the maintenance of the interface, the to OSISoft PI solution proposed shall automate the process of Historian mapping the data points between the two systems as much as possible. 15-051 Interfaces 15.02 Interface For maintenance and troubleshooting, there shall to OSISoft PI be a means of generating a failure report Historian enumerating all points in the system which are configured to be written to PI for which the PI tag can't be accessed by the interface. 931Page Business Requirements Idaho Power TOC Req ID Solution Area Category Description 15-052 Interfaces 15.02 Interface When the system initiates the definition of a new to OSISoft PI data point, if so directed by the corresponding Historian attribute in the SDB, the system shall trigger a process to create automatically the corresponding Tag in PI. 15-054 Interfaces 15.02 Interface IPC connection between the two systems shall be to OSISoft PI done through the DMZ and avoid a direct Historian connection to the production environment. The Vendor shall explain the configuration of the interface and the integration in the system architecture. 15-055 Interfaces 15.02.01 Export The EMS shall include an interface to allow IPC to System Data to define Operational data including alarm, status and PI analog values, to be pushed to PI. 15-056 Interfaces 15.02.01 Export The interface shall allow IPC to define Operational System Data to data including alarm, status and analog values, to PI be pushed to the PI Historian on an exception basis, as soon as a change has been detected. 15-057 Interfaces 15.02.01 Export The interface shall permit writing any system point System Data to value to the PI Historian and shall integrate the PI ability to send all and any system points to PI. 15-058 Interfaces 15.02.01 Export The values shall be provided to PI with the System Data to corresponding time stamp (last update) and PI associated quality codes. 15-059 Interfaces 15.02.01 Export The system shall support the capability to define System Data to "triggers" within the system DB Management PI function to manage the conditions in which data will be pushed to the PI Historian. 15-061 Interfaces 15.02.01 Export System users shall be able to request, on demand, System Data to the transfer of data to the PI Historian. PI 15-062 Interfaces 15.02.01 Export EMS users shall be able to request, on demand, the System Data to transfer of data to the ORACLE Data Warehouse PI 94 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description 15-063 Interfaces 15.02.02 The system shall include the capability to "fetch" Import PI data from PI different predefined time intervals or Values to the on demand. System 15-064 Interfaces 15.02.02 The data acquired from PI shall be processed in the Import PI system as any other real time value arriving to the Values to the system. System 15-065 Interfaces 15.02.02 For data with past time stamps, historical data Import PI coming through this interface the value shall be Values to the processed by the HISR as if they were coming from System SCADA. 15-066 Interfaces 15.02.02 The interface shall be able to be configured to Import PI transfer data periodically in intervals ranging from Values to the one (1) minute to sixty (60) minutes to bring all the System value changes within that period. 15-067 Interfaces 15.03 Source The system shall provide a CIM/XML import/export DB Export/ function to the Source Database. Import 15-068 Interfaces 15.03 Source This function shall provide the capability to import DB Export/ CIM compliant format data into the SDB and Import translate data from the SDB to a CIM compliant format for use with third-party applications. 15-069 Interfaces 15.03 Source The CIM compliant data format generated shall DB Export/ include all data types supported by the CIM Import standard, including SCADA and Network Model data. 15-070 Interfaces 15.03 Source The export and import capabilities shall support DB Export/ the current and future versions of CIM required by Import CALISO EIM and CALISO RCWEST. 15-071 Interfaces 15.03 Source The system shall also provide the ability to import DB Export/ and export the Network Model from/to other Import utilities in the PSS/E and PSLF format. 951Page Business Requirements Idaho Power TOC Req ID Solution Area Category Description 15-072 Interfaces 15.03 Source The import/export functions provided shall include DB Export/ the ability to import/export individual/multiple Import Substations of the Network Model. 15-073 Interfaces 15.03 Source Any and all import/export activities in the system DB Export/ shall create an audit log that shall allow to clearly Import determinate the import/export operations performed and the changes in the model if any. 15-074 Interfaces 15.03 Source Any and all import/export activities in the system DB Export/ shall create an audit log that shall allow to clearly Import determinate the import/export operations performed and the changes in the model if any. 15-075 Interfaces 15.04 The system shall be able to import and export the Transmission network model using the standard CIM 15 data Network Model model. Export/ Import 15-076 Interfaces 15.04 The system also shall support exporting and Transmission importing its model in PSSE and PSLF format and Network Model exporting to file format supported by PowerWorld. Export/ Import The versions that need to be supported will be specified during the Statement of Work discussions. 15-077 Interfaces 15.04 IPC prefers that the import/export process of the Transmission model be part of the DB Management function and Network Model not a separate tool or function. Export/ Import 15-078 Interfaces 15.04 It shall be possible to easily select network Transmission elements to be excluded from the export file. Network Model Export/ Import 15-079 Interfaces 15.04 When importing a new model, the same validation Transmission processes and data management functions used Network Model for internally defining model shall be available and Export/ Import applied. 15-080 Interfaces 15.04 The Vendor shall describe in its response the Transmission mechanism used to export and import the data model and the options included in the system to 96 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description Network Model use the imported model (incremental changes, Export/ Import model conversion, mapping characteristics...) 15-081 Interfaces 15.05 Secure The system shall provide the ability to exchange File Transfer data with external systems via the SFTP protocol. Protocol (SFTP) 15-082 Interfaces 15.05 Secure IPC prefers that the SFTP interfaces in the system File Transfer will be used between the DMZ and the outside Protocol (SFTP) world. 15-083 Interfaces 15.05 Secure The system shall integrate the SFTP interface to be File Transfer able to securely exchange files with external Protocol (SFTP) systems. 15-084 Interfaces 15.05 Secure This interface and the mechanisms provided will be File Transfer used by other interfaces described in this Protocol (SFTP) specification as the conduit to exchange data files. 15-085 Interfaces 15.05 Secure Considering the relevance of the service that this File Transfer interface provides the Vendor shall include in its Protocol (SFTP) response a detailed description about the functions and mechanisms provided with the system to handle "push" and "fetch" of files using SFTP. 15-086 Interfaces 15.06 CAISO The system will obtain ADS instructions via the Energy internet or a dedicated connection to CAISO. Imbalance Market Interface 15-087 Interfaces 15.06 CAISO The system will process/transfer ADS instructions Energy such that they are available for Generation Control Imbalance and Dynamic NSI adjustments. Such processing Market may involve data transfers between different Interface modules/applications within the overall solution. 15-088 Interfaces 15.06 CAISO The system shall support IPC's participation in the Energy EIM through provision of APIs to obtain CAISO ADS Imbalance data that would be used to drive generation Market dispatch, processing to incorporate dynamic Interface schedule adjustments, user interfaces to display relevant information, alerts or other situational 971Page Business Requirements Idaho Power TOC Req ID Solution Area Category Description awareness to support operational decision making related to market instructions, and processing of data for downstream uses. 15-089 Interfaces 15.06 CAISO The system shall stay current with CAISO ADS API Energy changes to incorporate new technical Imbalance specifications, technology updates, versions or Market available data elements. Interface 15-090 Interfaces 15.06 CAISO The system shall support modeling of all IPC Energy Generation Resources in a manner consistent with Imbalance CAISO EIM Participation. This includes recognition Market of registered Resource IDs and association of those Interface IDs with controllable generation. This includes: 15-091 Interfaces 15.06 CAI5O • Individual Generating Resources Energy Imbalance Market Interface 15-092 Interfaces 15.06 CAISO • Aggregate Generating Resources Energy Imbalance Market Interface 15-093 Interfaces 15.06 CAISO • Multi-Stage Generators (MSGs) Energy Imbalance Market Interface 15-094 Interfaces 15.06 CAISO • Jointly Owned Units (JOUs), Energy Imbalance Market Interface 15-095 Interfaces 15.06 CAISO • Non-Generator Resources (NGRs). NGRs may Energy include Non-Conforming Loads (NCLs), Imbalance 98 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description Market Interface 15-096 Interfaces 15.06 CAISO • Dispatchable Demand Response (DDR) or Battery Energy or Pumped Storage Resources which can operate Imbalance in either charge or discharge modes Market Interface 15-097 Interfaces 15.06 CAISO • VER. Energy Imbalance Market Interface 15-098 Interfaces 15.06 CAISO The system shall support modeling of all IPC Energy