EN 18031-2 2024原版完整文件.docx

EN 18031-2:2024 (E)EUROPEAN STANDARDEN 18031-211August 2024NORME EUROPEENNE EURoPAISCHE NORMICS 33.060.20English versionCommon security requirements for radio equipment - Part2: radio equipment processing data, namely Internetconnected radio equipment, childcare radio equipment,toys radio equipment and wearable radio equipmentExigences de securite communes applicables auxequipements Fadioelectriques - Partie 2 : Equipementsradioelectriques qui traitent des donnees, a savoir lesequipements Fadioelectriques connectes a interneles equipements radioelectriques destines a la garded,enfants, les jouets dotes d,equipementsradioelectriques et les equipements radioelectriquesportablesGemeinsame Sicherheitsanforderungen furdatenverarbeitende Funkanlagen, namentlich mit demInternet verbundene Funkanlagen, in derKinderbetreuung eingesetzte FunkanIagen, inSpieIzeug eingesetzte Funkanlagen sowie an einem Teildes menschlichen Korpers oder an Kleidungsstuckengetragene FunkanlagenThis European Standard was approved by CEN on 1 August 2024.CEN and CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN and CENELEC member.This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CEN and CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the same status as the official versions.CEN and CENELEC members are the national standards bodies and national electrotechnical committees OfAUStria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Tiirkiye and United Kingdom.ContentsPageEuropean foreword5Introduction61 Scope72 Normative references73 Terms and definitions74 Abbreviations125 Application of this document136 Requirements166.1 ACM Access control mechanism166.1.1 ACM-1 Applicability of access control mechanisms166.1.2 ACM-2 Appropriate access control mechanisms216.1.3 ACM-3 Default access control for children in toys266.1.4 ACM-4 Default access control to children,s privacy assets fortoysand childcareequipment306.1.5 ACM-5 Parental/Guardian access controls for children in toys366.1.6 ACM-6 Parental/Guardian access controls for other entities* accessto managedchildren,s privacy assets in toys406.2 AUM Authentication mechanism456.2.1 AUM-1 Applicability of authentication mechanisms456.2.2 AUM-2 Appropriate authentication mechanisms556.2.3 AUM-3 Authenticator validation616.2.4 AUM-4 Changing authenticators656.2.5 AUM-5 Password strength686.2.6 AUM-6 Brute force protection766.3 SUM Secure update mechanism806.3.1 SUM-1 Applicability of update mechanisms806.3.2 SUM-2 Secure updates836.3.3 SUM-3 Automated updates886.4 SSM Secure storage mechanism916.4.1 SSM-1 Applicability of secure storage mechanisms916.4.2 SSM-2 Appropriate integrity protection for secure storage mechanisms966.4.3 SSM-3 Appropriate confidentiality protection for secure storagemechanisms. 1016.5 SCM Secure communication mechanism1066.5.1 SCM-1 Applicability of secure communication mechanisms1066.5.2 SCM-2 Appropriate integrity and authenticity protection for secure communicationmechanisms1126.5.3 SCM-3 Appropriate confidentiality protection for securecommunicationmechanisms1186.5.4 SCM-4 Appropriate replay protection for secure communicationmechanisms. 1236.6 LGM Logging mechanism1286.6.1 LGM-1 Applicability of logging mechanisms1286.6.2 LGM-2 Persistent storage of log data1316.6.3 LGM-3 Minimum number of persistently stored events1346.6.4 LGM-4 Time-related information of persistently stored log data1376.7 DLM Deletion mechanism1406.7.1 DLM-1 Applicability of deletion mechanisms1406.8 UNM User notification mechanism1446.8.1 UNM-1 Applicability of user notification mechanisms1446.8.2 UNM-2 Appropriate user notification content1486.9 CCK Confidential cryptographic keys1506.9.1 CCK-1 Appropriate CCKs1506.9.2 CCK-2 CCK generation mechanisms1546.9.3 CCK-3 Preventing static default values for preinstalled CCKs1596.10 GEC General equipment capabilities1636.10.1 GEC-1 Up-to-date software and hardware with no publicly known exploitable vulnerabilities1636.10.2 GEC-2 Limit exposure of services via related network interfaces1686.10.3 GEC-3 Configuration of optional services and the related exposed network interfaces1726.10.4 GEC-4 Documentation of exposed network interfaces and exposed services via network interfaces1756.10.5 GEC-5 No unnecessary external interfaces1786.10.6 GEC-6 Input validation1816.10.7 GEC-7 Documentation of external sensing capabilities1866.11 CRY Cryptography1886.11.1 CRY-1 Best practice cryptography188Annex A (informative) Rationale194A.1 General194A.2 Rationale194A.2.1 Family of standards194A.2.2 Security by design194A.2.3 Threat modelling and security risk assessment195A.2.4 Functional sufficiency assessment196A.2.5 Implementation categories196A.2.6 Assets197A.2.7 Mechanisms199A.2.8 Assessment criteria199A.2.9 Interfaces202Annex B (informative) Mapping with EN IEC 62443-4-2: 20192058.1 General2058.2 Mapping205Annex C (informative) Mapping with ETSIEN 303 645 (Cyber Security for Consumer Internet ofThings: Baseline Requirements)208C.l General208C.2 Mapping208Annex D (informative) Mapping with Security Evaluation Standard for IoT Platforms (SESIP) 214D.l General214D.2 Mapping214Annex ZA (informative) Relationship between this European Standard and the Delegated Regulation (EU) 2022/30 supplementing Directive 2014/53/EU of the European Parliament and of the Council with regard to the application of the essential requirements referred to in Article 3(3), points (d) (e) and (f), of that Directive aimed to be covered217218BibliographyEuropean forewordThis document (EN 18031-2:2024 has been prepared by Technical Committee CEN/CENELEC JTC 13 nCybersecurity and Data Protection", the secretariat of which is held by DIN.This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by February 2025, and conflicting national standards shall be withdrawn at the latest by February 2025.Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN shall not be held responsible for identifying any or all such patent rights.This document has been prepared under a standardization request addressed to CEN-CENELEC by the European Commission. The Standing Committee of the EFTA States subsequently approves these requests for its Member States.For the relationship with EU Legislation, see informative Annex ZA, which is an integral part of this document.Any feedback and questions on this document should be directed to the users, national standards body. A complete listing of these bodies can be found on the CEN website.According to the CEN-CENELEC Internal Regulations, the national standards organisations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Tiirkiye and the United Kingdom.IntroductionVigilance is required from manufacturers to improve the overall resilience against cybersecurity threats caused by the increased connectivity of radio equipment 36 and the growing ability ofmalicious threat actors to cause harm to users, organizations, and society.The security requirements presented in this baseline standard are developed to improve the ability of radio equipment to protect its security and privacy assets against common cybersecurity threats and to mitigate publicly known exploitable vulnerabilities.It is important to note that to achieve the overall cybersecurity of radio equipment, defence in depth best practices will be needed by both the manufacturer and user. In particular, no single measure will suffice to achieve the given objectives, indeed achieving even a single security objective will usually require a suite of mechanisms and measures. Throughout this document, the guidance material includes lists of examples. These examples given are only indicative possibilities, as there are other possibilities that are not listed, and even using the examples given will not be sufficient unless the mechanisms and measures chosen are implemented in a coordinated fashion.1 ScopeThis document specifies common security requirements and related assessment criteria for radio equipment 36 processing personal data 40 or traffic data 41 or location data 41 for either internet connected radio equipment 37, radio equipment designed or intended exclusively for childcare 37; toys 39 and wearable radio equipment 37 (hereinafter referred to as "equipment").2 Normative referencesThere are no normative references in this document.3 Terms and definitionsFor the purposes of this document, the following terms and definitions apply.ISO and IEC maintain terminology databases for use in standardization at the following addresses: ISO Online browsing platform: available at https:/www.iso.org/obp/ IEC Electropedia: available at https:/www.electropedia.org/3.1access control mechanismequipment functionality to grant, restrict or deny access to specific equipments resourcesNote 1 to entry: Access to specific equipments resources can amongst others be: reading specific data; or writing specific data to equipments persistent storage; or performing a specific equipment functionality such as recording audio.3.2authenticationprovision of assurance that an entity is who or what it claims to beNote 1 to entry: An entity can amongst others claim to be: a specific human, owner of a user account, device, or service; or a member of specific groups such as an authorized group to access a specific equipments resource; or authorized by another entity to access a specific equipments resource.3.3authentication mechanismequipment functionality to verify that an entity is who or what it claims to beNote 1 to entry: Typically, the verification is based on examining evidence from one or more elements of the categories:knowledge; andpossession; andinherence.3.4authenticatorsomething known or possessed, and controlled by an entity that is used for authenticationNote 1 to entry: Typically, it is a physical device or a password.EXAMPLE A password or token can be used as an authenticator.3.5assessment objectivestatement, provided as part of the assessment input, which defines the reasons for performing the assessmentSOURCE: ISO/IEC 33001:2015, 3.2.6 293.6best practicemeasures that have been shown to provide appropriate security for the corresponding use case3.7brute force attackattack on a cryptosystem that employs a trial-and-error search of a set of keys, passwords or other data3.8communication mechanismequipment functionality that allows communication via a machine interface3.9confidential cryptographic keyconfidential security parameter, excluding passwords, which is used in the operation of a cryptographic algorithm or cryptographic protocol3.10confidential personal informationpersonal information whose disclosure can compromise the user,s or subscriber's privacy3.11confidential privacy function configurationprivacy function configuration whose disclosure can compromise the user,s or subscriber's privacy3.12confidential security parametersecurity parameter whose disclosure can compromise the user,s or subscriber's privacy3.13denial of serviceprevention or interruption of authorized access to an equipment resource or the delaying of the equipment operations and functionsSOURCE :IEC 62443-1-1:2019, 3.2.42 30 modified3.14deviceproduct external to the equipment3.15entityuser, device, equipment or service3.16entropymeasure of the disorder, randomness or variability in a closed system3.17external interfaceinterface of an equipment that is accessible from outside the equipmentNote 1 to entry: Machine, network, and user interfaces are specific types of external interfaces.3.18factory default statedefined state where the configuration settings and configuration of the equipment is set to initial valuesNote 1 to entry: A factory default state can include security updates, installed after the equipment being placed on the market.3.19hard-codedsoftware development practice of embedding data directly into the source code of a program or other executable object3.20initializationprocess that configures the network connectivity of the equipment for operationNote 1 to entry: Initialization may provide the possibility to configure authentication features for a user or for network access.3.21interfaceshared boundary across which entities exchange information3.22justificationdocumented information providing evidence that a claim is true under the assumption of common expertiseNote 1 to entry: Such evidence can be supported for example by: a description of the intended equipment functionality, a descriptions of equipments operational environment of use, a description of equipments technical properties such as security measures an analysis of relevant risks related to the operation of the equipment within its reasonably foreseeable use and intended equipment functionality.3.23log datarecord(s of certain events (of processes on a computing equipment3.24logging mechanismequipment functionality to log internal activities3.25machine interfaceexternal interface between the equipment and a service or device3.26network interfaceexternal interface enabling the equipment to have or provide access to a networkNote 1 to entry: Examples for net