ANSI X9/TG-3 : 2006
Superseded
A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.
View Superseded by
RETAIL FINANCIAL SERVICES COMPLIANCE GUIDELINE - ONLINE PIN SECURITY AND KEY MANAGEMENT
10-05-2009
12-01-2013
Foreword
1 Purpose and Scope
1.1 Purpose
1.2 Scope
2 References and Definitions
2.1 References
2.2 Definitions
3 Overview
4 Compliance Control Objectives
4.1 General Security Procedures Control Objectives
4.2 Tamper Resistant Security Module Management Control
Objectives
4.3 General Key Management Control Objectives
4.4 Additional Key Management Procedure Control Objectives
5 Asymmetric Compliance Control Objectives
5.1 General Asymmetric Control Objectives
5.2 Asymmetric Key Management Control Objectives
5.3 Mutual Authentication Management Control Objectives
5.4 Credential Management Control Objectives
5.5 Additional Asymmetric Management Control Objectives
Annex A - Recommended Evaluation Criteria for Cryptographic
Equipment
Annex B - Respondent Mapping Matrix
Annex C - Compliance Exception Forms
Applies to all organizations using the Triple Data Encryption Algorithm - TDEA (reference 7) for the encryption of PINs used for retail financial services such as POS and ATM transactions, messages among retailers and financial institutions, and interchange messages among acquirers, switches and card issuers.
| Committee |
X9
|
| DocumentType |
Standard
|
| PublisherName |
American Bankers Association
|
| Status |
Superseded
|
| SupersededBy |
| ANSI X9 TR 31 : 2010 | INTEROPERABLE SECURE KEY EXCHANGE KEY BLOCK SPECIFICATION FOR SYMMETRIC ALGORITHMS |
| ISO 15782-1:2009 | Certificate management for financial services Part 1: Public key certificates |
| ANSI X9.57 : 1997 | PUBLIC KEY CRYPTOGRAPHY FOR THE FINANCIAL SERVICES INDUSTRY: CERTIFICATE MANAGEMENT |
| ANSI X9.80 : 2005(R2013) | PRIME NUMBER GENERATION, PRIMALITY TESTING, AND PRIMALITY CERTIFICATES |
| ISO 11568-2:2012 | Financial services — Key management (retail) — Part 2: Symmetric ciphers, their key management and life cycle |
| ISO 13491-2:2017 | Financial services — Secure cryptographic devices (retail) — Part 2: Security compliance checklists for devices used in financial transactions |
| ANSI X9.52 : 1998 | TRIPLE DATA ENCRYPTION ALGORITHM MODES OF OPERATION |
| ISO 16609:2012 | Financial services — Requirements for message authentication using symmetric techniques |
| ANSI X9.24-1 : 2017 | RETAIL FINANCIAL SERVICES - SYMMETRIC KEY MANAGEMENT - PART 1: USING SYMMETRIC TECHNIQUES |
| ANSI X9.44:2007 | FINANCIAL SERVICES - PUBLIC-KEY CRYPTOGRAPHY FOR THE FINANCIAL SERVICES INDUSTRY - KEY ESTABLISHMENT USING INTEGER FACTORIZATION CRYPTOGRAPHY |
| ANSI X9.8 : 1995 | BANKING - PERSONAL IDENTIFICATION NUMBER MANAGEMENT AND SECURITY - PART 1: PIN PROTECTION PRINCIPLES AND TECHNIQUES - PART 2: APPROVED ALGORITHMS FOR PIN ENCIPHERMENT |
| ANSI X9.79-1 : 2001 | FINANCIAL SERVICES PUBLIC KEY INFRASTRUCTURE - PART 1: PKI PRACTICES AND POLICY FRAMEWORK |
| ANSI INCITS 92 : 1981 | DATA ENCRYPTION ALGORITHM |
| ANSI X9.63 : 2011 | FINANCIAL SERVICES - PUBLIC KEY CRYPTOGRAPHY FOR THE FINANCIAL SERVICES INDUSTRY, KEY AGREEMENT AND KEY TRANSPORT USING ELLIPTIC CURVE CRYPTOGRAPHY |
| ANSI X9.42 : 2003(R2013) | PUBLIC KEY CRYPTOGRAPHY FOR THE FINANCIAL SERVICES: AGREEMENT OF SYMMETRIC KEYS USING DISCRETE LOGARITHM CRYPTOGRAPHY |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.