Intertie Resources in a manner consistent with Imbalance CAISO EIM Participation. This includes: Market Interface 15-099 Interfaces 15.06 CAISO • Recognition of registered Resource IDs and the Energy ability to use market dispatches to dynamically Imbalance adjust Scheduled Interchange Market Interface 15-100 Interfaces 15.06 CAISO • ACE equation based on Dynamic ETSR dispatches. Energy Imbalance Market Interface 15-101 Interfaces 15.06 CAISO The system shall support the retrieval of all Energy information published by CAISO's ADS. This Imbalance includes: Market Interface 15-102 Interfaces 15.06 CAISO • Generation Dispatches Energy Imbalance 991Page Business Requirements Idaho Power TOC Req ID Solution Area Category Description Market Interface 15-103 Interfaces 15.06 CAISO • Generation Startup Energy Imbalance Market Interface 15-104 Interfaces 15.06 CAISO • Generation Shutdowns Energy Imbalance Market Interface 15-105 Interfaces 15.06 CAISO • MSG Transitions Energy Imbalance Market Interface 15-106 Interfaces 15.06 CAISO • VER Curtailments Energy Imbalance Market Interface 15-107 Interfaces 15.06 CAISO • Charge/Discharge Instructions Energy Imbalance Market Interface 15-108 Interfaces 15.06 CAISO • Dynamic ETSR Dispatches Energy Imbalance Market Interface 15-109 Interfaces 15.06 CAISO • Operational or Reliability Instructions such as Energy EIM Contingency Status or FollowDOT instructions. Imbalance 100 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description Market Interface 15-110 Interfaces 15.06 CAISO The system shall retrieve all ADS instructions in a Energy timely manner. Imbalance Market Interface 15-111 Interfaces 15.06 CAISO The ADS instructions should be published roughly Energy every five minutes but not on a specific/reliable Imbalance schedule. The ramp often must begin less than one Market minute after publication. The Vendor shall describe Interface in its response how their system minimizes lag in retrieval of ADS instructions. 15-112 Interfaces 15.06 CAISO The system shall provide an alarm to alert Energy Operators and/or the technology team about stale Imbalance market dispatch data (e.g. no payload retrievable Market within the expected 5 minute window, no current Interface instructions by the start of a ramp interval). 15-113 Interfaces 15.06 CAISO In the event that the system does not receive/ Energy successfully process updated Market Instructions, Imbalance the Market Mode instruction will have the option Market to automatically carry forward the last valid Interface Dispatch for that Resources (e.g. before the Operator switches to Manual Mode). The approach will be established during design. 15-114 Interfaces 15.06 CAISO The ADS Interface shall adhere to system Energy requirements for performance, stability, Imbalance availability, failover, switchover and cyber security. Market Interface 15-115 Interfaces 15.06 CAISO The EMS will provide a log for all ADS messages Energy requested and received. The log will be searchable Imbalance and filterable consistent with other UI Market requirements. Interface 1011 Business Requirements Idaho Power TOC Req ID Solution Area Category Description 15-117 Interfaces 15.07 OATI The system shall maintain then a bidirectional Interface interface with the OATI system using the SUP capabilities described in Section 15.5 of this specification to transfer dynamic scheduling information and generation data between the two systems. 15-119 Interfaces 15.07.01 The system shall automatically generate and Outgoing Data "push" files with data formatted for OATI system to use. 15-120 Interfaces 15.07.01 Similarly IPC shall be able to define the data for the Outgoing Data tie lines to be exported into a Tie Data flat file. 15-122 Interfaces 15.07.01 1. Energy accounting and generation data file Outgoing Data 15-123 Interfaces 15.07.01 2. Tie lines data file Outgoing Data 15-124 Interfaces 15.07.01 IPC shall be able to define the data to be included Outgoing Data int eh files 15-125 Interfaces 15.07.01 The flat files shall have the EIDE format to facilitate Outgoing Data the data exchange and IPC shall be able to configure the specific data to be used. 15-126 Interfaces 15.07.01 IPC shall be able to define the frequency for the Outgoing Data automatic generation of those files that by default would be hourly. 15-127 Interfaces 15.07.02 The system shall check, "fetch" and import the Incoming Data information provided by the OATI system through flat files that were created using the EIDE format. 15-129 Interfaces 15.07.02 1. Generation data including schedules, Real Time Incoming Data TSO for 2 hours 15-130 Interfaces 15.07.02 2. Inadvertent Interchange schedules for off-peak Incoming Data and on-peak periods 15-131 Interfaces 15.07.02 3. Net Scheduled Interchange (NSI) per location Incoming Data and hour for 2 days 15-132 Interfaces 15.07.02 The system shall allow IPC to configure the Incoming Data frequency of execution of this import process. 102 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description 15-133 Interfaces 15.08 Water The system shall be able receive and process Hydro CFS data using a flat file format available through the SFTP service in the DMZ. 15-134 Interfaces 15.08 Water The system shall use the SFTP service in DMZ to CFS "fetch" the Water CFS file as soon as it is available in the DMZ. 15-135 Interfaces 15.08 Water The system shall be able to read and process the CFS file every 5 seconds and contains the values corresponding to water flows for predefined locations. 15-137 Interfaces 15.09 Weather The system shall be able receive and process Data Weather data using a flat file format available through the SFTP service in the DMZ. 15-137 Interfaces 15.09 Weather The system shall use the SFTP service in DMZ to Data "fetch" the Weather Data file as soon as it is available in the DMZ. 15-137 Interfaces 15.09 Weather The shall be able to read and process the file Data available hourly with weather data (including solar irradiance) and assignment of specific weather station data to user selected hierarchical system areas. 15-138 Interfaces 15.09 Weather The system shall process the provided data so it is Data available for all the functions in the system, particularly the Load Forecast application. 15-140 Interfaces 15.10 Load The system shall provide the mechanisms to Forecast Data automatically generate a flat file with a predefined set of Load data, like Current Load for the hour, as well as the forecasted load for the next 30 days. 15-141 Interfaces 15.10 Load IPC shall be able to define the data to be included Forecast Data in the file 15-142 Interfaces 15.10 Load It shall be possible to define the frequency in Forecast Data which the file shall be generated. 15-143 Interfaces 15.10 Load System users shall also be able to trigger the file Forecast Data generation. 1031Page Business Requirements Idaho Power TOC Req ID Solution Area Category Description 15-144 Interfaces 15.10 Load The system shall use the SFTP service in DMZ to Forecast Data expose ("push") the generate Load Forecast file to external systems. 15-146 Interfaces 15.11 The system shall provide the mechanisms to Compliance automatically generate a flat file with a predefined Data set of information related to the User Accounts in the system, like last time of login, permissions,...) 15-147 Interfaces 15.11 IPC shall be able to define the data to be included Compliance in the file Data 15-148 Interfaces 15.11 The system shall use the SFTP service in DMZ to Compliance expose ("push") the generate Compliance file to Data external systems. 15-150 Interfaces 15.12 SMS/e- The system shall include a function to be able to Mail export sets of analog data using e-mail services Notifications provided. 15-151 Interfaces 15.12 SMS/e- The system shall support the use of SMS Service Mail and E-mail Service using secure SMTP (no clear Notifications text) 15-152 Interfaces 15.12 SMS/e- IPC shall be able to define which specific System Mail Alarms and Operating System alerts generate Notifications corresponding e-mails or Text Messages 15-153 Interfaces 15.12 SMS/e- The system shall provide the necessary tools for a Mail System Users, with the adequate permission, to Notifications configure the alarms and alerts that will trigger the notifications as well as the information needed to generate the notifications (Subject, to, From, e- mail addresses, phone numbers,...) 15-154 Interfaces 15.12 SMS/e- Based on the defined configuration, the system Mail shall prepare and request sending the data Notifications through the provided SMS/mail service when the alarm or alert happens. 15-155 Interfaces 15.12 SMS/e- Adapter will send SMS messages/Emails to the Mail SMS/SMTP server (directly or via middleware) Notifications 104 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description which will forward the messages to appropriate recipients 15-160 Interfaces 15.14 The system shall include the capability to capture Applications Network Applications save cases (Results and Snapshots Model) and make them available to other systems using the SFTP service. 15-161 Interfaces 15.14 The system shall generate automatically this save Applications cases every five (5) minutes Snapshots 15-162 Interfaces 15.14 The system shall use the SUP service in DMZ to Applications expose ("push") the generate Save Case file to Snapshots external systems. 03-004 System 03.01 System The configuration of the system shall be comprised Software Characteristics of a distributed computing environment within an architecture based on widely accepted industry standards for real time systems. 