iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
CEN

FprEN 18031-1

(Main)

Common security requirements for radio equipment - Part 1: Internet connected radio equipment

Common security requirements for radio equipment - Part 1: Internet connected radio equipment

This document specifies common security requirements for internet-connected radio equipment. This document provides technical specifications for radio equipment, which concerns electrical or electronic products that are capable to communicate over the internet, regardless of whether these products communicate directly or via any other equipment.

Gemeinsame Sicherheitsanforderungen für Funkanlagen - Teil 1: Funkanlagen mit Internetanschluss

Exigences de sécurité communes applicables aux équipements radioélectriques - Partie 1 : Équipements radioélectriques connectés à l'internet

Le présent document spécifie des exigences de sécurité communes applicables aux équipements radioélectriques connectés à l'internet. Le présent document fournit des spécifications techniques pour les équipements radioélectriques, qui portent sur les produits électriques ou électroniques capables de communiquer via l'internet, que ces produits communiquent directement ou par l'intermédiaire d'un autre équipement.

Splošne varnostne zahteve za radijsko opremo - 1. del: Radijska oprema, povezana z internetom

General Information

Status
Not Published
Publication Date
21-Aug-2024
ICS
33.060.20 - Receiving and transmitting equipment
35.030 - IT Security
Technical Committee
CEN/CLC/TC 13 - Cybersecurity and Data Protection
Drafting Committee
CEN/CLC/JTC 13/WG 8 - Special Working Group RED Standardization Request
Current Stage
5060 - Closure of Vote - Formal Approval
Start Date
27-Jun-2024
Due Date
04-Mar-2024
Completion Date
27-Jun-2024
Directive
2014/53/EU - Directive 2014/53/EU of The European Parliament and of the Council of 16 April 2014 on the harmonisation of the laws of the Member States relating to the making available on the market of radio equipment and repealing Directive 1999/5/EC
Mandate
M/585 - standardisation request to the European Telecommunications Standards Institute as regards radio equipment in support of Directive 2014/53/EU of the European Parliament and of the Council in conjunction with Commission Delegated Regulation
Ref Project
kSIST FprEN 18031-1:2024 - Common security requirements for radio equipment - Part 1: Internet connected radio equipment

Buy Standard

prEN 18031-1:2023 - BARVEprEN 18031-1:2023 - BARVE
PreviousNext
Draft
prEN 18031-1:2023 - BARVE
English language
123 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


SLOVENSKI STANDARD
oSIST prEN 18031-1:2023
01-november-2023
Splošne varnostne zahteve za radijsko opremo - 1. del: Radijska oprema,
povezana z internetom
Common security requirements for radio equipment - Part 1: Internet connected radio
equipment
Gemeinsame Sicherheitsanforderungen für mit dem Internet verbundene Funkanlagen
Exigences de sécurité communes applicables aux équipements radioélectriques
connectés à linternet
Ta slovenski standard je istoveten z: prEN 18031-1
ICS:
33.060.01 Radijske komunikacije na Radiocommunications in
splošno general
oSIST prEN 18031-1:2023 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

oSIST prEN 18031-1:2023
oSIST prEN 18031-1:2023
EUROPEAN STANDARD DRAFT
prEN 18031-1
NORME EUROPÉENNE
EUROPÄISCHE NORM
August 2023
ICS
English version
Common security requirements for radio equipment - Part
1: Internet connected radio equipment
Exigences de sécurité communes applicables aux Gemeinsame Sicherheitsanforderungen für mit dem
équipements radioélectriques connectés à l¿internet Internet verbundene Funkanlagen
This draft European Standard is submitted to CEN members for enquiry. It has been drawn up by the Technical Committee
CEN/CLC/JTC 13.
If this draft becomes a European Standard, CEN and CENELEC members are bound to comply with the CEN/CENELEC Internal
Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any
alteration.
This draft European Standard was established by CEN and CENELEC in three official versions (English, French, German). A
version in any other language made by translation under the responsibility of a CEN and CENELEC member into its own language
and notified to the CEN-CENELEC Management Centre has the same status as the official versions.

CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium,
Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia,
Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and United Kingdom.

Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of which they are
aware and to provide supporting documentation.Recipients of this draft are invited to submit, with their comments, notification
of any relevant patent rights of which they are aware and to provide supporting documentation.

Warning : This document is not a European Standard. It is distributed for review and comments. It is subject to change without
notice and shall not be referred to as a European Standard.

