There has been recent discussion over the continued use of DNP3 Secure Authentication Version 2 (SAv2) and a transition to Version 5 (SAv5) in the WITS-DNP3 Protocol. For information about this transition, you can read a high level article on this or a more detailed discussion on the exact differences between SAv2 and SAv5.

The deprecation of SAv2 by the DNP committee and the adoption of SAv5 has raised some concerns about the availability of commercial DNP3 stack solutions with backward compatibility for SAv2. This is a concern for the WITS PSA Committee (PSAC) as it could potentially disrupt the continued support of current devices or the introduction of new devices to the market.

The WITS PSAC does not mandate the use of any particular commercial DNP3 solution, instead this is left entirely up to the vendor. However, the PSAC notes that a number of current WITS Field Device vendors have implemented the Triangle MicroWorks (TMW) DNP3 Source Code Library (DNP3 SCL) in their WITS devices. In support of those vendors and also new vendors considering using the TMW DNP3 SCL, the PSAC have been in contact with TMW to confirm the continued support of SAv2 in their current and upcoming versions of their DNP3 Source Code Libraries.

TMW indicate that as of release V3.17 of the DNP3 SCL, Secure Authentication functionality has been split from the base TMW DNP3 Source Code Library. The separate DNP3 Secure Authentication SCL package supports both SAv2 and SAv5 and will support future versions of the Secure Authentication standard as they are published. The API for the DNP3 Source Code Libraries remains unchanged as this is only a packaging change.

TMW customers with active support contracts, who have already implemented SAv2 in their devices, may receive (at no cost) the V3.17 DNP3 Secure Authentication library with the understanding that SAv5 functionality may only be utilized if a license for SAv5 is purchased.

New customers will need to procure the DNP3 SCL including the option of the DNP3 Secure Authentication SCL package.

The DNP Technical Committee recommends that all new devices that support Secure Authentication should implement SAv5 as well as SAv2 for backward compatibility. TMW has also indicated that they remain committed to the continued support of the SAv2 functionality of the library.

As a reminder of the WITS position at present, version 1.x of the protocol supports SAv2 and version 2.x supports SAv5. At present the two available Master Stations only support 1.x and hence SAv2.

Thanks to Triangle MicroWorks for reviewing this article and ensuring it is correct. If you are interested in using the TMW DNP3 SCL, please contact TMW through

Mark Davison

Terzo Digital – Member of the WITS Protocol Standards Association


January 2016