This part of IEC 62351 specifies how to provide confidentiality, integrity protection and message level authentication for SCADA and telecontrol protocols that make use of TCP/IP as a message transport layer when cyber-security is required. Although there are many possible solutions to secure TCP/IP, the particular scope of this part is to provide security between communicating entities at either end of TCP/IP connection within the end communicating entities. The use and specification of intervening external security devices (for example "bump-in-the-fire") are considered out-of-scope. This part of IEC 62351 specifies how to secure TCP/IP-based protocols through constraints on the specification of the messages, procedures, and algorithms of Transport Layser Security (TLS) (defined in RFC 5246) so that they are applicable to the telecontrol environment of the IEC. TLS is applied to protect the TCP communication. It is intended that this standard be referenced as a normative part of other IEC standards that have the need for providing security for their TCP/IP-based protocol. However, it is up to the individual protocol security initiatives to decide if this standard is to be referenced. The responsible body is DKE/K 952 "Netzleittechnik" ("Network control technology") of the DKE (German Commission for Electrical, Electronic and Information Technologies) at DIN and VDE.