03-005 System 03.01 System All internal communications among the system Software Characteristics servers and all external communications between the system and other systems shall be based on widely accepted and published industry standards relevant to the Energy Management Systems. This applies to the: 03-006 System 03.01 System 1. Operating system Software Characteristics 03-007 System 03.01 System 2. The database management system Software Characteristics 03-008 System 03.01 System 3. The display management system Software Characteristics 03-009 System 03.01 System 4. The Application Programming Interfaces (APIs) Software Characteristics providing standardized interfacing between systems software and application software 03-010 System 03.01 System The proposed system software shall be Software Characteristics independent of the proposed hardware such that any hardware can be replaced or upgraded with a 105 1 ' Business Requirements Idaho Power TOC Req ID Solution Area Category Description functionally similar device not necessarily manufactured by the original manufacturer. 03-011 System 03.01 System Expandability shall be provided through the use of Software Characteristics a hardware and software platform that allows for vertical growth, and a configuration that allows horizontal growth and distributed computer/server support. 03-012 System 03.01 System Communication between system components, Software Characteristics servers, consoles and the applications that run on them shall not rely on non-secure protocols (e.g., rsh) and shall utilize instead secure network communication protocols like HTTPS, SFTP, SSH, SSL, etc. 03-014 System 03.01.01 All operating systems provided by the Vendor shall Software Operating be "off-the-shelf" with no modifications by the Systems Vendor. 03-017 System 03.01.01 The Operating System for the servers offered as Software Operating part of the system solution shall support MS Systems Windows server 2016 at a minimum but MS Windows Server 2019 is preferred. 03-018 System 03.01.01 For the Operating System in Consoles/Operator Software Operating Workstations, IPC prefers the use of Microsoft Systems Windows 10.x. 03-019 System 03.01.01 The Workstation hardware (Processor, Hard drive, Software Operating Graphics card, etc.) shall be future proofed for Systems Microsoft's latest Operating System 10.x whenever it is available and certified by the vendor. 03-020 System 03.01.01 All standard Operating System functions, Software Operating commands and tools, for instance telnet, ssh...shall Systems be available in the system. 03-021 System 03.01.01 The Vendor may provide additional utilities to Software Operating assist in management of the system and utilization Systems of operating system services. If such utilities are provided, they shall be fully supported and 1061Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description documented by the Vendor and original product Vendor. 03-022 System 03.01.02 Following system failure detection, it shall be Software System possible to determine the cause of the failure and Maintainability the cause shall be promptly isolated and corrected. 03-023 System 03.01.02 As an aid to the diagnosis and correction of Software System hardware problems, the system design shall permit Maintainability the execution of diagnostic programs with the system either online or off line. 03-024 System 03.01.02 The operation of online diagnostics shall not Software System degrade any critical system functions except for Maintainability device(s) under test or device(s) used in testing. 03-025 System 03.01.02 The system shall have the ability to generate Software System alarms for software and hardware issues via the Maintainability systems Alarming Processor (SCADA) and an event shall be logged to the Central Logging system as described in Section 5 "Cyber Security" of this specification. 03-026 System 03.01.02 Offline system maintenance shall utilize off line Software System diagnostics provided by the Vendor. Maintainability 03-027 System 03.01.02 Offline diagnostics shall support complete Software System maintenance of all hardware elements and the Maintainability diagnosis and isolation of any hardware fault. 03-028 System 03.01.02 The level of system repair to be undertaken by IPC Software System maintenance personnel shall be at the at the Field Maintainability Replaceable Unit (FRU) level. 03-029 System 03.01.02 The Vendor's or hardware manufacturer's Software System maintenance training classes shall provide the Maintainability training of IPC' maintenance personnel in the use of the offline diagnostics and unit replacement processes. 03-030 System 03.01.03 The system application software shall be modular Software Application to combine the applications and functions to 1071P - Business Requirements Idaho Power TOC Req ID Solution Area Category Description Software and deliver the functionality defined in this Databases specification. 03-031 System 03.01.03 The system application software shall be written in Software Application standard ANSI high-level languages and designed Software and to provide the highest possible level of hardware Databases independence. 03-032 System 03.01.03 The vendor shall provide system APIs to allow Software Application interaction with system functions, database access Software and and data and messaging exchange with external Databases applications. 03-033 System 03.01.04 The system shall provide tools to facilitate the Software Database development and maintenance of required Management databases and displays. 03-034 System 03.01.04 These tools should support the ability to make Software Database databases and display changes online and offline. Management For offline changes, the tools shall include procedures for seamlessly promoting the new database and/or propagating new and modified displays to other environments in the system. 03-035 System 03.01.04 All online database changes shall be rolled Software Database out/rolled back into the production system Management without affecting or disrupting the system operation and its users. 03-036 System 03.01.04 The system databases shall be able to be expanded Software Database to the ultimate specified size defined in Appendix A Management of this specification without the need of software changes and/or recompilation of applications or functions. 03-037 System 03.01.04 The DBMS supplied with the system, shall be the Software Database basis for the Historical Information Storage and Management Reporting (HISR) system and shall also be available for general-purpose use, including the management of databases not originally provided by the Vendor. 1081Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description 03-038 System 03.01.04 No restrictions to such additional use shall exist Software Database apart from the resource limitations of the system. Management 03-041 System 03.02 System • Application Scheduling and Monitoring Software Services 03-042 System 03.02 System • Naming Service Software Services 03-043 System 03.02 System • Backup Services Software Services 03-044 System 03.02 System • Network and Application Time Services Software Services 03-046 System 03.02.01 The system shall include a facility for an program Software Application or User to schedule application activity. This Scheduling and facility shall permit the following types of Monitoring schedules: 03-047 System 03.02.01 • Time(s) of the day Software Application Scheduling and Monitoring 03-048 System 03.02.01 • Periodic frequency and base time Software Application Scheduling and Monitoring 03-049 System 03.02.01 • Event driven —the system shall be configurable Software Application as to which events will trigger an event-driven Scheduling and execution Monitoring 03-050 System 03.02.01 • On Demand Software Application Scheduling and Monitoring 03-051 System 03.02.01 When specifying a periodic execution, it shall be Software Application possible to specify if the period is based on the start or end of the previous execution. 1091 Business Requirements Idaho Power TOC Req ID Solution Area Category Description Scheduling and Monitoring 03-052 System 03.02.01 All time-based schedules shall be definable based Software Application on absolute or relative time, based on either Scheduling and network or application system time scales. Monitoring 03-053 System 03.02.01 The scheduling services shall monitor all schedules Software Application to ensure execution at the correct times, and Scheduling and notify the Users via the Alarm/Events subsystem Monitoring for any failures or missed schedules as well as the successful start of an scheduled activity with the reason for activation. 03-054 System 03.02.01 The system shall also support the ability to log an Software Application event to IPC's Central Logging System via a syslog Scheduling and message. Monitoring 03-055 System 03.02.01 User shall also be able to enable/disable or modify Software Application any time-based schedule online without requiring Scheduling and re-compilation of code or restarting of the systems Monitoring or functions 03-056 System 03.02.01 The Vendor shall provide displays to enable the Software Application User to manage the Scheduling Services and other Scheduling and functions related to application monitoring. Monitoring 03-057 System 03.02.01 The system shall provide independent redundant Software Application Domain Name Service (DNS) servers to allow users Scheduling and to reference computing network resources by Monitoring name. 03-058 System 03.02.01 The system shall also be configured to resolve Software Application critical network resources utilizing the local system Scheduling and host files in the event that the provided Naming Monitoring Service is unavailable. 03-060 System 03.02.03 The system shall provide distributed backup Software Backup services in each environment, or site, to backup Services 110 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description and restore system components, software, and data located within the environment or site. 03-061 System 03.02.03 Currently IPC uses Veeam software as its backup Software Backup solution. The Vendor shall indicate in its proposal Services compatibility with this software or propose its standard base solution for backup services. 