Skip to content
Contact us
  • There are no suggestions because the search field is empty.

AGD Connect and EN 18031 Compliance

Overview

EN 18031 establishes cyber security requirements for connected products, focusing on access control, authentication, secure communications, and cryptographic protection. AGD Connect has been developed to address the limitations of traditional device-level password protection and provide a modern, secure access architecture aligned with these requirements.

By introducing cloud-based identity management, role-based access control, secure authentication, encrypted communications, and centralised user administration, AGD Connect significantly improves the cyber resilience of AGD products and supports compliance with the key requirements of EN 18031.

Access Control and User Management

Requirement

EN 18031 requires that access to security and network assets is restricted to authorised users and systems.

How AGD Connect Complies

Traditional shared device passwords provide limited security because credentials are often shared among multiple users and cannot be revoked for an individual without changing passwords on every deployed device.

AGD Connect replaces this model with:

  • Individual named user accounts
  • Cloud-managed authentication
  • Role-based access permissions
  • Centralised user administration
  • Individual user revocation and deletion

Users must authenticate through the AGD Connect platform before access to device web interfaces is granted. Access rights are controlled through assigned roles, ensuring that only authorised personnel can access protected functions.

EN 18031 Clauses Addressed

  • ACM-1 – Access Control Mechanisms
  • ACM-2 – Authorised Access Control

Authentication and Identity Verification

Requirement

EN 18031 requires authentication mechanisms that verify the identity of users accessing protected assets.

How AGD Connect Complies

AGD Connect uses unique user credentials managed through the AGD Connect Secure Browser and cloud-hosted user management platform.

Authentication is performed against an individual user account before access is granted to any connected device. This provides:

  • Individual accountability
  • User traceability
  • Secure identity verification
  • Centralised authentication management

Unlike shared password systems, each user is authenticated as a unique entity.

EN 18031 Clauses Addressed

  • AUM-1 – Authentication Mechanisms
  • AUM-2 – Authentication Factors

Password Security and Credential Management

Requirement

EN 18031 requires passwords to be manageable, changeable, and protected through appropriate controls.

How AGD Connect Complies

AGD Connect eliminates the need for factory-default device passwords and supports strong password management practices.

Key features include:

  • Password complexity enforcement
  • User-initiated password changes
  • Administrator password reset capabilities
  • Secure password recovery workflows
  • Email-based identity verification during password reset

Users can change or reset passwords without requiring access to individual devices, greatly improving operational security and reducing maintenance overhead.

EN 18031 Clauses Addressed

  • AUM-4 – Authenticator Management
  • AUM-5 – Password Strength and Default Password Handling

Credential Validation and Replay Protection

Requirement

EN 18031 requires authentication systems to validate credentials securely and protect against replay attacks.

How AGD Connect Complies

AGD Connect validates user credentials against the cloud platform before access is granted.

Additional protections include:

  • Secure session management
  • Session token controls
  • Session expiry mechanisms
  • HTTPS-encrypted authentication exchanges
  • Protection against replayed authentication data

Captured authentication traffic cannot be reused to gain unauthorised access.

EN 18031 Clauses Addressed

  • AUM-3 – Authenticator Validation
  • SCM-4 – Replay Protection

Secure Communications

Requirement

EN 18031 requires secure communications mechanisms to protect the confidentiality, integrity, and authenticity of information transmitted across network interfaces.

How AGD Connect Complies

AGD Connect enforces secure communications between users, cloud services, and devices through:

  • HTTPS connections
  • TLS encryption
  • Secure WebSocket (WSS) communications
  • Certificate validation
  • Trusted certificate management

The platform rejects invalid or forged certificates and does not rely on unsecured HTTP communications.

Benefits include:

  • Protection against eavesdropping
  • Protection against tampering
  • Protection against man-in-the-middle attacks
  • Secure transmission of credentials and configuration data
  • Protection of operational data and live video streams

EN 18031 Clauses Addressed

  • SCM-1 – Secure Communication Mechanisms
  • SCM-2 – Integrity and Authenticity Protection
  • SCM-3 – Confidentiality Protection

Cryptographic Protection

Requirement

EN 18031 requires the use of recognised cryptographic techniques to protect security and network assets.

How AGD Connect Complies

AGD Connect implements modern cryptographic controls, including:

  • Current TLS protocols
  • Secure cipher suites
  • Strong certificate and key management
  • Certificate lifecycle management
  • Trusted root certificate handling
  • Secure WebSocket encryption

Weak and deprecated protocols and algorithms are disabled to ensure communications remain protected using industry best practices.

EN 18031 Clauses Addressed

  • CRY-1 – Cryptographic Protection

Compliance Summary

AGD Connect provides a substantial improvement over traditional device password protection by introducing a modern security architecture built around:

  • Individual user identities
  • Role-based access control
  • Centralised user management
  • User access revocation
  • Strong authentication
  • Secure password management
  • HTTPS and TLS-encrypted communications
  • Secure WebSocket connectivity
  • Replay attack protection
  • Best-practice cryptography

These capabilities enable AGD Connect to satisfy the key access control, authentication, communications security, and cryptographic requirements of EN 18031 while supporting the cyber security expectations of transport authorities, infrastructure operators, and critical national infrastructure providers.

Key Takeaway

AGD Connect transforms device access from a shared-password model into a secure, centrally managed identity and communications platform. By providing strong access controls, secure authentication, encrypted communications, and modern cryptographic protection, AGD Connect helps organisations deploy AGD products in a manner that aligns with the cyber security objectives of EN 18031 and emerging regulatory requirements for connected products.