iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
SIST

SIST EN 18031-2:2024

(Main)

Common security requirements for radio equipment - Part 2: radio equipment processing data, namely Internet connected radio equipment, childcare radio equipment, toys radio equipment and wearable radio equipment

Common security requirements for radio equipment - Part 2: radio equipment processing data, namely Internet connected radio equipment, childcare radio equipment, toys radio equipment and wearable radio equipment

This document specifies common security requirements and related assessment criteria for radio
equipment [36] processing personal data [40] or traffic data [41] or location data [41] for either internet
connected radio equipment [37], radio equipment designed or intended exclusively for childcare [37];
toys [39] and wearable radio equipment [37] (hereinafter referred to as "equipment").

Gemeinsame Sicherheitsanforderungen für datenverarbeitende Funkanlagen, namentlich mit dem Internet verbundene Funkanlagen, in der Kinderbetreuung eingesetzte Funkanlagen, in Spielzeug eingesetzte Funkanlagen sowie an einem Teil des menschlichen Körpers oder an Kleidungsstücken getragene Funkanlagen

Exigences de sécurité communes applicables aux équipements radioélectriques - Partie 2 : Équipements radioélectriques qui traitent des données, à savoir les équipements radioélectriques connectés à l’internet, les équipements radioélectriques destinés à la garde d’enfants, les jouets dotés d’équipements radioélectriques et les équipements radioélectriques portables

Exigences de sécurité communes applicables aux équipements radioélectriques qui traitent des données à caractère personnel, des données liées au trafic ou des données de localisation, qu'il s'agisse d'équipements radioélectriques connectés à l'internet, d'équipements radioélectriques conçus ou destinés exclusivement à la garde d'enfants ; aux jouets et aux équipements radioélectriques portables. La norme fournit des spécifications techniques pour les équipements radioélectriques traitant des données à caractère personnel, des données liées au trafic ou des données de localisation, qui portent sur les produits électriques ou électroniques capables de communiquer via l'internet, que ces produits communiquent directement ou par l'intermédiaire d'un autre équipement, équipement radioélectrique destiné à la garde d'enfants, jouet ou équipement radioélectrique portable.
Le domaine d'application ne s'applique pas aux équipements réseau 5G utilisés par les fournisseurs des réseaux publics de communications électroniques et des services de communications électroniques accessibles au public au sens de la Directive (UE) 2018/1972 du Parlement européen et du Conseil, tels qu'ils sont définis dans ce Règlement.

Skupne varnostne zahteve za radijsko opremo - 2. del: Radijska oprema za obdelavo podatkov, in sicer radijska oprema, povezana z internetom, radijska oprema za varstvo otrok, radijska oprema za igrače in nosljiva radijska oprema

Ta dokument določa skupne varnostne zahteve in povezana merila ocenjevanja za radijsko opremo [36] za obdelavo osebnih podatkov [40] ali podatkov o prometu [41] ali podatkov o lokaciji [41], tj. radijsko opremo, povezano
z internetom [37], radijsko opremo, namenjeno ali predvideno izključno za varstvo otrok [37],
radijsko opremo za igrače [39] ter nosljivo radijsko opremo [37] (v nadaljnjem besedilu »oprema«).

General Information

Status
Published
Public Enquiry End Date
12-Nov-2023
Publication Date
15-Sep-2024
ICS
33.060.01 - Radiocommunications in general
33.060.20 - Receiving and transmitting equipment
35.030 - IT Security
Technical Committee
ITC - Information technology
Current Stage
6060 - National Implementation/Publication (Adopted Project)
Start Date
21-Aug-2024
Due Date
26-Oct-2024
Completion Date
16-Sep-2024
Directive
2014/53/EU - Directive 2014/53/EU of The European Parliament and of the Council of 16 April 2014 on the harmonisation of the laws of the Member States relating to the making available on the market of radio equipment and repealing Directive 1999/5/EC
Mandate
M/585 - standardisation request to the European Telecommunications Standards Institute as regards radio equipment in support of Directive 2014/53/EU of the European Parliament and of the Council in conjunction with Commission Delegated Regulation
Ref Project
EN 18031-2:2024 - Common security requirements for radio equipment - Part 2: radio equipment processing data, namely Internet connected radio equipment, childcare radio equipment, toys radio equipment and wearable radio equipment

