iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
CEN

FprEN 18031-3

(Main)

Common security requirements for radio equipment - Part 3: Internet connected radio equipment processing virtual money or monetary value

Common security requirements for radio equipment - Part 3: Internet connected radio equipment processing virtual money or monetary value

Common security requirements for internet connected radio equipment that equipment enables the holder or user to transfer money, monetary value or virtual currency. This document provides technical specifications for radio equipment processing virtual money or monetary value, which apply to electrical or electronic products that are capable to communicate over the internet, regardless of whether these products communicate directly or via any other equipment.

Gemeinsame Sicherheitsanforderungen für mit dem Internet verbundene Funkanlagen, die für die Datenverarbeitung im Zusammenhang mit virtuellen Währungen oder monetären Werten eingesetzt werden

The harmonised standard includes test methods or equivalent approaches and conditions to verify compliance of the radio equipment with the essential requirement set out in Article 3(3), point (f) of Directive 2014/53/EU for the categories and classes specified by Article 1(3) of Delegated Regulation (EU) 2022/.

Exigences de sécurité communes applicables aux équipements radioélectriques - Partie 3 : Équipements radioélectriques connectés à l'internet qui traitent une monnaie virtuelle ou de la valeur monétaire

Exigences de sécurité communes applicables aux équipements radioélectriques connectés à l'internet qui permettent au détenteur ou à l'utilisateur de transférer de l'argent, une valeur monétaire ou une monnaie virtuelle. Le présent document fournit des spécifications techniques pour les équipements radioélectriques qui traitent une monnaie virtuelle ou de la valeur monétaire, qui s'appliquent aux produits électriques ou électroniques capables de communiquer via l'internet, que ces produits communiquent directement ou par l'intermédiaire d'un autre équipement.

Skupne varnostne zahteve za radijsko opremo - 3. del: Z internetom povezana radijska oprema, ki obdeluje virtualni denar ali denarno vrednost

General Information

Status
Not Published
Publication Date
21-Aug-2024
ICS
33.060.20 - Receiving and transmitting equipment
35.030 - IT Security
35.240.40 - IT applications in banking
Technical Committee
CEN/CLC/TC 13 - Cybersecurity and Data Protection
Drafting Committee
CEN/CLC/JTC 13/WG 8 - Special Working Group RED Standardization Request
Current Stage
5060 - Closure of Vote - Formal Approval
Start Date
27-Jun-2024
Due Date
04-Mar-2024
Completion Date
27-Jun-2024
Directive
2014/53/EU - Directive 2014/53/EU of The European Parliament and of the Council of 16 April 2014 on the harmonisation of the laws of the Member States relating to the making available on the market of radio equipment and repealing Directive 1999/5/EC
Mandate
M/585 - standardisation request to the European Telecommunications Standards Institute as regards radio equipment in support of Directive 2014/53/EU of the European Parliament and of the Council in conjunction with Commission Delegated Regulation
Ref Project
kSIST FprEN 18031-3:2024 - Common security requirements for radio equipment - Part 3: Internet connected radio equipment processing virtual money or monetary value

Buy Standard

prEN 18031-3:2023 - BARVEprEN 18031-3:2023 - BARVE
PreviousNext
Draft
prEN 18031-3:2023 - BARVE
English language
127 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


SLOVENSKI STANDARD
oSIST prEN 18031-3:2023
01-november-2023
Skupne varnostne zahteve za radijsko opremo - 3. del: Z internetom povezana
radijska oprema, ki obdeluje virtualni denar ali denarno vrednost
Common security requirements for radio equipment - Part 3: Internet connected radio
equipment processing virtual money or monetary value
Gemeinsame Sicherheitsanforderungen für mit dem Internet verbundene Funkanlagen,
die für die Datenverarbeitung im Zusammenhang mit virtuellen Währungen oder
monetären Werten eingesetzt werden
Exigences de sécurité communes applicables aux équipements radioélectriques
connectés à linternet qui traitent une monnaie virtuelle ou de la valeur monétaire
Ta slovenski standard je istoveten z: prEN 18031-3
ICS:
33.060.01 Radijske komunikacije na Radiocommunications in
splošno general
oSIST prEN 18031-3:2023 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

