iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
CEN

FprEN 18031-2

(Main)

Common security requirements for radio equipment - Part 2: radio equipment processing data, namely Internet connected radio equipment, childcare radio equipment, toys radio equipment and wearable radio equipment

Common security requirements for radio equipment - Part 2: radio equipment processing data, namely Internet connected radio equipment, childcare radio equipment, toys radio equipment and wearable radio equipment

Common security requirements for radio equipment processing personal data or traffic data or location data being either internet connected radio equipment, radio equipment designed or intended exclusively for childcare; toys and wearable radio equipment. The standard provides technical specifications for radio equipment processing personal data, traffic data or location data, which concerns electrical or electronic products that are capable to communicate over the internet, regardless of whether these products communicate directly or via any other equipment, childcare, toys or wearable radio equipment.
The scope does not apply to 5G network equipment used by providers of public electronic communications networks and publicly available electronic communications services within the meaning of in Directive (EU) 2018/1972 of the European Parliament and of the Council as defined in that Regulation.

Gemeinsame Sicherheitsanforderungen für datenverarbeitende Funkanlagen, namentlich mit dem Internet verbundene Funkanlagen, in der Kinderbetreuung eingesetzte Funkanlagen, in Spielzeug eingesetzte Funkanlagen sowie an einem Teil des menschlichen Körpers oder an Kleidungsstücken getragene Funkanlagen

Exigences de sécurité communes applicables aux équipements radioélectriques - Partie 2 : Équipements radioélectriques qui traitent des données, à savoir les équipements radioélectriques connectés à l’internet, les équipements radioélectriques destinés à la garde d’enfants, les jouets dotés d’équipements radioélectriques et les équipements radioélectriques portables

Exigences de sécurité communes applicables aux équipements radioélectriques qui traitent des données à caractère personnel, des données liées au trafic ou des données de localisation, qu'il s'agisse d'équipements radioélectriques connectés à l'internet, d'équipements radioélectriques conçus ou destinés exclusivement à la garde d'enfants ; aux jouets et aux équipements radioélectriques portables. La norme fournit des spécifications techniques pour les équipements radioélectriques traitant des données à caractère personnel, des données liées au trafic ou des données de localisation, qui portent sur les produits électriques ou électroniques capables de communiquer via l'internet, que ces produits communiquent directement ou par l'intermédiaire d'un autre équipement, équipement radioélectrique destiné à la garde d'enfants, jouet ou équipement radioélectrique portable.
Le domaine d'application ne s'applique pas aux équipements réseau 5G utilisés par les fournisseurs des réseaux publics de communications électroniques et des services de communications électroniques accessibles au public au sens de la Directive (UE) 2018/1972 du Parlement européen et du Conseil, tels qu'ils sont définis dans ce Règlement.

Skupne varnostne zahteve za radijsko opremo - 2. del: Radijska oprema za obdelavo podatkov, in sicer radijska oprema, povezana z internetom, radijska oprema za varstvo otrok, radijska oprema za igrače in nosljiva radijska oprema

General Information

Status
Not Published
Publication Date
21-Aug-2024
ICS
33.060.20 - Receiving and transmitting equipment
35.030 - IT Security
Technical Committee
CEN/CLC/TC 13 - Cybersecurity and Data Protection
Drafting Committee
CEN/CLC/JTC 13/WG 8 - Special Working Group RED Standardization Request
Current Stage
5060 - Closure of Vote - Formal Approval
Start Date
27-Jun-2024
Due Date
04-Mar-2024
Completion Date
27-Jun-2024
Directive
2014/53/EU - Directive 2014/53/EU of The European Parliament and of the Council of 16 April 2014 on the harmonisation of the laws of the Member States relating to the making available on the market of radio equipment and repealing Directive 1999/5/EC
Mandate
M/585 - standardisation request to the European Telecommunications Standards Institute as regards radio equipment in support of Directive 2014/53/EU of the European Parliament and of the Council in conjunction with Commission Delegated Regulation
Ref Project
kSIST FprEN 18031-2:2024 - Common security requirements for radio equipment - Part 2: radio equipment processing data, namely Internet connected radio equipment, childcare radio equipment, toys radio equipment and wearable radio equipment