CEN-CENELEC Management Centre:
Rue de la Science 23, B-1040 Brussels
© 2023 CEN/CENELEC All rights of exploitation in any form and by any means
Ref. No. prEN 18031-1:2023 E
reserved worldwide for CEN national Members and for
CENELEC Members.
oSIST prEN 18031-1:2023
prEN 18031-1:2023 (E)
16 Contents Page
18 European foreword . 4
19 Introduction . 5
20 1 Scope . 6
21 2 Normative references . 6
22 3 Terms and definitions . 6
23 4 Application of this standard . 10
24 5 Requirements . 12
25 5.1 [ACM] Access control mechanism . 12
26 5.1.1 [ACM-1] Applicability of access control mechanisms . 12
27 5.1.2 [ACM-2] Appropriate access control mechanisms . 15
28 5.2 [AUM] Authentication mechanism . 19
29 5.2.1 [AUM-1] Applicability of authentication mechanisms for external interfaces . 19
30 5.2.2 [AUM-2] Appropriate authentication mechanisms for external interfaces . 25
31 5.2.3 [AUM-3] Authenticator validation . 28
32 5.2.4 [AUM-4] Changing authenticators. 31
33 5.2.5 [AUM-5] Preventing static and default values . 35
34 5.2.6 [AUM-6] Brute force protection . 38
35 5.3 [SUM] Secure update mechanism . 42
36 5.3.1 [SUM-1] Applicability of update mechanisms. 42
37 5.3.2 [SUM-2] Secure updates . 45
38 5.3.3 [SUM-3] Automated updates . 49
39 5.4 [SSM] Secure storage Mechanism . 52
40 5.4.1 [SSM-1] Applicability of secure storage mechanisms . 52
41 5.4.2 [SSM-2] Appropriate integrity protection for secure storage mechanisms . 55
42 5.4.3 [SSM-3] Appropriate confidentiality protection for secure storage mechanisms . 58
43 5.5 [SCM] Secure communication mechanism . 61
44 5.5.1 [SCM-1] Applicability of secure communication mechanisms . 61
45 5.5.2 [SCM-2] Appropriate integrity and authenticity protection for secure communication
46 mechanisms . 65
47 5.5.3 [SCM-3] Appropriate confidentiality protection for secure communication
48 mechanisms . 68
49 5.5.4 [SCM-4] Appropriate replay protection for secure communication mechanisms . 72
50 5.6 [RLM] Resilience mechanism. 76
51 5.6.1 [RLM-1] Applicability of resilience mechanisms . 76
52 5.7 [NMM] Network monitoring mechanism . 80
53 5.7.1 [NMM-1] Applicability of and appropriate network monitoring mechanisms . 80
54 5.8 [TCM] Traffic control mechanism . 83
55 5.8.1 [TCM-1] Applicability of and appropriate traffic control mechanisms . 83
56 5.9 [CCK] Confidential cryptographic keys . 86
57 5.9.1 [CCK-1] Appropriate Confidential cryptographic keys (CCKs) . 86
58 5.9.2 [CCK-2] Confidential cryptographic key generation mechanisms . 89
59 5.9.3 [CCK-3] No hard-coded confidential cryptographic keys . 91
60 5.9.4 [CCK-4] Preventing static default values for confidential cryptographic keys. 93
oSIST prEN 18031-1:2023
prEN 18031-1:2023 (E)
61 5.10 [GEC] General equipment capabilities . 97
62 5.10.1 [GEC-1] Up-to-date software and hardware with no publicly known exploitable
63 vulnerabilities . 97
64 5.10.2 [GEC-2] Limit exposure of services via related network interfaces . 99
65 5.10.3 [GEC-3] Configuration of optional services and the related exposed network
66 interfaces . 102
67 5.10.4 [GEC-4] Documentation of exposed services via network interfaces . 104
68 5.10.5 [GEC-5] No unnecessary external interfaces . 106
69 5.10.6 [GEC-7] Input validation . 108
70 5.11 [CRY] Cryptography . 113
71 5.11.1 [CRY-1] Best practice Cryptography . 113
72 Annex A (informative) Rationale . 117
73 A.1 General . 117
74 A.2 Rationale . 117
75 A.2.1 Family of standards . 117
76 A.2.2 Security by design . 117
77 A.2.3 Assets . 117
78 A.2.4 Mechanisms . 118
79 A.2.5 Assessment criteria . 118
80 A.2.5.1 Decision trees . 119
81 A.2.5.2 Technical documentation . 119
82 A.2.5.3 Security testing . 121
83 A.2.6 Security parameters . 121
84 Annex ZA (informative) . 122
85 Table ZA.1 — Correspondence between this European Standard and Directive 2014/53/EU
86 [OJ L 153] . 122
87 Bibliography . 123
oSIST prEN 18031-1:2023
prEN 18031-1:2023 (E)
91 European foreword
92 This document (prEN 18031-1:2023) has been prepared by Technical Committee CEN/CENELEC JTC
93 13/WG 8 “Special Working Group RED Standardization Request”, the secretariat of which is held by NEN.
94 This document is currently submitted to the CEN Enquiry.
95 This document has been prepared under a mandate given to CEN/CENELEC by the European Commission
96 and the European Free Trade Association and supports essential requirements of EU Directive(s) /
97 Regulation(s).
98 For relationship with EU Directive(s) / Regulation(s), see informative Annex ZA, which is an integral part
99 of this document.
oSIST prEN 18031-1:2023
prEN 18031-1:2023 (E)
100 Introduction
101 It is important to note that in order to achieve the overall cybersecurity of radio equipment, defence in
102 depth best practices will be needed. In particular, no one single measure will suffice to achieve the given
103 objectives, indeed achieving even a single security objective will usually require a suite of mechanisms
104 and measures. Throughout this document, the guidance material includes lists of examples. These lists
105 must be read only as indicative possibilities: there are other possibilities that are not listed, and even
106 using the examples given will not be sufficient unless the mechanisms and measures chosen are
107 implemented in a coordinated fashion.
oSIST prEN 18031-1:2023
prEN 18031-1:2023 (E)
108 1 Scope
109 This document specifies common security requirements for internet-connected radio equipment. This
110 document provides technical specifications for radio equipment, which concerns electrical or electronic
111 products that are capa
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

