Title 49

SECTION 214.322

214.322 Exclusive track occupancy, electronic display.

§ 214.322 Exclusive track occupancy, electronic display.

(a) While it is in effect, all the contents of an authority electronically displayed shall be readily viewable by the roadway worker in charge that is using the authority to provide on-track safety for a roadway work group.

(b) If the electronic display device malfunctions, fails, or cannot display an authority while it is in effect, the roadway worker in charge shall either obtain a written or printed copy of the authority in accordance with § 214.321 (except that on-track roadway maintenance machine and hi-rail movements must stop) or establish another form of on-track safety without delay. In the event that a written or printed copy of the authority cannot be obtained or another form of on-track safety cannot be established after failure of an electronic display device, the roadway worker in charge shall instruct all roadway workers to stop work and occupy a place of safety and conduct an on-track safety job briefing to determine the safe course of action with the roadway work group.

(c) All authorized users of an electronic display system shall be uniquely identified to support individual accountability. A user may be a person, a process, or some other system that accesses or attempts to access an electronic display system to perform tasks or process an authority.

(d) All authorized users of an electronic display system must be authenticated prior to being granted access to such system. The system shall ensure the confidentiality and integrity of all internally stored authentication data and protect it from access by unauthorized users. The authentication scheme shall utilize algorithms approved by the National Institute of Standards and Technology (NIST), or any similarly recognized and FRA approved standards body.

(e) The integrity of all data must be ensured during transmission/reception, processing, and storage. All new electronic display systems implemented on or after July 1, 2017 shall utilize a Message Authentication Code (MAC) to ensure that all data is error free. The MAC shall utilize algorithms approved by NIST, or any similarly recognized and FRA approved standards body. Systems implemented prior to July 1, 2017 may utilize a Cyclical Redundancy Code (CRC) to ensure that all data is error free provided:

(1) The collision rate for the CRC check utilized shall be less than or equal to 1 in 2 32. Systems implemented prior to July 1, 2017 that do not utilize a CRC with a collision rate less than or equal to 1 in 2 32 must be retired or updated to utilize a MAC no later than July 1, 2018.

(2) MAC and CRC checks shall only be used to verify the accuracy of an electronic authority data message and shall not be used in an error correction reconstruction of the data. An authority must fail if the MAC or CRC checks do not match.

(f) Authorities transmitted to each electronic display device shall be retained in the device's non-volatile memory for not less than 72 hours.

(g) If any electronic display device used to obtain an authority is involved in an accident/incident that is required to be reported to FRA under part 225 of this chapter, the railroad or employer that was using the device at the time of the accident shall, to the extent possible, and to the extent consistent with the safety of life and property, preserve the data recorded by each such device for analysis by FRA. This preservation requirement permits the railroad or employer to extract and analyze such data, provided the original downloaded data file, or an unanalyzed exact copy of it, shall be retained in secure custody and shall not be utilized for analysis or any other purpose except by direction of FRA or the National Transportation Safety Board. This preservation requirement shall expire one (1) year after the date of the accident unless FRA or the National Transportation Safety Board notifies the railroad in writing that the data are desired for analysis.

(h) New electronic display systems implemented on or after July 1, 2017 shall provide Level 3 assurance as defined by NIST Special Publication 800-63-2, Electronic Authentication Guideline, “Computer Security,” August 2013. Systems implemented prior to July 1, 2017 shall provide Level 2 assurance. Systems implemented prior to July 1, 2017 that do not provide Level 2 or higher assurance must be retired, or updated to provide Level 2 assurance, no later than July 1, 2018. The incorporation by reference of this NIST Special Publication was approved by the Director of the Federal Register in accordance with 5 U.S.C. 552(a) and 1 CFR part 51. You may obtain a copy of the incorporated document from the National Institute of Standards and Technology, 100 Bureau Drive, Stop 8930, Gaithersburg, MD 20899-8930, http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63-2.pdf. You may inspect a copy of the document at the Federal Railroad Administration, Docket Clerk, 1200 New Jersey Avenue SE., Washington, DC, or at the National Archives and Records Administration (NARA). For information on the availability of this material at NARA, call (202) 741-6030, or go to: http://www.archives.gov/federal_register/code_of_federal_regulations/ibr_locations.html.

[81 FR 37888, June 10, 2016]