Buy Standard

prEN 18031-2:2023 - BARVEprEN 18031-2:2023 - BARVE
PreviousNext
Draft
prEN 18031-2:2023 - BARVE
English language
156 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


SLOVENSKI STANDARD
oSIST prEN 18031-2:2023
01-november-2023
Skupne varnostne zahteve za radijsko opremo - 2. del: Radijska oprema za
obdelavo podatkov, in sicer radijska oprema, povezana z internetom, radijska
oprema za varstvo otrok, radijska oprema za igrače in nosljiva radijska oprema
Common security requirements for radio equipment - Part 2: radio equipment processing
data, namely Internet connected radio equipment, childcare radio equipment, toys radio
equipment and wearable radio equipment
Gemeinsame Sicherheitsanforderungen für datenverarbeitende Funkanlagen,
namentlich mit dem Internet verbundene Funkanlagen, in der Kinderbetreuung
eingesetzte Funkanlagen, in Spielzeug eingesetzte Funkanlagen sowie an einem Teil
des menschlichen Körpers oder an Kleidungsstücken getragene Funkanlagen
Exigences de sécurité communes applicables aux équipements radioélectriques qui
traitent des données, à savoir les équipements radioélectriques connectés à linternet, les
équipements radioélectriques destinés à la garde denfants, les jouets dotés dune
Ta slovenski standard je istoveten z: prEN 18031-2
ICS:
33.060.01 Radijske komunikacije na Radiocommunications in
splošno general
oSIST prEN 18031-2:2023 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

oSIST prEN 18031-2:2023
oSIST prEN 18031-2:2023
EUROPEAN STANDARD DRAFT
prEN 18031-2
NORME EUROPÉENNE
EUROPÄISCHE NORM
August 2023
ICS
English version
Common security requirements for radio equipment - Part
2: radio equipment processing data, namely Internet
connected radio equipment, childcare radio equipment,
toys radio equipment and wearable radio equipment
Exigences de sécurité communes applicables aux Gemeinsame Sicherheitsanforderungen für
équipements radioélectriques qui traitent des données, datenverarbeitende Funkanlagen, namentlich mit dem
à savoir les équipements radioélectriques connectés à Internet verbundene Funkanlagen, in der
l¿internet, les équipements radioélectriques destinés à Kinderbetreuung eingesetzte Funkanlagen, in
la garde d¿enfants, les jouets dotés d¿une Spielzeug eingesetzte Funkanlagen sowie an einem Teil
des menschlichen Körpers oder an Kleidungsstücken
getragene Funkanlagen
This draft European Standard is submitted to CEN members for enquiry. It has been drawn up by the Technical Committee
CEN/CLC/JTC 13.
If this draft becomes a European Standard, CEN and CENELEC members are bound to comply with the CEN/CENELEC Internal
Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any
alteration.
This draft European Standard was established by CEN and CENELEC in three official versions (English, French, German). A
version in any other language made by translation under the responsibility of a CEN and CENELEC member into its own language
and notified to the CEN-CENELEC Management Centre has the same status as the official versions.

CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium,
Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia,
Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and United Kingdom.

Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of which they are
aware and to provide supporting documentation.Recipients of this draft are invited to submit, with their comments, notification
of any relevant patent rights of which they are aware and to provide supporting documentation.