Buy Standard

EN 18031-2:2024 - BARVEEN 18031-2:2024 - BARVE
PreviousNext
Standard
EN 18031-2:2024 - BARVE
English language
220 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


SLOVENSKI STANDARD
01-oktober-2024
Skupne varnostne zahteve za radijsko opremo - 2. del: Radijska oprema za
obdelavo podatkov, in sicer radijska oprema, povezana z internetom, radijska
oprema za varstvo otrok, radijska oprema za igrače in nosljiva radijska oprema
Common security requirements for radio equipment - Part 2: radio equipment processing
data, namely Internet connected radio equipment, childcare radio equipment, toys radio
equipment and wearable radio equipment
Gemeinsame Sicherheitsanforderungen für datenverarbeitende Funkanlagen,
namentlich mit dem Internet verbundene Funkanlagen, in der Kinderbetreuung
eingesetzte Funkanlagen, in Spielzeug eingesetzte Funkanlagen sowie an einem Teil
des menschlichen Körpers oder an Kleidungsstücken getragene Funkanlagen
Exigences de sécurité communes applicables aux équipements radioélectriques - Partie
2 : Équipements radioélectriques qui traitent des données, à savoir les équipements
radioélectriques connectés à l’internet, les équipements radioélectriques destinés à la
garde d’enfants, les jouets dotés d’équipements radioélectriques et les équipements
radioélectriques portables
Ta slovenski standard je istoveten z: EN 18031-2:2024
ICS:
33.060.01 Radijske komunikacije na Radiocommunications in
splošno general
35.030 Informacijska varnost IT Security
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EUROPEAN STANDARD EN 18031-2

NORME EUROPÉENNE
EUROPÄISCHE NORM
August 2024
ICS 33.060.20
English version
Common security requirements for radio equipment - Part
2: radio equipment processing data, namely Internet
connected radio equipment, childcare radio equipment,
toys radio equipment and wearable radio equipment
Exigences de sécurité communes applicables aux Gemeinsame Sicherheitsanforderungen für
équipements radioélectriques - Partie 2 : Équipements datenverarbeitende Funkanlagen, namentlich mit dem
radioélectriques qui traitent des données, à savoir les Internet verbundene Funkanlagen, in der
équipements radioélectriques connectés à l'internet, Kinderbetreuung eingesetzte Funkanlagen, in
les équipements radioélectriques destinés à la garde Spielzeug eingesetzte Funkanlagen sowie an einem Teil
d'enfants, les jouets dotés d'équipements des menschlichen Körpers oder an Kleidungsstücken
radioélectriques et les équipements radioélectriques getragene Funkanlagen
portables
This European Standard was approved by CEN on 1 August 2024.

CEN and CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for
giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical
references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to
any CEN and CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN and CENELEC member into its own language and notified to the CEN-CENELEC
Management Centre has the same status as the official versions.

CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium,
Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia,
Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and United Kingdom.