oSIST prEN 18031-3:2023
oSIST prEN 18031-3:2023
EUROPEAN STANDARD DRAFT
prEN 18031-3
NORME EUROPÉENNE
EUROPÄISCHE NORM
August 2023
ICS
English version
Common security requirements for radio equipment - Part
3: Internet connected radio equipment processing virtual
money or monetary value
Exigences de sécurité communes applicables aux Gemeinsame Sicherheitsanforderungen für mit dem
équipements radioélectriques connectés à l¿internet Internet verbundene Funkanlagen, die für die
qui traitent une monnaie virtuelle ou de la valeur Datenverarbeitung im Zusammenhang mit virtuellen
monétaire Währungen oder monetären Werten eingesetzt
werden
This draft European Standard is submitted to CEN members for enquiry. It has been drawn up by the Technical Committee
CEN/CLC/JTC 13.
If this draft becomes a European Standard, CEN and CENELEC members are bound to comply with the CEN/CENELEC Internal
Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any
alteration.
This draft European Standard was established by CEN and CENELEC in three official versions (English, French, German). A
version in any other language made by translation under the responsibility of a CEN and CENELEC member into its own language
and notified to the CEN-CENELEC Management Centre has the same status as the official versions.

CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium,
Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia,
Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and United Kingdom.

Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of which they are
aware and to provide supporting documentation.Recipients of this draft are invited to submit, with their comments, notification
of any relevant patent rights of which they are aware and to provide supporting documentation.

Warning : This document is not a European Standard. It is distributed for review and comments. It is subject to change without
notice and shall not be referred to as a European Standard.

