iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
SIST

SIST EN 18031-3:2024

(Main)

Common security requirements for radio equipment - Part 3: Internet connected radio equipment processing virtual money or monetary value

Common security requirements for radio equipment - Part 3: Internet connected radio equipment processing virtual money or monetary value

Common security requirements for internet connected radio equipment that equipment enables the holder or user to transfer money, monetary value or virtual currency. This document provides technical specifications for radio equipment processing virtual money or monetary value, which apply to electrical or electronic products that are capable to communicate over the internet, regardless of whether these products communicate directly or via any other equipment.

Gemeinsame Sicherheitsanforderungen für mit dem Internet verbundene Funkanlagen, die für die Datenverarbeitung im Zusammenhang mit virtuellen Währungen oder monetären Werten eingesetzt werden

The harmonised standard includes test methods or equivalent approaches and conditions to verify compliance of the radio equipment with the essential requirement set out in Article 3(3), point (f) of Directive 2014/53/EU for the categories and classes specified by Article 1(3) of Delegated Regulation (EU) 2022/.

Exigences de sécurité communes applicables aux équipements radioélectriques connectés à l’internet qui traitent une monnaie virtuelle ou de la valeur monétaire

Exigences de sécurité communes applicables aux équipements radioélectriques connectés à l'internet qui permettent au détenteur ou à l'utilisateur de transférer de l'argent, une valeur monétaire ou une monnaie virtuelle. Le présent document fournit des spécifications techniques pour les équipements radioélectriques qui traitent une monnaie virtuelle ou de la valeur monétaire, qui s'appliquent aux produits électriques ou électroniques capables de communiquer via l'internet, que ces produits communiquent directement ou par l'intermédiaire d'un autre équipement.

Skupne varnostne zahteve za radijsko opremo - 3. del: Z internetom povezana radijska oprema, ki obdeluje virtualni denar ali denarno vrednost

General Information

Status
Published
Public Enquiry End Date
12-Nov-2023
Publication Date
15-Sep-2024
ICS
33.060.01 - Radiocommunications in general
33.060.20 - Receiving and transmitting equipment
35.030 - IT Security
35.240.40 - IT applications in banking
Technical Committee
ITC - Information technology
Current Stage
6060 - National Implementation/Publication (Adopted Project)
Start Date
21-Aug-2024
Due Date
26-Oct-2024
Completion Date
16-Sep-2024
Directive
2014/53/EU - Directive 2014/53/EU of The European Parliament and of the Council of 16 April 2014 on the harmonisation of the laws of the Member States relating to the making available on the market of radio equipment and repealing Directive 1999/5/EC
Mandate
M/585 - standardisation request to the European Telecommunications Standards Institute as regards radio equipment in support of Directive 2014/53/EU of the European Parliament and of the Council in conjunction with Commission Delegated Regulation
Ref Project
EN 18031-3:2024 - Common security requirements for radio equipment - Part 3: Internet connected radio equipment processing virtual money or monetary value

Buy Standard

EN 18031-3:2024 - BARVEEN 18031-3:2024 - BARVE
PreviousNext
Standard
EN 18031-3:2024 - BARVE
English language
185 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


SLOVENSKI STANDARD
01-oktober-2024
Skupne varnostne zahteve za radijsko opremo - 3. del: Z internetom povezana
radijska oprema, ki obdeluje virtualni denar ali denarno vrednost
Common security requirements for radio equipment - Part 3: Internet connected radio
equipment processing virtual money or monetary value
Gemeinsame Sicherheitsanforderungen für mit dem Internet verbundene Funkanlagen,
die für die Datenverarbeitung im Zusammenhang mit virtuellen Währungen oder
monetären Werten eingesetzt werden
Exigences de sécurité communes applicables aux équipements radioélectriques
connectés à linternet qui traitent une monnaie virtuelle ou de la valeur monétaire
Ta slovenski standard je istoveten z: EN 18031-3:2024
ICS:
33.060.01 Radijske komunikacije na Radiocommunications in
splošno general
35.030 Informacijska varnost IT Security
35.240.40 Uporabniške rešitve IT v IT applications in banking
bančništvu
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EUROPEAN STANDARD EN 18031-3

