The European Security Association has published a March 2022 newsletter. Here is a summary of the newsletter.
A new high security lock standard has received mass approval by the CEN.
Drafted new high-security lock standard has received approval from fifteen countries in the EU. CEN members (the European Committee for Standardization) have been casting their votes for the new Standard for High Security Locks prEN 1300:2021 over the last three months, from 16 December 2021 to 19 March 2022. The collected votes decided an overwhelming decision to approve. Austria, Bulgaria, Czech Republic, Finland, France, Germany, Greece, Italy, Lithuania, Netherlands, Poland, Slovenia, Spain, Sweden and the United Kingdom agree with the drafted standard; no countries voted against it. However, it is essential to note that the drafted standard will likely differ comparably from the final published standard. Specifically in its current legislation regarding lock manipulation. The United Kingdom disagrees with the current manipulation guidelines detailed in the drafted standard, believing it is too weak. Rather the U.K suggests a manipulation attack always be performed, regardless of the fulfilled checklist requirements. Yet to come are more decisions regarding the finalised version of the standard as The Working Group 3 discusses comments from voters over the next six months.
The ISO/TC 332 scope is currently being discussed and reviewed by ISO/TMB.
The International Organisations for Standardisation (ISO) has put forward their Technical Management Board to vote on the ISO/TC 332 – Security equipment for financial institutions and commercial organisations. From 15 March 2022 to 12 April 2022, the board will be discussing the new versus old scope. The new scope covers the physical security products used in banks, financial institutions, commercial organisations by jewellers, e.g.: Burglary-resistant products, fire-resistant productions, high security locks and test methoding.
The scope does not does not cover material specifications (a substance or a mixture of substances), physical protection of persons, products for small/home office and domestic use, and accessories with functions not concerning the physical security of the product.
Distributed system standard FprEN 17646:2022 has been inaugurated for a Formal Vote by CEN.
From 31 March 2022, the standard is open to voting from the national mirror committees. The voting closes on 26 May 2022. Members can not technically comment on the standard in the Formal Vote and only vote yes or no. The changes made in FprEN 17646:2022 are as follows;
More clarification of the requirements around “authentication of components” (clause 6.4.2) and “authentication of users” (clause 18.104.22.168). Stricter requirements on the storing of events. Older events must be summarised in one single entry after surpassing 500 events of the same type (clause 6.2.9). Physical manipulations shall activate mechanisms that erase or render useless plaintext cryptographic keys (clause 6.2.11). New requirements for manually pre-set passwords and codes (clause 22.214.171.124).
EU sanctions come into effect on the exporting of security items.
The EU may no longer export several products to Russia. Products such as burglar alarms and fire alarms may not be sold to Russia if they exceed the value of €750 (NZD $1184). A range of steel products is also banned from entering Russia from EU distributors. Steel products include; Non-Alloy and Other Alloy Cold Rolled Sheets, Stainless Hot Rolled Sheets and Strips, Rebars, Stainless Bars and Light Sections and Angles, Shapes and Sections of Iron or Non-Alloy Steel.
The CEN to enquire into the secure destruction of confidential material code of practice.
The prEN 15713:2022 draft standard is open for voting from CEN until 16 June 2022. The drafted document was written by CEN/TC 263 Working group 5 and covered much more content than the topic’s 2009 version and provided more clarity. The former standard, EN 15713:2009, only discussed eight material categories (A-H). The new standard provides insight on three “protection levels” – routine confidential, official sensitive and highly confidential. It also covers an additional seven material categories; P (paper documents), F (microfilm etc.), O (optical data carriers), T (magnetic data carriers), H (hard drives with magnetic data carriers), E (electronic data carriers) M (product destruction), and seven security levels (1 to 7). For example, paper documents having a maximum particle size of less than 10mm² after destruction would be classified as P-6.