oSIST prEN 18031-3:2023
prEN 18031-3:2023 (E)
16 Contents Page
18 European foreword . 4
19 Introduction . 5
20 1 Scope . 6
21 2 Normative references . 6
22 3 Terms and definitions . 6
23 4 Application of this standard . 10
24 5 Requirements . 12
25 5.1 [ACM] Access control mechanism . 12
26 5.1.1 [ACM-1] Applicability of access control mechanisms . 12
27 5.1.2 [ACM-2] Appropriate access control mechanisms . 16
28 5.2 [AUM] Authentication mechanism . 19
29 5.2.1 [AUM-1] Applicability of authentication mechanisms for external interfaces . 19
30 5.2.2 [AUM-2] Appropriate authentication mechanisms for external interfaces . 26
31 5.2.3 [AUM-3] Authenticator validation . 29
32 5.2.4 [AUM-4] Changing authenticators. 32
33 5.2.5 [AUM-5] Preventing static and default values . 35
34 5.2.6 [AUM-6] Brute force protection . 39
35 5.3 [SUM] Secure update mechanism . 43
36 5.3.1 [SUM-1] Applicability of update mechanisms. 43
37 5.3.2 [SUM-2] Secure updates . 46
38 5.3.3 [SUM-3] Automated updates . 50
39 5.4 [SSM] Secure storage Mechanism . 53
40 5.4.1 [SSM-1] Applicability of secure storage mechanisms . 53
41 5.4.2 [SSM-2] Appropriate integrity protection for secure storage mechanisms . 56
42 5.4.3 [SSM-3] Appropriate confidentiality protection for secure storage mechanisms . 59
43 5.5 [SCM] Secure communication mechanism . 62
44 5.5.1 [SCM-1] Applicability of secure communication mechanisms . 62
45 5.5.2 [SCM-2] Appropriate integrity and authenticity protection for secure communication
46 mechanisms . 66
47 5.5.3 [SCM-3] Appropriate confidentiality protection for secure communication
48 mechanisms . 69
49 5.5.4 [SCM-4] Appropriate replay protection for secure communication mechanisms . 73
50 5.6 [LGM] Logging Mechanism . 77
51 5.6.1 [LGM-1] Applicability of logging mechanisms . 77
52 5.6.2 [LGM-2] Appropriate Logging mechanisms . 80
53 5.6.3 [LGM-3] Appropriate Logging mechanisms – Minimum number of events . 84
54 5.6.4 [LGM-4] Appropriate Logging mechanisms – Time related information . 87
55 5.7 [CCK] Confidential cryptographic keys . 89
56 5.7.1 [CCK-1] Appropriate Confidential cryptographic keys (CCKs) . 89
57 5.7.2 [CCK-2] Confidential cryptographic key generation mechanisms . 92
58 5.7.3 [CCK-3] No hard-coded confidential cryptographic keys . 95
59 5.7.4 [CCK-4] Preventing static default values for confidential cryptographic keys. 97
60 5.8 [GEC] General equipment capabilities . 100
oSIST prEN 18031-3:2023
prEN 18031-3:2023 (E)
61 5.8.1 [GEC-1] Up-to-date software and hardware with no publicly known exploitable
62 vulnerabilities . 100
63 5.8.2 [GEC-2] Limit exposure of services via related network interfaces . 103
64 5.8.3 [GEC-3] Configuration of optional services and the related exposed network
65 interfaces . 105
66 5.8.4 [GEC-4] Documentation of exposed services via network interfaces . 108
67 5.8.5 [GEC-5] No unnecessary external interfaces . 109
68 5.8.6 [GEC-7] Input validation . 112
69 5.9 [CRY] Cryptography . 116
70 5.9.1 [CRY-1] Best practice Cryptography . 116
71 Annex A (informative) Rationale . 121
72 A.1 General . 121
73 A.2 Rationale . 121
74 A.2.1 Family of standards . 121
75 A.2.2 Security by design . 121
76 A.2.3 Assets . 121
77 A.2.4 Mechanisms . 122
78 A.2.5 Assessment criteria . 122
79 A.2.5.1 Decision trees . 123
80 A.2.5.2 Technical documentation . 123
81 A.2.5.3 Security testing . 125
82 A.2.6 Security parameters . 125
83 Annex ZA [D][E][F] (informative). 126
84 Table ZA.1 — Correspondence between this European Standard and Directive 2014/53/EU
85 [OJ L 153] . 126
86 Bibliography . 127
oSIST prEN 18031-3:2023
prEN 18031-3:2023 (E)
90 European foreword
91 This document (prEN 18031-3:2023) has been prepared by Technical Committee CEN/CENELEC JTC
92 13/WG 8 “Special Working Group RED Standardization Request”, the secretariat of which is held by NEN.
93 This document is currently submitted to the CEN Enquiry.
94 This document has been prepared under a mandate given to CEN/CENELEC by the European Commission
95 and the European Free Trade Association and supports essential requirements of EU Directive(s) /
96 Regulation(s).
97 For relationship with EU Directive(s) / Regulation(s), see informative Annex ZA, which is an integral part
98 of this document.
oSIST prEN 18031-3:2023
prEN 18031-3:2023 (E)
99 Introduction
100 It is important to note that in order to achieve the overall cybersecurity of radio equipment, defence in
101 depth best practices will be needed. In particular, no one single measure will suffice to achieve the given
102 objectives, indeed achieving even a single security objective will usually require a suite of mechanisms
103 and measures. Throughout this document, the guidance material includes lists of examples. These lists
104 must be read only as indicative possibilities: there are other possibilities that are not listed, and even
105 using the examples given will not be sufficient unless the mechanisms and measures chosen are
106 implemented in a coordinated fashion.
oSIST prEN 18031-3:2023
prEN 18031-3:2023 (E)
107 1 Scope
108 Common security requirements for internet connected radio equipment that equipment enables the
109 holder or user to transfer money, monetary value or virtual currency. This document pro
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

CEN
EN 14717:2024(Main)
Welding and allied processes - Environmental check list
kSIST FprEN 14717:2024

This document provides check lists for the assessment of the environmental aspects of welding fabrication of metallic materials including site and repair work. Informative annexes indicate recommended actions for avoiding and reducing the possible environmental impacts outside the workshop.

