EN 18031-1 2024原版完整文件.docx

EN 18031-1:2024 (E)EUROPEAN STANDARDEN 18031-111August 2024NORME EUROPEENNE EUROPAlSCHE NoRMICS 35.030English versionCommon security requirements for radio equipment -Part 1: Internet connected radio equipmentExigences de securite communes applicables auxGemeinsame Sicherheitsanforderungen fiirequipements radioelectriques - Partie 1: EquipementsFunkanlagen - Teil 1: Funkanlagen mitradioelectriques connectes a FinternetInternetanschlussThis European Standard was approved by CEN on 1 August 2024.CEN and CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN and CENELEC member.This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CEN and CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the same status as the official versions.CEN and CENELEC members are the national standards bodies and national electrotechnical committees OfAustrial Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Tiirkiye and United Kingdom.CEN-CENELEC Management Centre:Rue de la Science 23, B-1040 BrusselsRef. No. EN 18031-1:2024 E© 2024 CEN/CENELEC All rights of exploitation in any form and by any means reserved worldwide for CEN national Members and for CENELEC Members.ContentsPageEuropean foreword4Introduction51 Scope62 Normative references63 Terms and definitions64 Abbreviations115 Application of this document126 Requirements156.1 ACM Access control mechanism156.1.1 ACM-1 Applicability of access control mechanisms156.1.2 ACM-2 Appropriate access control mechanisms206.2 AUM Authentication mechanism256.2.1 AUM-1 Applicability of authentication mechanisms256.2.2 AUM-2 Appropriate authentication mechanisms346.2.3 AUM-3 Authenticator validation376.2.4 AUM-4 Changing authenticators416.2.5 AUM-5 Password strength446.2.6 AUM-6 Brute force protection526.3 SUM Secure update mechanism566.3.1 SUM-1 Applicability of update mechanisms566.3.2 SUM-2 Secure updates596.3.3 SUM-3 Automated updates646.4 SSM Secure storage mechanism686.4.1 SSM-1 Applicability of secure storage mechanisms686.4.2 SSM-2 Appropriate integrity protection for secure storage mechanisms726.4.3 SSM-3 Appropriate confidentiality protection for secure storage mechanisms776.5 SCM Secure communication mechanism826.5.1 SCM-1 Applicability of secure communication mechanisms826.5.2 SCM-2 Appropriate integrity and authenticity protection for secure communicationmechanisms886.5.3 SCM-3 Appropriate confidentiality protection for secure communicationmechanisms946.5.4 SCM-4 Appropriate replay protection for secure communication mechanisms996.6 RLM Resilience mechanism1056.6.1 RLM-1 Applicability and appropriateness of resilience mechanisms1056.7 NMM Network monitoring mechanism1096.7.1 NMM-1 Applicability and appropriateness of network monitoring mechanisms. 1096.8 TCM Traffic control mechanism1136.8.1 TCM-1 Applicability of and appropriate traffic control mechanisms1136.9 CCK Confidential cryptographic keys1176.9.1 CCK-1 Appropriate CCKs1176.9.2 CCK-2 CCK generation mechanisms1216.9.3 CCK-3 Preventing static default values for preinstalled CCKs1256.10 GEC General equipment capabilities1296.10.1 GEC-1 Up-to-date software and hardware with nopublicly knownexploitablevulnerabilities1296.10.2 GEC-2 Limit exposure of services via related network interfaces1346.10.3 GEC-3 Configuration of optional services and therelatedexposednetworkinterfaces1386.10.4 GEC-4 Documentation of exposed network interfaces and exposedservices vianetwork interfaces1416.10.5 GEC-5 No unnecessary external interfaces1446.10.6 GEC-6 Input validation1476.11 CRY Cryptography1526.11.1 CRY-1 Best practice cryptography152Annex A (informative) Rationale157A.1 General157A.2 Rationale157A.2.1 Family of standards157A.2.2 Security by design157A.2.3 Threat modelling and security risk assessment158A.2.4 Functional sufficiency assessment159A.2.5 Implementation categories159A.2.6 Assets160A.2.7 Mechanisms161A.2.8 Assessment criteria162A.2.9 Interfaces165Annex B (informative) Mapping with ENIEC 62443-4-2: 2 0191688.1 General1688.2 Mapping168Annex C (informative) Mapping with ETSIEN 303 645 (Cyber Security forConsumer InternetOfThings: Baseline Requirements)171C.l General171C.2 Mapping171Annex D (informative) Mapping with Security Evaluation Standard for IoTPlatforms (SESIP)175D.l General175D.2 Mapping175Annex ZA (informative) Relationship between this EuropeanStandardand the DelegatedRegulation (EU) 2022/30 supplementing Directive 2014/53/EUof the EuropeanParliament and of the Council with regard to the application of the essential requirements referred to in Article 3(3), points (d) (e) and (f), of that Directive aimed to be covered178Bibliography179European forewordThis document (EN 18031-1:2024 has been prepared by Technical Committee CEN/CENELEC JTC 13 "Cybersecurity and Data Protectionn, the secretariat of which is held by DIN.This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by February 2025, and conflicting national standards shall be withdrawn at the latest by February 2025.Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN shall not be held responsible for identifying any or all such patent rights.This document has been prepared under a standardization request addressed to CEN-CENELEC by the European Commission. The Standing Committee of the EFTA States subsequently approves these requests for its Member States.For the relationship with EU Legislation, see informative Annex ZA, which is an integral part of this document.Any feedback and questions on this document should be directed to the users, national standards body. A complete listing of these bodies can be found on the CEN website.According to the CEN-CENELEC Internal Regulations, the national standards organisations of the following countries are bound to implement this European Standard： Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Tiirkiye and the United Kingdom.IntroductionVigilance is required from manufacturers to improve the overall resilience against cybersecurity threats caused by the increased connectivity of radio equipment 33 and the growing ability ofmalicious threat actors to cause harm to users, organizations, and society.The security requirements presented in this baseline standard are developed to improve the ability of radio equipment to protect its security assets and network assets against common cybersecurity threats and to mitigate publicly known exploitable vulnerabilities.It is important to note that to achieve the overall cybersecurity of radio equipment, defence in depth best practices will be needed by both the manufacturer and user. In particular, no