The RFD90 sled is subject to this standard. It contains Wi-Fi and Bluetooth radios, and it is designed to be internet-connected, placing it directly in the scope of the RED cybersecurity regulation. Compliance is a mandatory requirement for market access.
Security is Based on "Environmental Controls"
The key to the RFD40/90's compliance strategy is that it is an enterprise device, not a standalone consumer product. Its security model relies heavily on its intended operational environment. The standard is designed to accommodate this through its "except for" clauses.
How Compliance is Justified
Access Control (ACM) & Authentication (AUM)
To view/modify any sensitive security parameters listed below, the user needs to enter a valid authorization password.
Endpoint configuration
Active endpoint configuration
Endpoint names
configuration
Certificate configuration
NTP server details
Sled time
Bluetooth Security level
Secure Communication (SCM)
This is applicable because Wi-Fi & Bluetooth are wireless. The sled
PASSES
by implementing strong, authenticated encryption protocols such as
WPA2
,
WPA3
, and
Bluetooth 5.1
standards.
Best Practice Cryptography (CRY)
This is applicable. The sled
PASSES
by demonstrating that its WPA3 modes are the "best practice", while its older WPA2 modes are included as a "justified deviation for interoperability" to support legacy enterprise networks.
The standard provides the mandatory rulebook, and Zebra justifies the RFD40/90's compliance by demonstrating how it meets those rules. Either directly on the device or through the mandatory security of the host computer and the operating environment.
