1. RFD4031 UHF RFID Premium/Premium+ Sled Product Reference Guide
  2. Compliance and Implications of EU RED for the RFD4031
  3. About BS EN 18031-1 & The EU Radio Equipment Directive (RED)
  4. Applicability of BS EN 18031-1 for the RFD4031 Sled
  • RFD4031 UHF RFID Premium/Premium+ Product Reference Guide
Applicability of BS EN 18031-1 for the RFD4031 Sled

Applicability of BS EN 18031-1 for the RFD4031 Sled

The RFD4031 sled is subject to this standard. It contains Wi-Fi and Bluetooth radios, and it is designed to be internet-connected, placing it directly in the scope of the RED cybersecurity regulation. Compliance is a mandatory requirement for market access.
Security is Based on "Environmental Controls"
The key to the RFD40/90's compliance strategy is that it is an enterprise device, not a standalone consumer product. Its security model relies heavily on its intended operational environment. The standard is designed to accommodate this through its "except for" clauses.
How Compliance is Justified
  • Access Control (ACM) & Authentication (AUM)
    To view/modify any sensitive security parameters listed below, the user needs to enter a valid authorization password.
    • Endpoint configuration
    • Active endpoint configuration
    • Endpoint names
    • configuration
    • Certificate configuration
    • NTP server details
    • Sled time
    • Bluetooth Security level
  • Secure Communication (SCM)
    This is applicable because Wi-Fi & Bluetooth are wireless. The sled
    PASSES
     by implementing strong, authenticated encryption protocols such as
    WPA2
    ,
    WPA3
    , and
    Bluetooth 5.1
     standards.
  • Best Practice Cryptography (CRY)
    This is applicable. The sled
    PASSES
     by demonstrating that its WPA3 modes are the "best practice", while its older WPA2 modes are included as a "justified deviation for interoperability" to support legacy enterprise networks.
The standard provides the mandatory rulebook, and Zebra justifies the RFD40/90's compliance by demonstrating how it meets those rules. Either directly on the device or through the mandatory security of the host computer and the operating environment.