NORME EUROPÉENNE
EUROPÄISCHE NORM
August 2024
ICS 33.060.20
English version
Common security requirements for radio equipment - Part
3: Internet connected radio equipment processing virtual
money or monetary value
Exigences de sécurité communes applicables aux Gemeinsame Sicherheitsanforderungen für mit dem
équipements radioélectriques - Partie 3 : Équipements Internet verbundene Funkanlagen, die für die
radioélectriques connectés à l'internet qui traitent une Datenverarbeitung im Zusammenhang mit virtuellen
monnaie virtuelle ou de la valeur monétaire Währungen oder monetären Werten eingesetzt
werden
This European Standard was approved by CEN on 1 August 2024.

CEN and CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for
giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical
references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to
any CEN and CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN and CENELEC member into its own language and notified to the CEN-CENELEC
Management Centre has the same status as the official versions.

CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium,
Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia,
Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and United Kingdom.

CEN-CENELEC Management Centre:
Rue de la Science 23, B-1040 Brussels
© 2024 CEN/CENELEC All rights of exploitation in any form and by any means
Ref. No. EN 18031-3:2024 E
reserved worldwide for CEN national Members and for
CENELEC Members.
Contents Page
European foreword . 5
Introduction . 6
1 Scope . 7
2 Normative references . 7
3 Terms and definitions . 7
4 Abbreviations . 12
5 Application of this document. 13
6 Requirements . 16
6.1 [ACM] Access control mechanism . 16
6.1.1 [ACM-1] Applicability of access control mechanisms . 16
6.1.2 [ACM-2] Appropriate access control mechanisms . 21
6.2 [AUM] Authentication mechanism . 25
6.2.1 [AUM-1] Applicability of authentication mechanisms . 25
6.2.2 [AUM-2] Appropriate authentication mechanisms . 36
6.2.3 [AUM-3] Authenticator validation . 42
6.2.4 [AUM-4] Changing authenticators. 46
6.2.5 [AUM-5] Password strength . 49
6.2.6 [AUM-6] Brute force protection . 57
6.3 [SUM] Secure update mechanism . 61
6.3.1 [SUM-1] Applicability of update mechanisms. 61
6.3.2 [SUM-2] Secure updates . 64
6.3.3 [SUM-3] Automated updates . 68
6.4 [SSM] Secure storage mechanism . 72
6.4.1 [SSM-1] Applicability of secure storage mechanisms . 72
6.4.2 [SSM-2] Appropriate integrity protection for secure storage mechanisms . 76
6.4.3 [SSM-3] Appropriate confidentiality protection for secure storage mechanisms . 81
6.5 [SCM] Secure communication mechanism . 86
6.5.1 [SCM-1] Applicability of secure communication mechanisms . 86
6.5.2 [SCM-2] Appropriate integrity and authenticity protection for secure communication
mechanisms . 91
6.5.3 [SCM-3] Appropriate confidentiality protection for secure communication
mechanisms . 97
6.5.4 [SCM-4] Appropriate replay protection for secure communication mechanisms . 102
6.6 [LGM] Logging Mechanism . 107
6.6.1 [LGM-1] Applicability of logging mechanisms . 107
6.6.2 [LGM-2] Persistent storage of log data . 110
6.6.3 [LGM-3] Minimum number of persistently stored events . 113
6.6.4 [LGM-4] Time-related information of persistently stored dog data. 116
6.7 [CCK] Confidential cryptographic keys . 119
6.7.1 [CCK-1] Appropriate CCKs . 119
6.7.2 [CCK-2] CCK generation mechanisms . 123
6.7.3 [CCK-3] Preventing static default values for preinstalled CCKs . 127
6.8 [GEC] General equipment capabilities . 131
6.8.1 [GEC-1] Up-to-date software and hardware with no publicly known exploitable
vulnerabilities . 131
6.8.2 [GEC-2] Limit exposure of services via related network interfaces . 135
6.8.3 [GEC-3] Configuration of optional services and the related exposed network
interfaces . 139
6.8.4 [GEC-4] Documentation of exposed network interfaces and exposed services via
network interfaces . 143
6.8.5 [GEC-5] No unnecessary external interfaces . 146
6.8.6 [GEC-6] Input validation . 148
6.8.7 [GEC-7] . 153
6.8.8 [GEC-8] Equipment Integrity . 153
6.9 [CRY] Cryptography . 157
6.9.1 [CRY-1] Best practice cryptography . 157
Annex A (informative) Rationale . 162
A.1 General . 162
A.2 Rationale . 162
A.2.1 Family of standards . 162
A.2.2 Security by design . 162
A.2.3 Threat modelling and security risk assessment . 163
A.2.4 Functional sufficiency assessment . 164
A.2.5 Implementation categories . 164
A.2.6 Assets . 165
A.2.7 Mechanisms . 167
A.2.8 Assessment criteria . 167
A.2.8.1 Decision trees . 167
A.2.8.2 Technical documentation . 168
A.2.8.3 Security testing . 169
A.2.9 Interfaces . 169
A.2.9.1 Example: Laptop with a built-in keyboard . 170
A.2.9.2 Example: Equipment with a USB-keyboard . 170
A.2.9.3 Example: User interface over a network . 171
A.2.9.4 Example: USB-printer. 171
A.2.9.5 Example: Network printer . 172
Annex B (informative)  Mapping with EN IEC 62443-4-2:2019 . 173
B.1 General . 173
B.2 Mapping . 173
Annex C (informative)  Mapping with ETSI EN 303 645 (Cyber Security for Consumer Internet
of Things: Baseline Requirements) . 176
C.1 General . 176
C.2 Mapping . 176
Annex D (informative) Mapping with Se
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