Contents Page
European foreword . 5
Introduction . 6
1 Scope . 7
2 Normative references . 7
3 Terms and definitions . 7
4 Abbreviations . 12
5 Application of this document. 13
6 Requirements . 16
6.1 [ACM] Access control mechanism . 16
6.1.1 [ACM-1] Applicability of access control mechanisms . 16
6.1.2 [ACM-2] Appropriate access control mechanisms . 21
6.1.3 [ACM-3] Default access control for children in toys . 26
6.1.4 [ACM-4] Default access control to children’s privacy assets for toys and childcare
equipment . 30
6.1.5 [ACM-5] Parental/Guardian access controls for children in toys . 36
6.1.6 [ACM-6] Parental/Guardian access controls for other entities’ access to managed
children’s privacy assets in toys . 40
6.2 [AUM] Authentication mechanism . 45
6.2.1 [AUM-1] Applicability of authentication mechanisms . 45
6.2.2 [AUM-2] Appropriate authentication mechanisms . 55
6.2.3 [AUM-3] Authenticator validation . 61
6.2.4 [AUM-4] Changing authenticators. 65
6.2.5 [AUM-5] Password strength . 68
6.2.6 [AUM-6] Brute force protection . 76
6.3 [SUM] Secure update mechanism . 80
6.3.1 [SUM-1] Applicability of update mechanisms. 80
6.3.2 [SUM-2] Secure updates . 83
6.3.3 [SUM-3] Automated updates . 88
6.4 [SSM] Secure storage mechanism . 91
6.4.1 [SSM-1] Applicability of secure storage mechanisms . 91
6.4.2 [SSM-2] Appropriate integrity protection for secure storage mechanisms . 96
6.4.3 [SSM-3] Appropriate confidentiality protection for secure storage mechanisms . 101
6.5 [SCM] Secure communication mechanism . 106
6.5.1 [SCM-1] Applicability of secure communication mechanisms . 106
6.5.2 [SCM-2] Appropriate integrity and authenticity protection for secure communication
mechanisms . 112
6.5.3 [SCM-3] Appropriate confidentiality protection for secure communication
mechanisms . 118
6.5.4 [SCM-4] Appropriate replay protection for secure communication mechanisms . 123
6.6 [LGM] Logging mechanism . 128
6.6.1 [LGM-1] Applicability of logging mechanisms . 128
6.6.2 [LGM-2] Persistent storage of log data . 131
6.6.3 [LGM-3] Minimum number of persistently stored events . 134
6.6.4 [LGM-4] Time-related information of persistently stored log data . 137
6.7 [DLM] Deletion mechanism. 140
6.7.1 [DLM-1] Applicability of deletion mechanisms . 140
6.8 [UNM] User notification mechanism . 144
6.8.1 [UNM-1] Applicability of user notification mechanisms . 144
6.8.2 [UNM-2] Appropriate user notification content . 148
6.9 [CCK] Confidential cryptographic keys . 150
6.9.1 [CCK-1] Appropriate CCKs . 150
6.9.2 [CCK-2] CCK generation mechanisms . 154
6.9.3 [CCK-3] Preventing static default values for preinstalled CCKs . 159
6.10 [GEC] General equipment capabilities . 163
6.10.1 [GEC-1] Up-to-date software and hardware with no publicly known exploitable
vulnerabilities . 163
6.10.2 [GEC-2] Limit exposure of services via related network interfaces . 168
6.10.3 [GEC-3] Configuration of optional services and the related exposed network
interfaces . 172
6.10.4 [GEC-4] Documentation of exposed network interfaces and exposed services via
network interfaces . 175
6.10.5 [GEC-5] No unnecessary external interfaces . 178
6.10.6 [GEC-6] Input validation . 181
6.10.7 [GEC-7] Documentation of external sensing capabilities . 186
6.11 [CRY] Cryptography . 188
6.11.1 [CRY-1] Best practice cryptography . 188
Annex A (informative) Rationale . 194
A.1 General . 194
A.2 Rationale . 194
A.2.1 Family of standards . 194
A.2.2 Security by design . 194
A.2.3 Threat modelling and security risk assessment . 195
A.2.4 Functional sufficiency assessment . 196
A.2.5 Implementation categories . 196
A.2.6 Assets . 197
A.2.7 Mechanisms . 199
A.2.8 Assessment criteria . 199
A.2.9 Interfaces . 202
Annex B (informative) Mapping with EN IEC 62443-4-2: 2019 . 205
B.1 General . 205
B.2 Mapping . 205
Annex C (informative) Mapping with ETSI EN 303 645 (Cyber Security for Consumer Internet
of Things: B
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

SIST
SIST EN 18031-3:2024(Main)
Common security requirements for radio equipment - Part 3: Internet connected radio equipment processing virtual money or monetary value
EN 18031-3:2024

Common security requirements for internet connected radio equipment that equipment enables the holder or user to transfer money, monetary value or virtual currency. This document provides technical specifications for radio equipment processing virtual money or monetary value, which apply to electrical or electronic products that are capable to communicate over the internet, regardless of whether these products communicate directly or via any other equipment.