Warning : This document is not a European Standard. It is distributed for review and comments. It is subject to change without
notice and shall not be referred to as a European Standard.

oSIST prEN 18031-2:2023
prEN 18031-2:2023 (E)
16 Contents Page
18 European foreword . 4
19 Introduction . 5
20 1 Scope . 6
21 2 Normative references . 6
22 3 Terms and definitions . 6
23 4 Application of this standard . 10
24 5 Requirements . 12
25 5.1 [ACM] Access control mechanism . 12
26 5.1.1 [ACM-1] Applicability of access control mechanisms . 12
27 5.1.2 [ACM-2] Appropriate access control mechanisms . 16
28 5.1.3 [ACM-3] Default access control for children in toys . 19
29 5.1.4 [ACM-4] Default access control to children’s privacy assets for toys and childcare
30 equipment . 23
31 5.1.5 [ACM-5] Parental/Guardian access controls for children in toys . 27
32 5.1.6 [ACM-6] Parental/Guardian access controls for children’s privacy assets in toys . 31
33 5.2 [AUM] Authentication mechanism . 35
34 5.2.1 [AUM-1] Applicability of authentication mechanisms for external interfaces . 35
35 5.2.2 [AUM-2] Appropriate authentication mechanisms for external interfaces . 42
36 5.2.3 [AUM-3] Authenticator validation . 46
37 5.2.4 [AUM-4] Changing authenticators. 49
38 5.2.5 [AUM-5] Preventing static and default values . 52
39 5.2.6 [AUM-6] Brute force protection . 56
40 5.3 [SUM] Secure update mechanism . 59
41 5.3.1 [SUM-1] Applicability of update mechanisms. 59
42 5.3.2 [SUM-2] Secure updates . 62
43 5.3.3 [SUM-3] Automated updates . 66
44 5.4 [SSM] Secure storage Mechanism . 69
45 5.4.1 [SSM-1] Applicability of secure storage mechanisms . 69
46 5.4.2 [SSM-2] Appropriate integrity protection for secure storage mechanisms . 72
47 5.4.3 [SSM-3] Appropriate confidentiality protection for secure storage mechanisms . 75
48 5.5 [SCM] Secure communication mechanism . 78
49 5.5.1 [SCM-1] Applicability of secure communication mechanisms . 78
50 5.5.2 [SCM-2] Appropriate integrity and authenticity protection for secure communication
51 mechanisms . 82
52 5.5.3 [SCM-3] Appropriate confidentiality protection for secure communication
53 mechanisms . 85
54 5.5.4 [SCM-4] Appropriate replay protection for secure communication mechanisms . 89
55 5.6 [LGM] Logging Mechanism . 93
56 5.6.1 [LGM-1] Applicability of logging mechanisms . 93
57 5.6.2 [LGM-2] Appropriate Logging mechanisms . 96
58 5.6.3 [LGM-3] Appropriate Logging mechanisms – Minimum number of events . 100
59 5.6.4 [LGM-4] Appropriate Logging mechanisms – Time related information . 103
60 5.7 [DLM] Deletion mechanism . 106
oSIST prEN 18031-2:2023
prEN 18031-2:2023 (E)
61 5.7.1 [DLM-1] Applicability of and appropriate deletion mechanisms . 106
62 5.8 [UNM] User notification mechanism . 110
63 5.8.1 [UNM-1] Applicability of user notification mechanisms . 110
64 5.8.2 [UNM-2] Content of user notification . 115
65 5.9 [CCK] Confidential cryptographic keys . 117
66 5.9.1 [CCK-1] Appropriate Confidential cryptographic keys (CCKs). 117
67 5.9.2 [CCK-2] Confidential cryptographic key generation mechanisms . 120
68 5.9.3 [CCK-3] No hard-coded confidential cryptographic keys . 122
69 5.9.4 [CCK-4] Preventing static default values for confidential cryptographic keys . 124
70 5.10 [GEC] General equipment capabilities . 128
71 5.10.1 [GEC-1] Up-to-date software and hardware with no publicly known exploitable
72 vulnerabilities . 128
73 5.10.2 [GEC-2] Limit exposure of services via related network interfaces . 130
74 5.10.3 [GEC-3] Configuration of optional services and the related exposed network
75 interfaces . 133
76 5.10.4 [GEC-4] Documentation of exposed services via network interfaces . 135
77 5.10.5 [GEC-5] No unnecessary external interfaces . 137
78 5.10.6 [GEC-6] Documentation of external sensing capabilities . 139
79 5.10.7 [GEC-7] Input validation . 141
80 5.11 [CRY] Cryptography . 145
81 5.11.1 [CRY-1] Best practice Cryptography . 145
82 Annex A (informative) Rationale . 150
83 A.1 General . 150
84 A.2 Rationale . 150
85 A.2.1 Family of standards . 150
86 A.2.2 Security by design . 150
87 A.2.3 Assets . 151
88 A.2.4 Mechanisms . 151
89 A.2.5 Assessment criteria . 151
90 A.2.5.1 Decision trees . 152
91 A.2.5.2 Technical documentation . 152
92 A.2.5.3 Security testing . 154
93 A.2.6 Security parameters . 154
94 Annex ZA (informative) . 155
95 Table ZA.1 — Correspondence between this European Standard and Directive 2014/53/EU
96 [OJ L 153] . 155
97 Bibliography .
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