  • Draft
    17 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 17099:2024(Main)
Radiological protection - Performance criteria for laboratories using the cytokinesis-block micronucleus (CBMN) assay in peripheral blood lymphocytes for biological dosimetry (ISO 17099:2024)
kSIST FprEN ISO 17099:2024

This document gives guidance on
a)       confidentiality of personal information for the customer and the laboratory,
b)       laboratory safety requirements,
c)        calibration sources and calibration dose ranges useful for establishing the reference dose-response curves that contribute to the dose estimation from CBMN assay yields and the detection limit,
d)       performance of blood collection, culturing, harvesting, and sample preparation for CBMN assay scoring,
e)       scoring criteria,
f)         conversion of micronucleus frequency in BNCs into an estimate of absorbed dose,
g)       reporting of results,
h)       quality assurance and quality control, and
i)         informative annexes containing sample instructions for customers, sample questionnaire, a microscope scoring data sheet, and a sample report.
This document excludes methods for automated scoring of CBMN.

  • Draft
    44 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 4766:2024(Main)
Fasteners - Slotted set screws with flat point (ISO 4766:2024)
kSIST FprEN ISO 4766:2024

This document specifies the characteristics of slotted set screws with flat point, in steel and stainless steel, with metric coarse pitch threads M1,2 to M12, and with product grade A.
If in certain cases other specifications are requested, hardness classes and stainless steel grades can be selected from ISO 898-5 or ISO 3506-3, and dimensional options from ISO 888, ISO 965-1 or ISO 4753.

  • Draft
    9 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 17970:2024(Main)
Ductile iron pipes - Push-in joints for ductile iron pipe systems - Resistance against root penetration - Requirements and test methods
kSIST FprEN 17970:2024

This document is applicable to diffusion-tight pipes, accessories and fittings in ductile cast iron to EN 598 and to cast iron pipe systems.
The document gives requirements on the contact pressure based on a risk assessment and gives a test method that simulates the penetration of a root tip into the sealing gap.

  • Draft
    10 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 13506-1:2024(Main)
Protective clothing against heat and flame - Part 1: Test method for complete garments - Measurement of transferred energy using an instrumented manikin (ISO 13506-1:2024)
kSIST FprEN ISO 13506-1:2024

This document specifies the overall requirements, equipment and calculation methods to provide results that can be used for evaluating the performance of complete garments or protective clothing ensembles exposed to short duration flame engulfment.
This test method establishes a rating system to characterize the thermal protection provided by single-layer and multi-layer garments made of flame resistant materials. The rating is based on the measurement of heat transfer to a full-size manikin exposed to convective and radiant energy in a laboratory simulation of a fire with controlled heat flux, duration and flame distribution. The heat transfer data is summed over a prescribed time to give the total transferred energy. Transferred energy and thermal manikin protection factor (TMPF) assessment methods provide a means to quantify product performance.
The exposure heat flux is limited to a nominal level of 84 kW/m2 and durations of 3 s to 20 s dependant on the risk assessment and expectations from the thermal insulating capability of the garment.
The results obtained apply only to the particular garments or ensembles, as tested, and for the specified conditions of each test, particularly with respect to the heat flux, duration and flame distribution.
This test method covers visual evaluation, observation, inspection and documentation on the overall behaviour of the test specimen(s) before, during and after the exposure. The effects of body position and movement are not addressed in this test method.
The heat flux measurements can also be used to calculate the predicted skin burn injury resulting from the exposure (see ISO 13506-2).
This test method does not simulate high radiant exposures such as those found in arc flash exposures, some types of fire exposures where liquid or solid fuels are involved, nor exposure to nuclear explosions.
NOTE            This test method is complex and requires a high degree of technical expertise in both the test setup and operation. Even minor deviations from the instructions in this test method can lead to significantly different test results.