03-062 System 03.02.03 The proposed Backup services shall be managed Software Backup centrally in the system and include the needed Services user interface for the users to define backup strategies (images, full backup, incremental) , frequency, schedule, media, etc., as well as guidance through the restoration process. 03-063 System 03.02.03 For individual files back up, the data to be backed Software Backup up shall cover at a minimum: Displays, Source Data Services Base, real-time data, save cases, historical data, application files, etc. 03-065 System 03.02.03 • Production Environment (Both Sites) Software Backup Services 03-066 System 03.02.03 • Primary QAS Environment Software Backup Services 03-067 System 03.02.03 • PDS Environment Software Backup Services 03-068 System 03.02.03 • Dispatcher Training Simulator Environment Software Backup Services 03-069 System 03.02.03 All of the environments shall have restoration Software Backup services capabilities (i.e.: standard O/S images, Services scripts that install software from central location, etc.) to be able to perform, at a minimum the following restoration activities: 111 � Business Requirements Idaho Power TOC Req ID Solution Area Category Description 03-070 System 03.02.03 • Full system restoration (all software and Software Backup databases) Services 03-071 System 03.02.03 • Databases restoration Software Backup Services 03-072 System 03.02.03 • Individual files restoration Software Backup Services 03-073 System 03.02.03 These processes will be tested during the factory Software Backup acceptance tests to verify that the backup sets are Services recoverable. 03-074 System 03.02.03 IPC shall be able to use the equipment backup Software Backup images for full system, servers or console Services restoration. 03-075 System 03.02.03 These processes will be tested during the factory Software Backup acceptance tests to verify that the backup sets are Services recoverable. 03-076 System 03.02.04 Time The system shall be able to use existing Network Software Services Time Protocol (NTP) time services to maintain all servers in all the environments synchronized. 03-078 System 03.02.04 Time The time provided by the GPS source is considered Software Services the standard time. 03-079 System 03.02.04 Time The system applications and functions shall use the Software Services time services to synchronize with the standard time and maintain the application or system time. 03-080 System 03.02.04 Time The system time is the one used by the system and Software Services is distinctive from the standard time. 03-081 System 03.02.04 Time The system shall automatically synchronize with Software Services the network time service to maintain time across all devices within 10 milliseconds. 03-082 System 03.02.04 Time The system shall be configured to disregard any Software Services time signal from a NTP source if the delta between the system time and the source time is larger than 112 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description a User-configurable value. If this condition occurs, the system shall log an event via the Alarm/Events subsystem and IPC's Central Logging System via a syslog message. 03-083 System 03.02.04 Time The system shall be able to continue operation Software Services with the system time until the standard time can be synchronized again. 03-085 System 03.02.04 Time 1. Process Daylight Saving Time switchovers Software Services automatically and assure that all functions and programs are updated appropriately. 03-086 System 03.02.04 Time a. The system shall handle switching to and from Software Services daylight saving time without an outage to the system or loss of data. 03-087 System 03.02.04 Time b. Capability to enable/disable or change the Software Services scheduled date and time of automatic switchover of the daylight saving time shall also be provided via graphical user interface. 03-088 System 03.02.04 Time c. All logs and reports shall accommodate daylight Software Services saving time switchover such that the missing or extra hour is processed appropriately without manual intervention. 03-089 System 03.02.04 Time 2. A uniform internal representation to facilitate Software Services normal date and time, relative date and time, arithmetic date, and time operations, etc. 03-090 System 03.02.04 Time The system shall provide a method to audit and Software Services report on the current time deviation and the time standards. 03-091 System 03.02.05 Print The system shall provide network print services Software Services that are available for use from any node. This service shall transparently route print jobs to the specified printer. 03-092 System 03.02.05 Print Users shall be kept informed of the status of their Software Services print jobs. 1131Page Business Requirements Idaho Power TOC Req ID Solution Area Category Description 03-093 System 03.02.05 Print Users shall be assigned a default printer and shall Software Services be able to override the default for access to other printers in the computing network. 03-094 System 03.02.06 The system shall be able to interface to IPC's Software Independent monitoring system, Splunk and SolarWinds, for System servers, Network Devices, and processes via Simple Monitoring and Network Management Protocol (SNMP) and Central Logging Syslog. System 03-095 System 03.02.06 The system shall be capable of providing an Software Independent independent system to monitor the current System operating conditions of selected hardware, Monitoring and operating systems, and applications from a central Central Logging location. System 03-096 System 03.02.06 The independent alarm and event watchdog shall Software Independent be notified in the event the alarm and/or event System function has failed or has been degraded. Monitoring and Central Logging System 03-097 System 03.02.06 Additionally the system shall provide the ability to Software Independent notify Support personnel of detected issues via e- System mail and/or text message shall be provided. Monitoring and Central Logging System 03-098 System 03.02.06 The Vendor shall describe how its system will Software Independent interface with an external facility to monitor alarm System and event processing and generate notifications Monitoring and (SMS/email) to support personnel. Central Logging System 03-099 System 03.02.06 The Vendor shall provide documentation and/or Software Independent tools with enough level of detail to allow IPC to System 114 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description Monitoring and understand, process and utilize data consumed by Central Logging the Central Logging system (Splunk) System 03-100 System 03.03 System All parameters (e.g., tuning parameters, Software Configuration configuration, execution periodicity, etc.) utilized Parameters by the system applications in their tuning and configuration shall be defined in the database. 03-101 System 03.03 System All of these parameters shall be accessible via Software Configuration displays/forms. These displays/forms shall be easy Parameters to understand and navigate. 03-102 System 03.03 System If there are any exceptions, the vendor shall Software Configuration provide a list of the parameters and detailed Parameters explanation of the exception and how their configuration is handled in the system. 03-103 System 03.04 System The Vendor solution shall provide a system Software Monitoring and hardware/function configuration where critical Control hardware and functions are duplicated and any major failure can be isolated. 03-104 System 03.04 System The system shall monitor the critical functions for Software Monitoring and failures and take corrective actions to recover Control whenever possible. 03-105 System 03.04.01 Error The system shall provide for the monitoring of all Software and Failure servers, devices and functions for error conditions. Detection 03-106 System 03.04.01 Error If the system detects errors or failures, it shall log Software and Failure such instances with sufficient detail (date/time, Detection error/failure messages, and system recovery actions) for Support Users to troubleshoot. 03-107 System 03.04.01 Error The system shall alert Users via the system Alarm/ Software and Failure Events subsystem for all error and failures Detection detected. 03-108 System 03.04.01 Error Fatal software errors shall result in either Software and Failure termination of the function or shall be handled as a Detection fatal server error. 1151 Business Requirements Idaho Power TOC Req ID Solution Area Category Description 03-109 System 03.04.01 Error The action to be performed for each error/function Software and Failure shall be defined. Detection 03-110 System 03.04.01 Error If the function is to be terminated, future Software and Failure executions of the function shall also be inhibited Detection until the function is manually initiated. 03-111 System 03.04.01 Error The system shall also send an event to IPC's Central Software and Failure Logging System via a syslog message. Detection 03-112 System 03.04.02 The system shall support device monitoring and Software Device control functions on all major devices, including Monitoring and but not limited to: system servers, operators Control consoles, communication infrastructure (routers, switches, LANs, data links), GPS/NTP and file systems. 03-113 System 03.04.02 Devices shall be monitored periodically to ensure Software Device that they are working properly. This system Monitoring and interface shall ensure control, status, and Control diagnostic access to the devices. 