CEN
FprEN 18031-1(Main)
Common security requirements for radio equipment - Part 1: Internet connected radio equipment
kSIST FprEN 18031-1:2024

This document specifies common security requirements for internet-connected radio equipment. This document provides technical specifications for radio equipment, which concerns electrical or electronic products that are capable to communicate over the internet, regardless of whether these products communicate directly or via any other equipment.

  • Draft
    123 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
FprEN 18031-3(Main)
Common security requirements for radio equipment - Part 3: Internet connected radio equipment processing virtual money or monetary value
kSIST FprEN 18031-3:2024

Common security requirements for internet connected radio equipment that equipment enables the holder or user to transfer money, monetary value or virtual currency. This document provides technical specifications for radio equipment processing virtual money or monetary value, which apply to electrical or electronic products that are capable to communicate over the internet, regardless of whether these products communicate directly or via any other equipment.

  • Draft
    127 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
FprEN 18031-1(Main)
Common security requirements for radio equipment - Part 1: Internet connected radio equipment
kSIST FprEN 18031-1:2024

This document specifies common security requirements for internet-connected radio equipment. This document provides technical specifications for radio equipment, which concerns electrical or electronic products that are capable to communicate over the internet, regardless of whether these products communicate directly or via any other equipment.

  • Draft
    123 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
FprEN 18031-3(Main)
Common security requirements for radio equipment - Part 3: Internet connected radio equipment processing virtual money or monetary value
kSIST FprEN 18031-3:2024

Common security requirements for internet connected radio equipment that equipment enables the holder or user to transfer money, monetary value or virtual currency. This document provides technical specifications for radio equipment processing virtual money or monetary value, which apply to electrical or electronic products that are capable to communicate over the internet, regardless of whether these products communicate directly or via any other equipment.

  • Draft
    127 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 14717:2024(Main)
Welding and allied processes - Environmental check list
kSIST FprEN 14717:2024

This document provides check lists for the assessment of the environmental aspects of welding fabrication of metallic materials including site and repair work. Informative annexes indicate recommended actions for avoiding and reducing the possible environmental impacts outside the workshop.

  • Draft
    17 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 17099:2024(Main)
Radiological protection - Performance criteria for laboratories using the cytokinesis-block micronucleus (CBMN) assay in peripheral blood lymphocytes for biological dosimetry (ISO 17099:2024)
kSIST FprEN ISO 17099:2024

This document gives guidance on
a)       confidentiality of personal information for the customer and the laboratory,
b)       laboratory safety requirements,
c)        calibration sources and calibration dose ranges useful for establishing the reference dose-response curves that contribute to the dose estimation from CBMN assay yields and the detection limit,
d)       performance of blood collection, culturing, harvesting, and sample preparation for CBMN assay scoring,
e)       scoring criteria,
f)         conversion of micronucleus frequency in BNCs into an estimate of absorbed dose,
g)       reporting of results,
h)       quality assurance and quality control, and
i)         informative annexes containing sample instructions for customers, sample questionnaire, a microscope scoring data sheet, and a sample report.
This document excludes methods for automated scoring of CBMN.

