Based on the tasks and use cases of a smart gateway administrator, TR-03109-6 defines assets in need of protection, describes the security objectives to be considered, and offers an assessment of the potential threats and risks at hand. This information is used to derive a minimum set of measures that are suitable for factoring in and minimising the threats and risks identified.

Implementation of the defined minimum requirements can be documented through ISO 27001 certification on the basis of IT-Grundschutz or certification in accordance with ISO/IEC 27001.

In the framework of the IT-Grundschutz approach, the BSI serves as the certification body. In the second approach (certification of an ISMS in line with ISO/IEC 27001), certification bodies are involved that are accredited for ISMS in accordance with ISO/IEC 27006 by Germany's national accreditation body (DAkkS). The TR-03109-6 conformity of the operations carried out by smart meter gateway administrators must always be confirmed by corresponding certification.

Status

The current version of Technical Guideline TR-03109-6 is available here:

BSI TR-03109-6

BSI-TR-03109-6: Smart-Meter-Gateway-Administration, Version 1.0