SIST
SIST EN IEC 61084-1:2024(Main)
Cable trunking systems and cable ducting systems for electrical installations - Part 1: General requirements (IEC 61084-1:2017)
EN IEC 61084-1:2024

This part 1 of the EN IEC 61084 series specifies general requirements and tests for cable trunking systems (CTS) and cable ducting systems (CDS) intended for the accommodation, and where necessary for the electrically protective separation, of insulated conductors, cables and possibly other electrical equipment in electrical and/or communication systems installations. The maximum voltage of these installations is 1 000 V AC and 1 500 V DC.

  • Standard
    47 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN IEC 61084-2-2:2024/A11:2024(Amendment)
Cable trunking systems and cable ducting systems for electrical installations - Part 2-2: Particular requirements - Part 2-2: Particular requirements - Cable trunking systems and cable ducting systems intended for mounting underfloor, flushfloor, or onfloor
EN IEC 61084-2-2:2024/A11:2024

Common modifications for the adoption as a European Standard of IEC 61084-2-2:2017 ed 2.0 (PR= 72101).

  • Amendment
    10 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN IEC 61084-2-1:2024(Main)
Cable trunking systems and cable ducting systems for electrical installations - Part 2-1: Particular requirements - Cable trunking systems and cable ducting systems intended for mounting on walls and ceilings (IEC 61084-2-1:2017)
EN IEC 61084-2-1:2024

This part 2-1 of the EN IEC 61084 series specifies particular requirements and tests for cable trunking systems (CTS) and cable ducting systems (CDS) intended for intended for mounting on walls and ceilings. They can be embedded, installed in a flush or semi-flush state, surface mounted or mounted away from the surface using fixing devices.

  • Standard
    27 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN IEC 61084-2-4:2024(Main)
Cable trunking systems and cable ducting systems for electrical installations - Part 2-4: Particular requirements - Service poles and service posts (IEC 61084-2-4:2017)
EN IEC 61084-2-4:2024

This part 2-4 of the EN IEC 61084 series specifies particular requirements and tests for service poles and service posts intended to be mounted in free space and in contact with mounting surface(s) only at one or two ends, where the word "mounted" means fixed or placed on the floor with a weighted base or linked to a mounting surface through a flexible component.