single measure will suffice to achieve the given objectives, indeed achieving even a single security objective will usually require a suite of mechanisms and measures. Throughout this document, the guidance material includes lists of examples. These examples given are only indicative possibilities, as there are other possibilities that are not listed, and even using the examples given will not be sufficient unless the mechanisms and measures chosen are implemented in a coordinated fashion.1 ScopeThis document specifies common security requirements and related assessment criteria for internet- connected radio equipment 34 (hereinafter referred to as "equipment").2 Normative referencesThere are no normative references in this document.3 Terms and definitionsFor the purposes of this document, the following terms and definitions apply.ISO and IEC maintain terminology databases for use in standardization at the following addresses: ISO Online browsing platform: available at https:/www.iso.org/obp/ IEC Electropedia: available at https:/www.electropedia.org/3.1access control mechanismequipment functionality to grant, restrict or deny access to specific equipments resourcesNote 1 to entry: Access to specific equipments resources can amongst others be: reading specific data; or writing specific data to equipments persistent storage; or performing a specific equipment functionality such as recording audio.3.2authenticationprovision of assurance that an entity is who or what it claims to beNote 1 to entry: An entity can amongst others claim to be: a specific human, owner of a user account, device, or service; or a member of specific groups such as an authorized group to access a specific equipments resource; or authorized by another entity to access a specific equipments resource.3.3authentication mechanismequipment functionality to verify that an entity is who or what it claims to beNote 1 to entry: Typically, the verification is based on examining evidence from one or more elements of the categories:knowledge; andpossession; andinherence.3.4authenticatorsomething known or possessed, and controlled by an entity that is used for authenticationNote 1 to entry: Typically, it is a physical device or a password.EXAMPLE A password or token can be used as an authenticator.3.5assessment objectivestatement, provided as part of the assessment input, which defines the reasons for performing the assessmentSOURCE: ISO/IEC 33001:2015, 3.2.6 273.6best practicemeasures that have been shown to provide appropriate security for the corresponding use case3.7brute force attackattack on a cryptosystem that employs a trial-and-error search of a set of keys, passwords or other data3.8communication mechanismequipment functionality that allows communication via a machine interface3.9confidential cryptographic keyconfidential security parameter, excluding passwords, which is used in the operation of a cryptographic algorithm or cryptographic protocol3.10confidential network function configurationnetwork function configuration whose disclosure can harm the network or its functioning or can lead to misuse of network resources3.11confidential security parametersecurity parameter whose disclosure can harm the network or its functioning or can lead to misuse of network resources3.12denial of serviceprevention or interruption of authorized access to an equipment resource or the delaying of the equipment operations and functionsSOURCE :IEC 62443-1-1:2019, 3.2.42 28 modified3.13deviceproduct external to the equipment3.14entityuser, device, equipment or service3.15entropymeasure of the disorder, randomness or variability in a closed system3.16external interfaceinterface of an equipment that is accessible from outside the equipment.Note 1 to entry: Machine, network, and user interfaces are specific types Ofexternal interfaces.3.17factory default statedefined state where the configuration settings and configuration of the equipment is set to initial valuesNote 1 to entry: A factory default state can include security updates, installed after the equipment being placed on the market.3.18hard-codedsoftware development practice of embedding data directly into the source code of a program or other executable object3.19initializationprocess that configures the network connectivity of the equipment for operationNote 1 to entry: Initialization can provide the possibility to configure authentication features for a user or for network access.3.20interfaceshared boundary across which entities exchange information3.21justificationdocumented information providing evidence that a claim is true under the assumption of common expertiseNote 1 to entry: Such evidence can be supported for example by: a description of the intended equipment functionality; or a descriptions of equipments operational environment of use; or a description of equipments technical properties such as security measures; or an analysis of relevant risks related to the operation of the equipment within its reasonably foreseeable use and intended equipment functionality.3.22machine interfaceexternal interface between the equipment and a service or device3.23network assetsensitive network function configuration or confidential network function configuration or network functions3.24network equipmentequipment that exchanges data between different networks used to permanently connect directly other devices to the internet3.25network functionequipments functionality to provide or utilize network resources by itself3.26network function configurationdata processed by the equipment that defines the behaviour of the equipments network function3.27network interfaceexternal interface enabling the equipment to have or provide access to a networkNote 1 to entry: Examples for network interfaces are a LAN port (wired) or a wireless network interface enabling WLAN or short-range wireless communication, e.g., using a 2.4 GHz antenna.3.28operational statestate in which the equipment is functioning normally according to the intended equipment functionality 35 and within its intended operational environment of use3.29optional serviceservice which is not necessary to setup the equipment, and which is not part of the basic functionality but is still relevant for the intended equipment functionality 35 and is delivered as part of the factory default.EXAMPLE An SSH service on the equipment is not required for basic functionality of the equipment, but it can be used to allow a remote access to the equipment.3.30passwordsequence of characters (letters, numbers, or other symbols) used to authen