03-114 System 03.04.02 This interface shall ensure control, status, and Software Device diagnostic access to the device and coordinate Monitoring and with sub-systems that may be actively using the Control device. 03-115 System 03.04.02 Device usage statistics, including recoverable and Software Device unrecoverable error counts, shall be obtained Monitoring and directly from device drivers or from sub-system Control pseudo drivers, and shall be maintained in the database and displayed on the system. 03-116 System 03.04.02 Abnormal state changes for the devices shall be Software Device optionally alarmed, depending on database Monitoring and configuration. All state changes shall be logged via Control the Alarm/Events subsystem and sent to the Central Logging system and External Monitoring system. 116 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description 03-117 System 03.04.02 Recovery from any communication failure (e.g., Software Device RTU, server, or workstation) shall be completed Monitoring and within the time defined in Appendix B, Table 13.1-1 Control of this specification. 03-118 System 03.04.02 The system shall monitor all recoverable errors for Software Device the monitored devices and change the state of any Monitoring and server or device that exceeds a configurable error Control threshold. 03-119 System 03.04.02 Device status information shall be maintained Software Device within the real-time database. The User Interface Monitoring and System shall provide the users with access to Control displays with status information and permit the authorized User to request status changes for specific devices. 03-120 System 03.04.02 At a Support User's request, certain devices shall Software Device be controlled to initiate a different state. Monitoring and Control 03-121 System 03.04.02 The definition of states will depend on the Software Device Vendor's design. , however, the following states, or Monitoring and their equivalent, shall be supported as a minimum: Control 03-122 System 03.04.02 1. Disabled (the device is marked down by the Software Device Support User) Monitoring and Control 03-123 System 03.04.02 2. Failed (the device status is marked failed by the Software Device server) Monitoring and Control 03-124 System 03.04.02 3. Online (the device status indicates normal Software Device operation) Monitoring and Control 1171 Business Requirements Idaho Power TOC Req ID Solution Area Category Description 03-125 System 03.04.02 4. Standby (the device status indicates that it is Software Device available to transition to online) Monitoring and Control 03-126 System 03.04.03 The system shall provide tools for monitoring and Software Function controlling the availability of all functionality Monitoring and required by this specification. All functions shall be Control configured as redundant or non-redundant based the availability requirements for the environment they are located within. 03-127 System 03.04.03 For redundant functions, they shall be configured Software Function in a primary/secondary or hot/standby Monitoring and configuration with automatic and/or manual Control failover 03-128 System 03.04.03 The system shall be configurable as to the events Software Function that will trigger an automatic function failover. Monitoring and Control 03-129 System 03.04.03 The User shall also have the ability to request a Software Function failover of a function or function(s) to the Monitoring and appropriate secondary/standby server or device. Control 03-130 System 03.04.03 If a server or devices hosts multiple primary Software Function functions and the state of that server or device Monitoring and changes, the system shall be configured to Control automatically failover all those functions to the appropriate secondary server or device. 03-131 System 03.04.03 In the case where there are no available servers or Software Function devices to assume the failed functionality, the Monitoring and system shall be configurable to permit the restart Control of the function on the existing server or device if possible 03-132 System 03.04.03 There will be a User-configurable number of Software Function function restart attempts before declaring the Monitoring and function failed. Control 118 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description 03-133 System 03.04.03 The system shall have a mechanism for detecting if Software Function two master computers have both initialized in a Monitoring and primary mode. The system shall then arbitrate Control which master computer will remain as primary, and which will stand down to a standby mode. 03-134 System 03.04.03 The system shall detect any server and/or function Software Function failures within the time defined in Appendix B, Monitoring and Table 13.1-1 and initiate the appropriate response Control (restart or failover). 03-135 System 03.04.03 Any function failover or failure shall generate an Software Function alarm via the system Alarm/Events subsystem. The Monitoring and system shall also send an event to IPC's Central Control Logging System via a syslog message. 03-137 System 03.05.01 Function restarts shall occur automatically to Software Function recover from hardware or software errors or Restart manually invoked by a user via the system UI. Once initiated, the function restart shall not require user intervention to complete. 03-138 System 03.05.01 The restart logic shall also preclude conflicts Software Function among servers, such as assigning too few or too Restart many servers to the primary state and the erroneous duplication of functions in multiple servers. 03-139 System 03.05.01 Immediately after the initialization tasks have been Software Function completed, the restarted function(s) shall be Restart scheduled for execution. 03-140 System 03.05.01 All function restarts shall log the event via the Software Function system Alarm/Event subsystem and an event shall Restart be logged to the Central Logging system, as well as the External Monitoring system. 03-141 System 03.05.01 Restarts shall be completed within the time listed Software Function in Appendix B, Table 13.1-1, System Configuration & Restart Software Maintenance Performance. 1191 Business Requirements Idaho Power TOC Req ID Solution Area Category Description 03-142 System 03.05.02 The system shall initiate a failover operation, Software Function and transferring the functions of the failed server to a Server Failover functioning server. 03-143 System 03.05.02 A user shall also have the ability to initiate a Software Function and failover of the primary server functions. Server Failover 03-144 System 03.05.02 Immediately upon detection of a failure, the failed Software Function and server's primary state shall change to down and all Server Failover peripheral devices and interconnections shall be reconfigured as necessary to support the restarting functions in the new primary server. If the functions are restarted in a secondary server, the server state shall be changed to primary. 03-145 System 03.05.02 Immediately upon detection of a failure, the failed Software Function and server's primary state shall change to down and all Server Failover peripheral devices and interconnections shall be reconfigured as necessary to support the restarting functions in the new primary server. If the functions are restarted in a secondary server, the server state shall be changed to primary. 03-146 System 03.05.02 After a server failover, alarm conditions as shown Software Function and on the alarm summaries and other displays shall be Server Failover up to date with no loss of data/application state. 03-147 System 03.05.02 All data, including telemetered, calculated, Software Function and manually entered data such as overridden Server Failover telemetered values, tags, memos, control inhibits, outages, trouble calls, function execution and control parameters, input and output data, shall also be current after the failover. 03-148 System 03.05.02 All failovers shall be alarmed via the system Software Function and Alarm/Events subsystem and an event shall be Server Failover logged in the Central Logging system, as well as notify the Independent Monitoring system. 03-149 System 03.05.02 See Appendix B, Table 13.1-1 System Configuration Software Function and and Software Maintenance, for failover Server Failover performance parameters. Failovers are considered 120 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description completed when all communications have been re- established. 03-150 System 03.05.03 Site The system shall allow manual (on demand) site Software Failover failover as well as execute an automatic site failover when the production environment of the site operating on-line completely fails because critical functions like SCADA or AGC (configurable) are unavailable. The conditions for automatic failover shall be configurable. 03-151 System 03.05.03 Site The Sites failover is considered completed when all Software Failover the functions in the new Primary site are in operations and the communications with the RTUs and ICCP link have all been initiated and are all active. 03-152 System 03.05.03 Site The failover assumes that the databases between Software Failover the two sites are synchronized. If the databases are not in sync, the system shall warn the user of this condition and provide the option to continue with the failover. 03-153 System 03.05.03 Site The status of the databases, the warning message Software Failover and the overwrite decision by the operator shall be registered in the log. 03-154 System 03.05.03 Site The Vendor shall provide a mechanism or function Software Failover like Health Monitoring, to verify that the systems are in operation and ready to take over operations with all the data synchronized. 