Yes (but see constraint in Table 220.127.116.11, check 1.3)
Protection Against Replay Required?
The Protection Against Replay mechanisms for Update Security Credentials are specified in Section 13.3. The Protection Against Replay mechanisms of other sections of the GBCS do not apply.
SEC User Gateway Services Schedule (Service Request) Reference
6.15, 6.23, 8.5, 6.21
Valid Target Device(s)
ESME / GSME / GPF / CHF / HCALCS / PPMID
Valid Business Originator role(s) for Command invocation (and so, for DLMS COSEM Commands, which Application Association is to be used for delivery of the Command to the Device) [Remote Party Messages Only]