  • Standard
    185 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 18031-1:2024(Main)
Common security requirements for radio equipment - Part 1: Internet connected radio equipment
EN 18031-1:2024

This document specifies common security requirements and related assessment criteria for internetconnected
radio equipment [34] (hereinafter referred to as "equipment”).

  • Standard
    180 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 18031-3:2024(Main)
Common security requirements for radio equipment - Part 3: Internet connected radio equipment processing virtual money or monetary value
EN 18031-3:2024

Common security requirements for internet connected radio equipment that equipment enables the holder or user to transfer money, monetary value or virtual currency. This document provides technical specifications for radio equipment processing virtual money or monetary value, which apply to electrical or electronic products that are capable to communicate over the internet, regardless of whether these products communicate directly or via any other equipment.

  • Standard
    185 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 18031-1:2024(Main)
Common security requirements for radio equipment - Part 1: Internet connected radio equipment
EN 18031-1:2024

This document specifies common security requirements and related assessment criteria for internetconnected
radio equipment [34] (hereinafter referred to as "equipment”).

  • Standard
    180 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO 14356:2024(Main)
Dentistry - Duplicating material (ISO 14356:2024)
EN ISO 14356:2024

ISO 14356:2002 specifies requirements and tests for the duplicating materials used in dentistry which are primarily intended for forming flexible moulds needed to produce positive refractory investment copies of properly blocked-out master models.

  • Standard
    38 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST ES 201 873-1 V4.16.1:2025(Main)
Methods for Testing and Specification (MTS) - The Testing and Test Control Notation version 3 - Part 1: TTCN-3 Core Language
ETSI ES 201 873-1 V4.16.1 (2024-10)

RES/MTS-201873-1v4.16.1

  • Standard
    395 pages
    English language
    sale 15% off
  • Standard
    395 pages
    English language
    sale 15% off
  • Standardization document
    395 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN IEC 63296-2:2024(Main)
Portable multimedia equipment - Determination of battery duration - Part 2: Headphones and earphones with active noisecancelling functions (IEC 63296-2:2023)
EN IEC 63296-2:2024

IEC 63296-2:2023 is applicable to active acoustic noise-cancelling headphones and earphones that have the function of reducing the ambient noise heard by the user by the level of the output sound from the transducer, which is generated by the ambient noise detection microphone and the noise reduction signal processing circuit.
This document covers headphones and earphones to be worn over-the-ear or in-ear, all of which are referred to as "headphones" in this document.
This document specifies the terms and definitions relating to battery duration of this type of headphones and the measurement and evaluation methods.
The noise-detection microphones are mounted in the body, on the surface, or on an accessory of the headphones. Signal-processing circuits are analogue and digital electronic circuits.
This document does not deal with equipment intended for hearing protection. It is also not applicable to music players, recorders, etc. that have a noise-cancelling function.
The battery duration measurement methods can be applied to headphones having no active noise-cancelling function.

  • Standard
    15 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO 14071:2024(Main)
Environmental management - Life cycle assessment - Critical review processes and reviewer competencies (ISO 14071:2024)
EN ISO 14071:2024

ISO/TS 14071:2014 provides additional specifications to ISO 14040:2006 and ISO 14044:2006. It provides requirements and guidelines for conducting a critical review of any type of LCA study and the competencies required for the review.
ISO/TS 14071:2014 provides:
details of a critical review process, including clarification with regard to ISO 14044:2006;
guidelines to deliver the required critical review process, linked to the goal of the life cycle assessment (LCA) and its intended use;
content and deliverables of the critical review process;
guidelines to improve the consistency, transparency, efficiency and credibility of the critical review process;
the required competencies for the reviewer(s) (internal, external and panel member);
the required competencies to be represented by the panel as a whole.
ISO/TS 14071:2014 does not cover the applications of LCA.