03-155 System 03.05.03 Site Once the Backup system has assumed the primary Software Failover role, its databases become the Master. The system shall ensure that only one set of Master databases exists in the system. 03-156 System 03.05.03 Site The system shall ensure that all databases' Software Failover structures and data changes processed in the Master are queued until the site that became secondary is available again and then perform synchronization with the new Slave. The queue size shall be configurable but a minimum of 12 1211 Business Requirements Idaho Power TOC Req ID Solution Area Category Description hours shall be supported. The user shall be notified when the queue has been filled to configurable levels to avoid overflows. 03-157 System 03.05.03 Site The system shall also provide mechanisms and Software Failover tools for the user to request the replication of all the databases from the Master to the Slave in case it is necessary to recover from error conditions. 03-158 System 03.05.04 Server Server start-up shall be performed when Software Start-Up commanded by a user and when server input power is interrupted and restored such that the operating environment of the server is established prior to restarting its functions. 03-159 System 03.05.04 Server A function restart shall be initiated after server Software Start-Up start-up to bring the server to the appropriate state. 03-160 System 03.05.04 Server Server start-up shall be completed within the time Software Start-Up listed in Appendix B, Table 13.1-1, System Configuration and Software Maintenance Performance. 03-161 System 03.06 Database The system shall provide tools for replicating Software Replication system databases between the redundant servers in the same environment, between environments (Production to QA for instance) and between the Production environments in both Sites 03-162 System 03.06 Database The ability to enable/disable replication between Software Replication environments shall be provided. 03-163 System 03.06 Database Having the databases and the data replicated will Software Replication allow the system to continue its operation after a switchover between redundant servers in an environment or perform a failover between sites if needed. 03-164 System 03.06 Database The configuration or structural database, the real- Software Replication time database and the historical database shall be replicated depending on their characteristics and system needs. 122 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description 03-165 System 03.06.01 Within each environment, the system shall Software Database replicate the databases needed to ensure a Replication in seamless operation of the system in case of the Same restarts, failovers or switchovers of functions, Environment servers or devices. 03-166 System 03.06.01 This means that the database structures, as well as Software Database the real-time and historical data, need to be Replication in replicated on redundant servers to ensure that no the Same event results in the loss of any critical data. Environment 03-168 System 03.06.01 1. User entries— manual overrides, limits, tags, Software Database program execution parameters, etc. Replication in the Same Environment 03-169 System 03.06.01 2. Alarms and events Software Database Replication in the Same Environment 03-170 System 03.06.01 3. Tags Software Database Replication in the Same Environment 03-171 System 03.06.01 4. Trouble Call and Outages Software Database Replication in the Same Environment 03-172 System 03.06.01 4. Program results needed for its next execution Software Database Replication in the Same Environment 1231 Business Requirements Idaho Power TOC Req ID Solution Area Category Description 03-173 System 03.06.01 5. Historical Data Software Database Replication in the Same Environment 03-175 System 03.06.02 The system shall include a Master system database Software Database where all the definition changes are performed. Replication Other environment databases shall be defined as Between Slaves. Environments 03-176 System 03.06.02 When database definitions are created or modified Software Database on the Master, the updates shall be applied to all Replication associated servers within the Master Production Between environment system first. Environments 03-177 System 03.06.02 The database transactions shall be made then Software Database available to all configured Slave database Replication environments. Database updates to the non- Between production Slave environments shall be performed Environments at the convenience of the database administrator. When the Slave environments are updated, all associated servers in that environment shall be updated. 03-178 System 03.06.02 The QAS is the environment that IPC will define as Software Database the Database Master allowing IPC to perform the Replication necessary quality control process in all changes Between coming to the system. Environments 03-180 System 03.06.03 All database data changes, after being committed Software Database on the Primary Production Environment shall be Replication replicated automatically to the second site's Between Sites Production Environment within the time defined in Appendix B, Table B.1-1 of this specification. 03-181 System 03.06.03 The proposed solution, apart for the replication of Software Database changes in Master DB, the HISR DB shall be replicated applying the same principles. 124 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description Replication Between Sites 03-182 System 03.06.03 Data replication between the Primary and Backup Software Database Production Environments shall be made in real Replication time. Between Sites 03-183 System 03.06.03 If communication problems exist between the two Software Database sites, data replication shall queue the changes. Replication Upon reestablishment of communications Between Sites between the Primary and Backup Production Environments, the buffered data in the queue shall be applied to the appropriate site. 03-184 System 03.06.03 The system shall provide the tools and utilities Software Database needed to allow the user to control the Replication synchronization between the Primary and Backup Between Sites Production Environments, disabled/enabled this function, resynchronize the two site's databases, monitor their status (on line/off line) and define their role (Master/Slave). 03-185 System 03.06.03 The addition, deletion, or restructuring of Software Database databases in the system shall be accommodated by Replication the replication service without requiring changes Between Sites to the code. 03-186 System 03.06.03 If any replication task has failed to execute Software Database properly, it shall be logged appropriately via the Replication Alarm/Events subsystem and sent to the Central Between Sites Logging system, as well as the notify the Independent Monitoring System and any external application/server which interface has been defined for that purpose. 03-187 System 03.07 System The system shall be configured to support the Software Sizing capacity defined in Appendix A of this specification. 03-188 System 03.07 System The required sizing is defined so the system can be Software Sizing designed and configured to be able to handle the 1251Page Business Requirements Idaho Power TOC Req ID Solution Area Category Description required capacities without changes in the HW or application configuration. 03-189 System 03.07 System The software and hardware provided shall allow Software Sizing for specified growth of the system (e.g., power system expansion, additional number of data points and devices, etc.). 03-190 System 03.08 System The system shall meet the performance Software Performance requirements detailed in Appendix B of this specification and outlined in this section. 03-195 System 03.08.01.01 1. The system shall be configured with all hardware Software Base and functions as required by this Technical Conditions Specification. 03-196 System 03.08.01.01 2. All operator's consoles are running, operators Software Base are logged into the system and the User Interface Conditions capabilities are in operation with at least the following windows open in each console: 03-197 System 03.08.01.01 a. Network/Substation display Software Base Conditions 03-198 System 03.08.01.01 b. Alarm Summary Software Base Conditions 03-199 System 03.08.01.01 c. Active tags Software Base Conditions 03-200 System 03.08.01.01 d. Notes/Operator's Log Software Base Conditions 03-201 System 03.08.01.01 e. For EMS/GMS testing Software Base Conditions 03-202 System 03.08.01.01 • Items "a" through "e" above Software Base Conditions 126 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description 03-203 System 03.08.01.01 • Transmission Network Applications Display Software Base Conditions 03-204 System 03.08.01.01 • AGC Display Software Base Conditions 03-205 System 03.08.01.01 f. For OMS Testing Software Base Conditions 03-206 System 03.08.01.01 • Items "a" through "e" above Software Base Conditions 03-207 System 03.08.01.01 • Trouble Call List Software Base Conditions 03-208 System 03.08.01.01 • Outage Management Software Base Conditions 03-209 System 03.08.01.01 f. For DMS Testing Software Base Conditions 03-210 System 03.08.01.01 • Items "a" through "e" above Software Base Conditions 03-211 System 03.08.01.01 • Distribution Network Applications Display Software Base Conditions 03-212 System 03.08.01.01 3. The system software and databases shall be Software Base configured (e.g., sized) in accordance with the Conditions requirements identified in Appendix A, "System Sizing". 