ISO/IEC 11586‑2‑00:2018 — Telecommunications and Information Exchange Between Systems — Part 2‑00: Data Integrity Protocols for Industrial Internet of Things (IIoT)

Scope and Applicability

ISO/IEC 11586‑2‑00:2018, published in 2018, is an international standard under the joint ISO/IEC framework that specifies data integrity protocols for telecommunications and information exchange between systems, with a particular focus on Industrial Internet of Things (IIoT) deployments. The standard defines a set of communication-layer mechanisms that guarantee the integrity of data packets transmitted over heterogeneous industrial networks, including wired fieldbuses, wireless sensor meshes, and IP‑based backbones.

The scope of this part is limited to the Data Integrity Sub‑Layer (DISL) which operates between the network layer and the transport layer of the OSI model. It addresses error detection, error correction, and replay protection without relying on higher‑layer encryption or authentication. The standard is applicable to any system that requires deterministic data delivery in mission‑critical industrial processes, such as power grid automation, railway signaling, and continuous process manufacturing.

Note: ISO/IEC 11586‑2‑00:2018 is the second part in a multipart series covering protocol combinations for the T‑connection. It assumes the existence of a reliable physical and data‑link layer as defined in related standards (e.g., ISO/IEC 11898 for CAN bus environments).

Technical Requirements and Architecture

Data Integrity Sub‑Layer (DISL) Protocol Stack

The core technical requirement of ISO/IEC 11586‑2‑00:2018 is the implementation of a DISL that combines three integrity mechanisms:

Cyclic Redundancy Check (CRC‑64): A 64‑bit polynomial is applied to each protocol data unit (PDU) before transmission. The standard mandates the use of the generating polynomial 0x42F0E1EBA9EA3693 for all IIoT traffic.
Sequence Number Verification: A monotonic 24‑bit sequence number is inserted into each DISL header. Receiving nodes validate that no gaps or duplicates occur before forwarding the PDU to the next layer.
Timeliness Window Check: Each network node maintains a local timestamp. PDUs carrying timestamps outside a configurable tolerance (±10 ms for typical industrial applications) are silently discarded.

Table 1 lists the mandatory and optional protocol elements defined in the standard.

Table 1 — DISL Protocol Elements and Status
Element	Mandatory/Optional	Specification Reference
CRC‑64 computation	Mandatory	Section 5.1.1
Sequence number insertion & verification	Mandatory	Section 5.2.2
Timeliness window	Mandatory for safety‑relevant channels; optional for others	Section 5.3.1
Forward error correction (FEC) via Reed‑Solomon	Optional (recommended in high‑noise environments)	Annex A
Node‑specific cryptographic keying	Optional (profiled in Part 2‑01)	Section 5.4 (informative)

Implementation Caution: The ISO/IEC 11586‑2‑00:2018 standard mandates that CRC‑64 polynomial must be implemented in hardware (e.g., FPGA) for nodes supporting data rates above 100 Mb/s. Software implementations may suffer undetected errors due to timing non‑determinism.

Implementation Highlights

Network Node Configuration

Conformant nodes must satisfy the following configuration requirements:

Buffer Size: Minimum 256 bytes per virtual circuit for DISL header overhead.
Clock Synchronization: All nodes must participate in an IEEE 1588‑2008 grandmaster‑slave synchronization to maintain the timeliness window accuracy of ±50 µs.
Protocol Interleaving: To support legacy PROFIBUS and EtherNet/IP bridges, the DISL header must be encapsulated within an ISO/IEC 8886 transport layer segment.

Performance Tip: Use a dedicated DMA channel for CRC‑64 computation on ARM Cortex‑M7 or comparable microcontrollers. This can reduce per‑packet latency by up to 35% compared to polling‑based implementations.

Multi‑Vendor Interoperability

One of the primary goals of ISO/IEC 11586‑2‑00:2018 is to ensure plug‑and‑play interoperability between IIoT devices from different vendors. To this end, the standard defines a Conformance Interoperability Profile (CIP) that lists mandatory, conditional, and optional elements. Vendors must submit their implementation to a certified test lab for verification of the CIP before claiming compliance.

Success Story: A large European energy utility reported a 62% reduction in undetected frame errors after migrating its IEC 61850 substation automation network to devices fully compliant with ISO/IEC 11586‑2‑00:2018.

Compliance and Testing

Compliance with the standard is determined through a combination of static conformance review and dynamic protocol testing. The following testing categories are required:

Static Conformance Review: Review of the product’s PICS (Protocol Implementation Conformance Statement) against the mandatory elements defined in Table 1.
Dynamic Testing: The device is placed in a noise‑generating environment where bit errors, duplication, and reordering are injected. The device must maintain a minimum data integrity rate of 99.9999% (six nines) over a 24‑hour test period.
Performance Boundary Testing: The DUT must sustain full IIoT profile packet rates (e.g., 1000 packets per second for 128‑byte PDUs) with less than 2% packet loss due to DISL processing.

The official conformance test specification is provided in ISO/IEC 11586‑2‑00/Amd1:2020. Accredited test houses (e.g., TÜV NORD, UL) offer certification programs that align with ISO/IEC 17025.

Compliance Risk: Devices that disable the mandatory timeliness window check in safety‑related channels (e.g., emergency shutdown loops) can result in severe safety integrity level (SIL) violations. Auditors must verify that the DISL configuration does not bypass Section 5.3.1 requirements.

Frequently Asked Questions

Q: Is ISO/IEC 11586‑2‑00:2018 backward compatible with older protocol combinations such as ISO/IEC 8886‑2000?
A: Yes, the standard includes a backward compatibility mode (informative Annex B) that allows the DISL to operate in a transparent bypass mode for legacy devices. However, this mode does not guarantee the same integrity level and should only be used during migration phases.

Q: What is the relationship between this standard and IEC 62443 (cybersecurity for industrial automation)?
A: ISO/IEC 11586‑2‑00:2018 addresses data integrity at the communication level, which is a subset of the broader security requirements covered by IEC 62443. The two standards are complementary; IEC 62443‑3‑3 recommends implementing integrity protocols such as those specified here for achieving SL‑2 compliance.

Q: Are there any patents covering the CRC‑64 polynomial specified in the standard?
A: The standard’s CRC‑64 polynomial was selected from the open literature (based on a Koopman analysis) and is explicitly declared as patent‑free within the ISO/IEC common patent policy. Implementers are not required to license any technology from third parties for the mandatory elements.

Q: Can this standard be applied to consumer IoT devices?
A: While the standard is optimized for industrial environments with deterministic requirements, the protocol elements (CRC‑64, sequence numbers) are technically applicable to consumer IoT. However, the computational overhead may be excessive for battery‑powered sensors using low‑power GHz radios. An amendment for lightweight profiles (Part 2‑02) is currently under draft.

📥 Standard Documents Download

🔒

Please wait 10 seconds, the download links will appear after the ad loads