  • Standard
    19 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 14803:2020+A1:2025(Main + Amendment)
Waste management - Identification and/or determination of the quantity of waste
EN 14803:2020+A1:2024

This document specifies general requirements and verifications for methods of identification of waste containers and/or determination of the quantity of waste and other reusable materials including:
-   safety requirements;
-   interface requirements and performances;
-   data to be treated and their integrity.
This document is applicable to systems for handling containers conforming to the EN 840 series.
Although this document does not cover systems for handling containers not conforming to the EN 840 series, users are encouraged to apply the requirements of this document to these systems as far as possible.
This document is applicable to systems both for billing and not for billing.
This document is applicable to systems both for billing and not for billing.

  • Standard
    23 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 14986:2024(Main)
Design of fans working in potentially explosive atmospheres
EN 14986:2024

1.1   This document specifies the constructional requirements for fans constructed to Group II G (of explosion groups IIA, IIB and hydrogen) categories 1, 2 and 3, and Group II D categories 2 and 3, intended for use in explosive atmospheres.
NOTE 1   Operation conditions for the different categories of fans used in this document are defined in Clause 4.
NOTE 2   For category 1 D fans, requirements provided in this document are not sufficient to ensure safety. In addition, explosion protection measures as specified in EN 1127 1:2019 are required to prevent ignition in the case of rare malfunctions.
NOTE 3   Technical requirements for explosion group IIC (other than hydrogen) are not given in this document. Where such atmospheres are present, additional explosion protection measures as specified in EN 1127 1:2019 can be needed.
1.2   This document does not apply to group I fans (fans for mining), cooling fans or impellers on rotating electrical machines, cooling fans or impellers on internal combustion engines, vehicles or electric motors.
NOTE 1   Requirements for group I fans are given in EN ISO/IEC 80079 38:2016.
NOTE 2   The requirements for electrical parts are covered by references to electrical equipment standards.
1.3   This document specifies requirements for design, construction, testing and marking of complete fan units intended for use in potentially explosive atmospheres in air containing gas, vapour, mist and/or dusts. Such atmospheres can exist inside (the conveyed atmosphere (flammable or not)), outside, or inside and outside of the fan.
NOTE   This document covers mechanical equipment, in particular fans. The “protection concept” as specified in EN ISO 80079 37:2016 is constructional safety. Requirements for marking are given in EN ISO 80079 37:2016.
1.4   This document is applicable to fans working in ambient atmospheres and with normal atmospheric conditions at the inlet, having
—   absolute pressures ranging from 0,8 bar to 1,1 bar,
—   and temperatures ranging from −20 °C to +60 °C,
—   and maximum volume fraction of 21 % oxygen content,
—   and an aerodynamic energy increase of less than 25 kJ/kg.
NOTE 1   25 kJ/kg is equivalent to 30 kPa at inlet density of 1,2 kg/m3.
This document can also be helpful for the design, construction, testing and marking of fans intended for use in atmospheres outside the validity range stated above or in cases where other material pairings need to be used. In this case, the ignition risk assessment, ignition protection provided, additional testing (if necessary), manufacturer's marking, technical documentation and instructions to the user, clearly demonstrate and indicate the equipment's suitability for the conditions the fan can encounter.
NOTE 2   Temperatures below −20°C can be considered. Material suitability can require specific evaluation for these temperatures. With lower temperature the explosion pressure increases, which leads to increased test pressures (see A.3) and can require specific testing. Although the standard atmospheric conditions in EN ISO 80079 36:2016 give a temperature range for the atmosphere of −20 °C to +60 °C the normal ambient temperature range for the equipment is −20 °C to +40 °C unless otherwise specified and marked.

  • Standard
    60 pages
    English language
    sale 10% off
    e-Library read for
    1 day