03-213 System 03.08.01.01 4. All the security features, as defined in Section 5 Software Base of this specification, have been verified and remain Conditions in operation during the test. 1271 Business Requirements Idaho Power TOC Req ID Solution Area Category Description 03-214 System 03.08.01.01 5. The contents of the system databases and the Software Base display and report definitions shall be as Conditions determined by IPC 03-215 System 03.08.01.01 6. All real time analog values defined in the system Software Base DB are being received at the periodicity defined. Conditions 03-216 System 03.08.01.01 7. The historical archiving system is running and Software Base data being stored. Conditions 03-217 System 03.08.01.01 8. All external interfaces shall be operating at the Software Base rates and capacities identified in this specification Conditions 03-218 System 03.08.01.01 9. All system functions shall execute at the Software Base periodicities and execution times specified in Conditions Appendix B, Table B.4-1 Execution/Response Times. 03-219 System 03.08.01.01 a. For Data Processing, the execution time is Software Base measured from the receipt of the message Conditions containing the changed data until all processing is complete, including storage of the value in the database and updating all appropriate alarm/event summaries. 03-220 System 03.08.01.01 b. For Supervisory Control, the execution time is Software Base measured from the time the User executes the Conditions command in the UI until the command is sent out or the user is notified that the action has failed. 03-221 System 03.08.01.01 10. Simulation Mode is active in at least 2 Software Base engineers' consoles with the ADMS applications Conditions running at the frequency defined in Appendix B Table B-4.1 of this specification. 03-224 System 03.08.01.02 • Normal-Activity Scenario—this scenario Software Performance represents the expected normal conditions for the Testing system environment it shall run for sixty (60) minutes. 128 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description 03-225 System 03.08.01.02 • High-Activity Scenario—this scenario represents Software Performance system conditions (e.g., severe storms, high heat, Testing etc.) that results in a significantly higher level of system activity from the Normal-Activity scenario and it shall run for a minimum of sixty (60) minutes. 03-226 System 03.08.01.02 The following table summarizes the conditions for Software Performance both of these scenarios: Testing 03-227 System 03.08.01.02 If a situation occurs beyond those outlined in the Software Performance High-Activity scenario, the system shall continue to Testing operate with the potential for degraded performance. 03-228 System 03.08.01.02 The Vendor shall provide all necessary tools and Software Performance scripts required to simulate the system loading as Testing defined in table above in this section 03-229 System 03.08.01.02 For FAT, the Vendor shall simulate these conditions Software Performance to the extent possible. Testing 03-230 System 03.08.01.02 For SAT, the performance tests shall be executed Software Performance using a combination of actual telemetry and Testing simulated conditions, as determined by IPC, using the Vendor-provided tools. 03-231 System 03.08.01.03 All servers and workstations shall meet the specific Software Resource performance requirements shown in Appendix B, Utilization Table 13.2-1, "Resource Utilization". This table outlines the average resource utilization requirements for the two (2) performance activity scenarios presented above. 03-232 System 03.08.01.03 Utilization is defined as the average utilization over Software Resource the time of the test scenario and shall be Utilization calculated as the used capacity of the resource divided by the total available capacity of the resource. For example, processor average utilization may be calculated as busy time divided by total time. LAN average utilization may be 1291 Business Requirements Idaho Power TOC Req ID Solution Area Category Description calculated as the quantity of data transferred (MB) divided by the LAN data rate (MB/s) multiplied by the total time (seconds). 03-233 System 03.08.01.04 The User interface of the system shall perform at Software User Interface an expected rate during Normal-Activity and High- Response Activity scenarios. The expected response times and rates are shown in Appendix B, Table 13.3-1 "User Interface Response Times". 03-235 System 03.08.01.04 1. Display Request— Measured from the time the Software User Interface User requests a display (through menu selection, Response function key selection, or cursor target selection) until the display is presented to the User with complete and current data populated on the screen 03-236 System 03.08.01.04 2. Point Changes, Alarms and Events— Measured Software User Interface from the time a data item changes to the time the Response value is stored in the RT DB, presented to the user and an alarm and event is reported, either audibly and/or visually. Response shall be measured for at least the following alarm/event initiations: 03-237 System 03.08.01.04 a. A point change at a RTU or ICCP that produces Software User Interface an alarm Response 03-238 System 03.08.01.04 b. A periodic SCADA, EMS, GMS, OMS, DMS Software User Interface function that produces an alarm Response 03-239 System 03.08.01.04 c. A User initiated SCADA function that produces Software User Interface an alarm Response 03-240 System 03.08.01.04 d. A system failure condition (device, function, Software User Interface service,...) that produces an alarm Response 03-241 System 03.08.01.04 3. Acknowledgement and Deletion — Measured Software User Interface from the time the User either acknowledges Response and/or deletes an alarm to the time the alarm 130 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description changes state on the display and the alarm is recorded in the real-time database. 03-242 System 03.08.01.04 4. User Requests— Measured from the time the Software User Interface User initiates a request to the time the request is Response completed or its failed execution is notified to the user. A successful request completion is considered when the results are presented to the user, stored in the real-time DB and the affected displays are updated. 03-243 System 03.08.01.04 The default response times represent the Software User Interface maximum time to notify the user that the request Response has been accepted and the action initiated. If the default response times are exceeded the system shall: 03-244 System 03.08.01.04 1. Produce a visible indication that the action is Software User Interface been processed Response 03-245 System 03.08.01.04 2. The UI shall be ready to accept further inputs Software User Interface Response 03-246 System 03.08.01.04 For the system to successfully demonstrate the Software User Interface required User Interface response times, 98% of all Response UI actions shall complete within the maximum time listed, and 100% shall complete within 1.5 times the maximum time listed. 03-247 System 03.08.01.04 The UI logout requirement includes application Software User Interface shutdown and operating system logout and the Response time shall be measured from command to logout until the system is ready for User login. 03-248 System 03.08.01.04 The UI login requirement includes operating Software User Interface system and application login. The time shall be Response measured from successful User authentication until the User interface is running and ready for User input. 131 jPage Business Requirements Idaho Power TOC Req ID Solution Area Category Description 03-249 System 03.08.01.05 The system shall maintain all required Software Performance performance and capacity requirements while one During Server server within a redundant pair is unavailable. Failure, Switchover and Startup 03-250 System 03.08.01.05 A switchover operation to transfer operational Software Performance responsibilities in a redundant configuration During Server should be instantaneous. Failure, Switchover and Startup 03-251 System 03.08.01.05 The required time for the system to perform a Software Performance switchover is measured from the time that the During Server action is triggered until the backup processor has Failure, assumed all the activities from the one that was Switchover and on-line. The switchover time required is defined in Startup Appendix B, Table 13.1-1 of this specification. 03-252 System 03.08.01.05 The system shall be configured to restore the Software Performance operational system environment and all assigned During Server functions after a power loss or user request to Failure, restart.The time required for the system to be in Switchover and full operation after a startup is defined in Appendix Startup B, Table 13.1-1 of this specification. 03-253 System 03.08.01.05 Three start-up scenarios shall be considered as Software Performance part of the performance demonstration: Server During Server start-up (cold), function/application startup (hot) Failure, and full system startup. Switchover and Startup 03-254 System 03.08.01.06 Site failover performance shall be measured from Software Site Failover the time the user requests failover to the time Performance when the Production environment in the second site is fully functional, all critical functions in operation in its primary role. 132 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description 03-255 System 03.08.01.06 The Site failover time requirement is defined in Software Site Failover Appendix B, Table 13.1-1 of this specification. Performance 03-257 System 03.09 The system shall be designed such that a single Software Availability component failure shall not cause the loss of any critical system function. 03-258 System 03.09 For those devices having a high failure rate or a Software Availability potentially long repair time, multiple device failures shall not cause the loss of any critical system function. 03-259 System 03.09 The Production environments in both sites shall Software Availability have an overall availability of 99.99% over a one- year period. 