Welcome to visit

EU RED Cybersecurity Standard FprEN 18031

Product Description

Product Description
EU RED Cybersecurity Standard FprEN 18031
Standard Establishment Background
On January 12, 2022, the EU Official Journal published Delegated Regulation 2022/30/EU, requiring the implementation of compliance requirements of Article 3.3(d), (e) and (f) of the RED. The regulation requires cybersecurity, personal data privacy and fraud protection for applicable wireless devices on the EU market, aiming to ensure that such devices have a higher level of cybersecurity and enhance consumer confidence in them. The bill will take effect on February 1, 2022 and will be enforced on August 1, 2025, providing a 42-month transition period for device manufacturers.
Against this background, the EU published the draft standard prEN 18031 Final Draft – FprEN 18031 applicable to the RED cybersecurity requirements in May 2024.
Covered products
Delegated Regulation 2022/30/EU covers devices that can communicate over the internet directly or through other devices (indirectly) and radio equipment that may expose sensitive personal data. For example:
Mobile phones, tablets and laptops;
Wireless toys and child safety devices such as baby monitors;
Wearable devices such as smart watches and fitness trackers.
The product scope corresponding to the specific regulatory provisions is as follows:
Article 3.3 (d): Equipment related to network protection
Article 3.3 (e): Equipment that processes personal data, traffic data or location data
Article 3.3 (f): Radio equipment that enables the holder or user to transfer money, monetary value or virtual currency as defined in EU Directive 2019/713 Article 2 (d)
The main differences between FprEN 18031 and ETSI EN 303 645:
FprEN 18031 has many similarities with ETSI EN 303 645 requirements, but it puts forward higher requirements for the equipment under test, and provides "not applicable" conditions in many requirements, which increases the flexibility and scope of application of the standard for products to pass conformity assessment. In general, if the product complies with ETSI EN 303 645, it will be very beneficial for enterprises and their products to pass the FprEN 18031 standard assessment.
Currently, the most common question companies have about FprEN 18031 is the requirements for encryption keys (CCK-1, CCK-2, CCK-3). In this regard, Intertek network security experts have given the following answers.
In addition to the special identification and certification required for access control mechanisms, authentication mechanisms, security update mechanisms, secure storage mechanisms, and secure transmission mechanisms, FprEN 18031 requires that the minimum security length of keys pre-installed or generated on the device is 112 bits.
Q: What are Confidential Cryptographic Keys?
A: Since asymmetric encryption consumes more resources, in order to improve the speed and efficiency of encryption while ensuring data security, most products will calculate and agree on symmetric encryption keys after completing the handshake using an asymmetric encryption algorithm. The key will be used as the "password book" for this established connection session.
Q: How to judge the security strength of an encryption key?
A: The security strength of encryption keys is mainly affected by three main parameters:
The entropy used when generating the Random Number Generator (RNG) (the concept here is information entropy); AND
The effective length (see BSI TR-02102-1 for details); AND
The encryption algorithm used.
Q: As a manufacturer, how should I choose a secure encryption algorithm to generate sufficiently secure keys?
A: The security strength of the key depends largely on the random number source (the main source of entropy), the random number generator, and the key generation/derivation algorithm. Incorrect selection of random sources, random number generators, and key derivation algorithms can lead to related risks, such as: the key is guessed / the key is easy to be cracked by brute force / the key can be reconstructed based on accessible information. Therefore, it is strongly recommended that manufacturers follow recognized standards.
Recognized best practices for random number generators: NIST SP800-90A, NIST SP800-90B, NIST SP800-90C, BSI AIS20, BSI AIS31, ISO/IEC 18031;
Recognized best practices for key derivation: SOG-IS Crypto Evaluation Scheme Agreed Cryptographic Mechanisms, ISO/IEC 11770, NIST SP 800-108r1, NIST SP 800-132.
Tips: It is recommended to use the cipher suites recommended in SOG-IS directly to ensure product security and standard compliance.
>> Fluke F8846A 6-bit semi-table digital multimeter with high precision
>> Cow Dung Solid-Liquid Separator Dewatering Machine
>> Dafon High Quality Multi Blade Bridge Block Cutter for Stone/Granite/Marble
>> 7m3 Feeding Mixing Machine Cow Camel Animal Cattle Feed Mixer for Dairy Farm Equipment Grinder Tractor Traction Pto Driven Farming Horizontal Vertical Fixed
>> Outdoor Folding Table Camping Aluminium Alloy Picnic Waterproof Ultra-light Durable Desk For
>> Young Color Wash Vest Special Style From 2022 Unique Supply.
>> Yemen Plasterboard Plant 2million Square Meter Per Year
>> Professional Electronic Control Unit PCB Assembly
>> Module spare parts DSSR122 48990001-NK
>> Medical 1470nm 980nm Diode Laser Lipolysis Fat Removal Laser Ablation Therapy Endolift Laser Machine
>> China custom car wash paint brass aluminum water spray gun
>> Amazon Hotselling Home Fitness Foldable Height Adjustable Inversion Therapy Table
>> Wood Grinder Crusher Powder Making Machine Sawdust Hammer Mill
>> Large fruit basket PET drinking bottle crusher factory price plastic crusher
>> 2.74m Inflatable Single Rowing Boat with Paddles
>> High Efficiency Full Cover Automatic CNC Circular Saw Blade Sharpening Machine
>> DS200CVMAG3AEB
>> Auto Parts Car Power Window Lifter Switch For Alphard 2002 - 2008
>> 2024 Profession New Product WiFi Signal Booster for Sale
>> 2022 model Hoodie Sweatshirt Cotton Customized Printing Hoodies Men's Hoodies & Sweatshirts