CEN
FprEN 18031-2(Main)
Common security requirements for radio equipment - Part 2: radio equipment processing data, namely Internet connected radio equipment, childcare radio equipment, toys radio equipment and wearable radio equipment
kSIST FprEN 18031-2:2024

Common security requirements for radio equipment processing personal data or traffic data or location data being either internet connected radio equipment, radio equipment designed or intended exclusively for childcare; toys and wearable radio equipment. The standard provides technical specifications for radio equipment processing personal data, traffic data or location data, which concerns electrical or electronic products that are capable to communicate over the internet, regardless of whether these products communicate directly or via any other equipment, childcare, toys or wearable radio equipment.
The scope does not apply to 5G network equipment used by providers of public electronic communications networks and publicly available electronic communications services within the meaning of in Directive (EU) 2018/1972 of the European Parliament and of the Council as defined in that Regulation.

  • Draft
    156 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
FprEN 18031-3(Main)
Common security requirements for radio equipment - Part 3: Internet connected radio equipment processing virtual money or monetary value
kSIST FprEN 18031-3:2024

Common security requirements for internet connected radio equipment that equipment enables the holder or user to transfer money, monetary value or virtual currency. This document provides technical specifications for radio equipment processing virtual money or monetary value, which apply to electrical or electronic products that are capable to communicate over the internet, regardless of whether these products communicate directly or via any other equipment.

  • Draft
    127 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
FprEN 18031-2(Main)
Common security requirements for radio equipment - Part 2: radio equipment processing data, namely Internet connected radio equipment, childcare radio equipment, toys radio equipment and wearable radio equipment
kSIST FprEN 18031-2:2024

Common security requirements for radio equipment processing personal data or traffic data or location data being either internet connected radio equipment, radio equipment designed or intended exclusively for childcare; toys and wearable radio equipment. The standard provides technical specifications for radio equipment processing personal data, traffic data or location data, which concerns electrical or electronic products that are capable to communicate over the internet, regardless of whether these products communicate directly or via any other equipment, childcare, toys or wearable radio equipment.
The scope does not apply to 5G network equipment used by providers of public electronic communications networks and publicly available electronic communications services within the meaning of in Directive (EU) 2018/1972 of the European Parliament and of the Council as defined in that Regulation.

  • Draft
    156 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
FprEN 18031-3(Main)
Common security requirements for radio equipment - Part 3: Internet connected radio equipment processing virtual money or monetary value
kSIST FprEN 18031-3:2024

Common security requirements for internet connected radio equipment that equipment enables the holder or user to transfer money, monetary value or virtual currency. This document provides technical specifications for radio equipment processing virtual money or monetary value, which apply to electrical or electronic products that are capable to communicate over the internet, regardless of whether these products communicate directly or via any other equipment.

  • Draft
    127 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 14717:2024(Main)
Welding and allied processes - Environmental check list
kSIST FprEN 14717:2024

This document provides check lists for the assessment of the environmental aspects of welding fabrication of metallic materials including site and repair work. Informative annexes indicate recommended actions for avoiding and reducing the possible environmental impacts outside the workshop.