03-260 System 03.09 The Vendor shall demonstrate this level of Software Availability availability over an extended period of actual system operation during the Availability Test. 03-261 System 03.09 The Production Environment shall be considered Software Availability available when all functionality described in this specification is executing as designed. 03-262 System 03.09 Under normal conditions (e.g., Primary Production Software Availability Environment is online and available), the Production Environment in the backup site is considered available if it is synchronized with the Primary Production Environment and is ready to assume the production role. Once this backup site assumes the primary production role, after a site failover, the definition of and target availability are the same as the Primary Production Environment. 03-263 System 03.09 Environments different than the Production Software Availability Environments shall exhibit a measured availability no less than 99.5% over any one-year period. 03-264 System 03.09 The Vendor shall demonstrate these levels of Software Availability availability over an extended period of 1000 hours of actual system operation as part of the Availability Test. 133 age Business Requirements Idaho Power TOC Req ID Solution Area Category Description 03-265 System 03.09 Given the implementation of the system in phases Software Availability with different components available, the Availability test will be repeated at the end of each phase to ensure that the components delivered in that phase comply with the availability requirements. 03-266 System 03.09 The following availability calculation shall be used Software Availability during the test: Availability (%) = (Up Time — Down Time) *100/ Total Time 03-268 System 03.09 • A critical function is not available or unusable in Software Availability the system 03-269 System 03.09 • One or more operator's consoles are not fully Software Availability available. 03-270 System 03.09 A thirty-seconds (30) penalty shall be added to the Software Availability cumulative downtime for every automatic failover of a processor or function. 03-271 System 03.09 For the purpose of system performance and Software Availability availability all system functions are considered critical unless explicitly defined as non-critical. 03-274 System 03.10.01 The system shall be based on the Vendor's Software Design standard product line to meet the functional Characteristics requirements of this specification. 03-276 System 03.10.01 All software to be provided with the system shall Software Design be identified in the Vendor's proposal. Characteristics 03-277 System 03.10.01 Any software modified or developed to satisfy a Software Design specific requirement of this specification shall be Characteristics considered specially designed for this project. 03-278 System 03.10.01 IPC reserves the right to approve the design of Software Design such new or modified software, without relieving Characteristics the Vendor of the responsibility to meet the functional requirements of this specification. 134 Page Idaho Power Business Requirements TOC Req ID Solution Area Category Description 03-279 System 03.10.01 All software shall be capable of easy expansion to Software Design accommodate the anticipated growth of the Characteristics system. 03-280 System 03.10.01 The size and configuration of the system shall be Software Design specified by easily modified parameters contained Characteristics in the database, not parameters defined in individual programs. 03-281 System 03.10.01 The system shall be able to accommodate growth Software Design through the addition of processors, memory, disk Characteristics drives, peripherals, Remote Terminal Unit (RTUs), and communication channels without having to modify its software. 03-282 System 03.10.01 All software shall be designed with sufficient Software Design modularity to minimize the time and complexity Characteristics involved in making a change to any program. 03-283 System 03.10.01 The modularity should include the separation of Software Design hardware interface modules from other software Characteristics modules. 03-284 System 03.10.01 The modularity shall optimize the use of main Software Design memory and utilize the protect features of the Characteristics main and disk memory 03-285 System 03.10.01 Logic and data shall be separated into distinct Software Design modules. Characteristics 03-286 System 03.10.01 Communication among programs for data or Software Design program control shall be symbolic rather than Characteristics absolute so that a given program is an essentially independent unit. 03-287 System 03.10.01 IPC requires that re-dimensioning of the database Software Design (e.g., addition of electrical network elements, data Characteristics points, etc.) can occur without re-compilation of source code or system modules. The Vendor shall describe the procedures and any existing limitations for re-dimensioning its database 1351 Business Requirements Idaho Power TOC Req ID Solution Area Category Description 03-288 System 03.10.01 The Vendor support shall not be necessary to Software Design modify logic or data within the parameters defined Characteristics for the ultimate system sizing or the maximum capabilities of the proposed software system. 03-289 System 03.10.01 All software contracted under this specification Software Design must be installed, operating, and completely Characteristics documented in final form, including all standard software changes and field changes initiated by the Vendor and its suppliers, prior to acceptance of the system by IPC. 03-291 System 03.10.01 New versions of software shall be well Software Design documented and indicate which system files have Characteristics been changed since the last software release. 03-292 System 03.10.01 A complete list of all third party software used in Software Design the system shall be provided with the proposal. Characteristics 03-293 System 03.10.01 The vendor shall monitor, test, and certify that Software Design new versions of third party software work with Characteristics each version of their system. 03-294 System 03.10.01 Testing of new versions of third party software Software Design shall be performed monthly with the results being Characteristics made available to IPC. 17-039 Training 17.03 Training Course material provided by the Vendor shall be Materials traceable to the system's functionality being implemented at IPC. DATA DEFINITIONS Names of things (business objects), and their attributes. PROPOSED OBJECT NAME FORMAT DESCRIPTION SOURCE ELEMENT NAME ELEMENT NAME 136 Page Idaho Power Business Requirements ELEMENT NAME ELEMENT NAME ELEMENT NAME CRUD Matrix—Information that the system will create, read, update, and/or delete. Object Process Element Name Element Name Element Name Element Name Process Name Process Name Process Name INTERFACES Getting information from or giving information to something,connecting with something. Four types: user interface, hardware, software, communication. Include any data migration or archiving that will need to be performed. A separate interface specification document will be prepared for each interface. Proposed Source or Interface Priority Destination Reference IF-1 IF-2 I F-3 I .� REPORTS Identify and describe any reports that will be developed as part of the solution. Use appropriate level of detail for parameters(prompts), record selection, and expected results;may also include whether scheduled or ad hoc. A separate report specification document will be prepared for each report. Description Priority I Parameters Distribution RPT-1 BAAL quarterly uptime reports,year to date RPT-2 CPS 1 RPT-3 Load Forecast goes out daily via csv through interface RPT-4 Loadshed log, use for compliance/audit 1371Page Business Requirements Idaho Power Description Priority Parameters Distribution RPT-5 FEP logs RPT-6 Log if model update successful or not RPT-7 Possible future report for model change log (currently send out release notes of model changes day before model push) RPT-8 State Estimator availability RPT-9 Tie line and Schedules availability RPT-10 SPLUNK report: Hourly summary of bad quality RPT-11 SPLUNK report: Reasonability limits ' RPT-12 SPLUNK report:Violations RPT-13 SPLUNK report: Bad calculations RPT-14 SPLUNK report: CSS (control sequence scheduler) sequences are in error/calc RPT-15 SPLUNK report: Alerts if critical services have stopped RPT-16 SPLUNK report: ICCP alerts RPT-17 SPLUNK report: Orphaned Tags RPT-18 SPLUNK report: Permits failure i RPT-19 SPLUNK report: RTU status, also sends SCADA alarm if goes off RPT-20 SPLUNK report: Reporting ACE System Percentage Uptime (quarterly/year-to-date)—BAL-005 R5 138 Page Idaho Power Business Requirements APPROVALS By signing this document, the business lead signifies that the appropriate requirements for the project have been defined, and that stakeholder needs have been adequately represented. Agreed upon deliverables are defined in the Project Plan and subject to sponsor approval, project scope, and resources. If a Technology Portfolio Project, please send a signed copy to the PMO. Lead Analyst Date Business Lead Date 1391Page Business Requirements Idaho Power APPENDIX Revision History DATE VERSION AUTHOR SECTION CHANGE SUMMARY Glossary A glossary of Business Analysis terminology can be found on the Business Analysis Competency Center(BACC) SharePoint. Click link to glossary: BA Glossary. In addition, add project definitions below. TERM DEFINITION Activity Diagram Process Name E v N L O V Q 1401Page Idaho Power Business Requirements E v +1 T N L V a E Y T N L O 4, u a E v 41 T N L V a E Y T N L O 4, u a Process Name E v 41 T N L 0 Y V a E W 41 H T N L 0 Y a 141 Business Requirements Idaho Power 41 v a L V a L O Y 41 a 1= v a L V a 142 Page