  • Draft
    44 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 4766:2024(Main)
Fasteners - Slotted set screws with flat point (ISO 4766:2024)
kSIST FprEN ISO 4766:2024

This document specifies the characteristics of slotted set screws with flat point, in steel and stainless steel, with metric coarse pitch threads M1,2 to M12, and with product grade A.
If in certain cases other specifications are requested, hardness classes and stainless steel grades can be selected from ISO 898-5 or ISO 3506-3, and dimensional options from ISO 888, ISO 965-1 or ISO 4753.

  • Draft
    9 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 17970:2024(Main)
Ductile iron pipes - Push-in joints for ductile iron pipe systems - Resistance against root penetration - Requirements and test methods
kSIST FprEN 17970:2024

This document is applicable to diffusion-tight pipes, accessories and fittings in ductile cast iron to EN 598 and to cast iron pipe systems.
The document gives requirements on the contact pressure based on a risk assessment and gives a test method that simulates the penetration of a root tip into the sealing gap.

  • Draft
    10 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 13506-1:2024(Main)
Protective clothing against heat and flame - Part 1: Test method for complete garments - Measurement of transferred energy using an instrumented manikin (ISO 13506-1:2024)
kSIST FprEN ISO 13506-1:2024

This document specifies the overall requirements, equipment and calculation methods to provide results that can be used for evaluating the performance of complete garments or protective clothing ensembles exposed to short duration flame engulfment.
This test method establishes a rating system to characterize the thermal protection provided by single-layer and multi-layer garments made of flame resistant materials. The rating is based on the measurement of heat transfer to a full-size manikin exposed to convective and radiant energy in a laboratory simulation of a fire with controlled heat flux, duration and flame distribution. The heat transfer data is summed over a prescribed time to give the total transferred energy. Transferred energy and thermal manikin protection factor (TMPF) assessment methods provide a means to quantify product performance.
The exposure heat flux is limited to a nominal level of 84 kW/m2 and durations of 3 s to 20 s dependant on the risk assessment and expectations from the thermal insulating capability of the garment.
The results obtained apply only to the particular garments or ensembles, as tested, and for the specified conditions of each test, particularly with respect to the heat flux, duration and flame distribution.
This test method covers visual evaluation, observation, inspection and documentation on the overall behaviour of the test specimen(s) before, during and after the exposure. The effects of body position and movement are not addressed in this test method.
The heat flux measurements can also be used to calculate the predicted skin burn injury resulting from the exposure (see ISO 13506-2).
This test method does not simulate high radiant exposures such as those found in arc flash exposures, some types of fire exposures where liquid or solid fuels are involved, nor exposure to nuclear explosions.
NOTE            This test method is complex and requires a high degree of technical expertise in both the test setup and operation. Even minor deviations from the instructions in this test method can lead to significantly different test results.

  • Draft
    51 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 16976:2024(Main)
Ambient air - Determination of the particle number concentration of atmospheric aerosol
kSIST FprEN 16976:2024

This document specifies a standard method for determining the particle number concentration in ambient air in a range up to about 107 cm–3 for averaging times equal to or larger than 1 min. The standard method is based on a Condensation Particle Counter (CPC) operated in the counting mode and an appropriate dilution system for concentrations exceeding the counting mode range. It also defines the performance characteristics and the minimum requirements of the instruments to be used. The lower and upper sizes considered within this document are 10 nm and a few micrometres, respectively. This document gives guidance on sampling, operation, data processing and QA/QC procedures including calibration parameters.

  • Draft
    53 pages
    English language
    sale 10% off
    e-Library read for
    1 day