  • Standard
    32 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST-TS CEN/TS 18053-1:2024(Main)
Digital Chain of Custody for CBRNE Evidence - Part 1: Overview and Concepts
CEN/TS 18053-1:2024

This document provides guidance for technical and non-technical personnel within the organisation, including those responsible for compliance with statuary and regulatory requirements and industry standards. It provides an overview to the concepts related to the custody transfer lifecycle within the dCoC, framing how such personnel can identify and audit the custody ownership of CBRNE evidence; set policies and follow good practices for metadata governance, and conduct digital operations to ensure the integrity of the data at each custody transfer point. In addition to the metadata required to perform audits, the document also aims to provide:
- Unambiguous definitions of the concepts related to the digital log for each custody transfer (i.e., who owns the custody at each transfer point).
- Guidelines for a dCoC data governance process to ensure the integrity of the DCM and situational-awareness at each transfer point within the dCoC.
- Suggestions regarding metadata management policies and compliance with good practices for non-repudiation digital log, ensuring a standard data structure for data management and auditing
This document is the first part of a series of Technical Specifications on the provision of DCM services for the management of datarelated to the custody of CBRNE evidence. It will be complemented by other specific parts, which give more detailed guidelines for related services, such as the specification of BPMN processes for data governance within the dCoC.

  • Technical specification
    31 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 14404-5:2024(Main)
Personal protective equipment - Knee protectors for work in the kneeling position - Part 5: Requirements for knee mats (type 3)
EN 14404-5:2024

This part of the standard specifies the requirements for knee mats (type 3) for use by work in kneeling position.

  • Standard
    16 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO 16890-3:2024(Main)
Air filters for general ventilation - Part 3: Determination of the gravimetric efficiency and the air flow resistance versus the mass of test dust captured (ISO 16890-3:2024)
EN ISO 16890-3:2024

ISO 16890-3:2016 specifies the test equipment and the test methods used for measuring the gravimetric efficiency and resistance to air flow of air filter for general ventilation.
It is intended for use in conjunction with ISO 16890‑1, ISO 16890‑2 and ISO 16890‑4.
The test method described in this part of ISO 16890 is applicable for air flow rates between 0,25 m3/s (900 m3/h, 530 ft3/min) and 1,5 m3/s (5 400 m3/h, 3 178 ft3/min), referring to a test rig with a nominal face area of 610 mm × 610 mm (24 in × 24 in).
ISO 16890 (all parts) refers to particulate air filter elements for general ventilation having an ePM1 efficiency less than or equal to 99 % and an ePM10 efficiency greater than 20 % when tested as per the procedures defined within ISO 16890 (all parts).
Air filter elements outside of this aerosol fraction are evaluated by other applicable test methods. See ISO 29463 (all parts).
Filter elements used in portable room-air cleaners are excluded from the scope of this part of ISO 16890.
The performance results obtained in accordance with ISO 16890 (all parts) cannot by themselves be quantitatively applied to predict performance in service with regard to efficiency and lifetime.

  • Standard
    31 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 3155-002:2024(Main)
Aerospace series - Electrical contacts used in elements of connection - Part 002: List and utilization of contacts
EN 3155-002:2024

This document provides a list of removable crimped contacts as specified in the product standards, with wrapped or soldered connections, etc. for use in connectors or other electrical elements of connection. It shows the elements of connection in which they are used.

  • Standard
    10 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 50463-3:2018/A1:2024(Amendment)
Railway applications - Energy measurement on board trains - Part 3: Data handling
EN 50463-3:2017/A1:2024

This New Work Item Proposal has the scope to provide an amendment of the European standard EN 50463-3 in order to update the annex ZZ

  • Amendment
    6 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 4888:2024(Main)
Aerospace Series - Commercial aircraft passenger seats - Reliability testing
EN 4888:2024
  • Standard
    54 pages
    English language
    sale 10% off
    e-Library read for
    1 day