  • Draft
    51 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 16976:2024(Main)
Ambient air - Determination of the particle number concentration of atmospheric aerosol
kSIST FprEN 16976:2024

This document specifies a standard method for determining the particle number concentration in ambient air in a range up to about 107 cm–3 for averaging times equal to or larger than 1 min. The standard method is based on a Condensation Particle Counter (CPC) operated in the counting mode and an appropriate dilution system for concentrations exceeding the counting mode range. It also defines the performance characteristics and the minimum requirements of the instruments to be used. The lower and upper sizes considered within this document are 10 nm and a few micrometres, respectively. This document gives guidance on sampling, operation, data processing and QA/QC procedures including calibration parameters.

  • Draft
    53 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 13506-2:2024(Main)
Protective clothing against heat and flame - Part 2: Skin burn injury prediction - Calculation requirements and test cases (ISO 13506-2:2024)
kSIST FprEN ISO 13506-2:2024

This document provides technical details for calculating predicted burn injury to human skin when its surface is subject to a varying heat flux, such as may occur due to energy transmitted through and by a garment or protective clothing ensemble exposed to flames. A series of test cases are provided against which the burn injury prediction calculation method is verified. It also contains requirements for the in situ calibration of the thermal energy sensor — skin injury prediction system for the range of heat fluxes that occur under garments.
The skin burn injury calculation methods as presented in this test method do not include terms for handling short wavelength radiation that may penetrate the skin. The latter include arc flashes, some types of fire exposures with liquid or solid fuels, and nuclear sources.

  • Draft
    23 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 17971:2024(Main)
Devices for in-situ generation of biocides - Ozone
kSIST FprEN 17971:2024

This document is applicable to devices for the generation and dosing of ozone. The ozone is generated in these devices according to the technology of dielectric barrier discharge. According to EN 1278 and EN 15074, ozone is suited for the use of the treatment of water intended for human consumption (drinking water), and for the treatment of swimming pool water respectively. Ozone can be added to the water for disinfection and for oxidative purposes. This document can also be applied for other technologies to generate ozone, e.g. electrolysis or UV irradiation, as far as reasonable or applicable.
This document specifies device’s construction, and test methods for the equipment used for in situ generation of ozone. It also specifies requirements for instructions for installation, operation, maintenance, safety and for documentation to be provided with the product.

  • Draft
    35 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 7436:2024(Main)
Fasteners - Slotted set screws with cup point (ISO 7436:2024)
kSIST FprEN ISO 7436:2024

This document specifies the characteristics of slotted set screws with cup point, in steel and stainless steel, with metric coarse pitch threads M1,6 to M12 and with product grade A.
If in certain cases other specifications are requested, hardness classes and stainless steel grades can be selected from ISO 898-5, or ISO 3506-3, and dimensional options from ISO 888, ISO 965-1 or ISO 4753.

  • Draft
    10 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 4080:2024(Main)
Rubber and plastics hoses and tubing, and their assemblies - Determination of permeability to gas (ISO 4080:2024)
kSIST FprEN ISO 4080:2024

This document specifies three methods to determine the permeability to gas by measuring the volume of gas diffusing through a rubber or plastics hose or length of tubing used for gas applications in a specified time.
—     Method 1 is for determining the permeability of the complete hose wall or length of tubing wall, excluding end fittings, to the test gas.
—     Method 2 is for determining the permeability at the hose and fitting interface to the test gas.
—     Method 3 is for precisely determining the permeability of the complete hose or length of tubing, including end fittings.

  • Draft
    17 pages
    English language
    sale 10% off
    e-Library read for
    1 day