50 likes | 70 Views
TDTWG Review of RMGRR042 Data Transport. TDTWG Analysis. TDTWG has reviewed the three data transport options included in RMGRR042. To ensure the most successful implementation of an option, TDTWG has defined minimum technical requirements
E N D
TDTWG Analysis • TDTWG has reviewed the three data transport options included in RMGRR042. • To ensure the most successful implementation of an option, TDTWG has defined minimum technical requirements • While some technical requirements are being provided for each option, certain options may carry risk which may not be mitigated within the technical requirements • This information should not be interpreted as TDTWG’s endorsement of all three options
NAESB EDM v1.6 • Scope: NAESB EDM v1.6 • See: NAESB EDM v1.6 Standards • Update: TDTWG NAESB EDM v1.6 • Use of FF content type • Use of payload mime content header Application/EDI-Consent • Create test scripts, Market certification
Secure FTP • Define standards for design, test, certification and implementation for ERCOT server side • Market Interoperability and implementation guidelines and testing • Dedicated Redundant Production Servers • Test and Certification Environments • Implement Processes for maintenance, Real-time monitoring & log management • Disaster recovery • Implement Receipt Acknowledgement (note: outside of the SFTP protocol) • SSH v2 protocol only SFTP Extensions to SSH protocol (no SCP) • SSH key for authentication (no static passwords) • Dedicated identity management process for SSH: • User Create/Update/Delete • Key management – create, expire, revoke • Identity/credential verification and audit • Define data expiration in queue (inbound, outbound) • Payload encryption process development (pgp vs gpg) • Deterministic audit plan for both market and internal audits • Defined availability requirements that can accommodate regular maintenance • Identify support resources to handle outages, interruptions, incidents, and maintenance • Regular external security assessments
CD • CD or DVD ROM Not RW • Payload must be encrypted: Payload encryption process development (pgp vs gpg) • Ship 2 (reliable delivery) • Verification of integrity of data prior to shipment and upon receipt • Validated handling procedures for receiving and transmission to processing servers • Validated destruction procedures (CD will not be returned) • Handling procedures or filing, storage before processing • Labeling process for CD • Create test scripts, Market certification