  • Draft
    17 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 17099:2024(Main)
Radiological protection - Performance criteria for laboratories using the cytokinesis-block micronucleus (CBMN) assay in peripheral blood lymphocytes for biological dosimetry (ISO 17099:2024)
kSIST FprEN ISO 17099:2024

This document gives guidance on
a)       confidentiality of personal information for the customer and the laboratory,
b)       laboratory safety requirements,
c)        calibration sources and calibration dose ranges useful for establishing the reference dose-response curves that contribute to the dose estimation from CBMN assay yields and the detection limit,
d)       performance of blood collection, culturing, harvesting, and sample preparation for CBMN assay scoring,
e)       scoring criteria,
f)         conversion of micronucleus frequency in BNCs into an estimate of absorbed dose,
g)       reporting of results,
h)       quality assurance and quality control, and
i)         informative annexes containing sample instructions for customers, sample questionnaire, a microscope scoring data sheet, and a sample report.
This document excludes methods for automated scoring of CBMN.

  • Draft
    44 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 4766:2024(Main)
Fasteners - Slotted set screws with flat point (ISO 4766:2024)
kSIST FprEN ISO 4766:2024

This document specifies the characteristics of slotted set screws with flat point, in steel and stainless steel, with metric coarse pitch threads M1,2 to M12, and with product grade A.
If in certain cases other specifications are requested, hardness classes and stainless steel grades can be selected from ISO 898-5 or ISO 3506-3, and dimensional options from ISO 888, ISO 965-1 or ISO 4753.

  • Draft
    9 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 17970:2024(Main)
Ductile iron pipes - Push-in joints for ductile iron pipe systems - Resistance against root penetration - Requirements and test methods
kSIST FprEN 17970:2024

This document is applicable to diffusion-tight pipes, accessories and fittings in ductile cast iron to EN 598 and to cast iron pipe systems.
The document gives requirements on the contact pressure based on a risk assessment and gives a test method that simulates the penetration of a root tip into the sealing gap.

  • Draft
    10 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 13506-1:2024(Main)
Protective clothing against heat and flame - Part 1: Test method for complete garments - Measurement of transferred energy using an instrumented manikin (ISO 13506-1:2024)
kSIST FprEN ISO 13506-1:2024

This document specifies the overall requirements, equipment and calculation methods to provide results that can be used for evaluating the performance of complete garments or protective clothing ensembles exposed to short duration flame engulfment.
This test method establishes a rating system to characterize the thermal protection provided by single-layer and multi-layer garments made of flame resistant materials. The rating is based on the measurement of heat transfer to a full-size manikin exposed to convective and radiant energy in a laboratory simulation of a fire with controlled heat flux, duration and flame distribution. The heat transfer data is summed over a prescribed time to give the total transferred energy. Transferred energy and thermal manikin protection factor (TMPF) assessment methods provide a means to quantify product performance.
The exposure heat flux is limited to a nominal level of 84 kW/m2 and durations of 3 s to 20 s dependant on the risk assessment and expectations from the thermal insulating capability of the garment.
The results obtained apply only to the particular garments or ensembles, as tested, and for the specified conditions of each test, particularly with respect to the heat flux, duration and flame distribution.
This test method covers visual evaluation, observation, inspection and documentation on the overall behaviour of the test specimen(s) before, during and after the exposure. The effects of body position and movement are not addressed in this test method.
The heat flux measurements can also be used to calculate the predicted skin burn injury resulting from the exposure (see ISO 13506-2).
This test method does not simulate high radiant exposures such as those found in arc flash exposures, some types of fire exposures where liquid or solid fuels are involved, nor exposure to nuclear explosions.
NOTE            This test method is complex and requires a high degree of technical expertise in both the test setup and operation. Even minor deviations from the instructions in this test method can lead to significantly different test results.

  • Draft
    51 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 16976:2024(Main)
Ambient air - Determination of the particle number concentration of atmospheric aerosol
kSIST FprEN 16976:2024

This document specifies a standard method for determining the particle number concentration in ambient air in a range up to about 107 cm–3 for averaging times equal to or larger than 1 min. The standard method is based on a Condensation Particle Counter (CPC) operated in the counting mode and an appropriate dilution system for concentrations exceeding the counting mode range. It also defines the performance characteristics and the minimum requirements of the instruments to be used. The lower and upper sizes considered within this document are 10 nm and a few micrometres, respectively. This document gives guidance on sampling, operation, data processing and QA/QC procedures including calibration parameters.

  • Draft
    53 pages
    English language
    sale 10% off
    e-Library read for
    1 day