EU RED DA Consulting

Internet-ready products with a radio interface entering the European Union (EU) market, must comply with the EU Radio Equipment Directive Delegated Act (RED DA) cybersecurity requirements. The Delegated Act establishes requirements for such products, in order to protect network, security, privacy and financial assets that are processed by the equipment.

Our services

intWave performs all necessary cybersecurity risk assessments, gap analysis and security testing to cover RED DA cybersecurity requirements. Through our expert guidance, product teams can deploy the required security controls faster, with implementations based on state-of-the art solutions. Moreover, intWave prepares the required Technical Documentation regarding cybersecurity aspects of the product, to support a self-assessment (or other type of assessment) for CE marking purposes.

Deliverables

  • Briefing on RED DA cybersecurity requirements
  • Product Threat Model and Risk Assessment
  • Establishment of a Product SBOM, CBOM and HBOM
  • Device Security Testing report
  • EN-18031-1 / EN-18031-2 / EN-18031-3 Technical Documentation

Other related services

  • Technology Fitness Reviews to help replace non-conformant components.
  • Secure Product Design to help implement new secure-by-design mechanisms.
  • Security R&D to obtain prototypes of non-trivial security features in hardware or software.

Benefits

  • Preparation for CE Certification per RED DA cybersecurity requirements.
  • Protection of Security, Network, Privacy and Financial assets with EN 18031 compatible controls.
  • Establishment of a process to document product components (software, hardware, cryptography) and to trace related vulnerabilities.
  • Documentation of cybersecurity threats affecting the product design.
  • Gap analysis based on Risk Assessment and RED DA requirements.
  • In-depth examination of product implementation for vulnerabilities (in hardware, software and communications).
  • Expert guidance on issue remediation and component replacement.
  • Validation of implemented controls per appropriateness, functional completeness and functional sufficiency through security testing.
  • Drafting of required Technical Documentation by cybersecurity experts.
  • Expert guidance on complex implementations such as secure storage, secure firmware update and secure boot mechanisms.
  • Efficient project management with bi-weekly updates and integration with client task management tools.
Schedule a meeting