AS ISO 13491.1:2019
Current
The latest, up-to-date edition.
Financial services - Secure cryptographic devices (retail) Concepts, requirements and evaluation methods
Hardcopy , PDF 1 User , PDF 3 Users , PDF 5 Users , PDF 9 Users
English
12-03-2019
Important note : All end users must be registered with an Account prior to user licenses being assigned.The objective of this Standard is to specify the security characteristics for secure cryptographic devices (SCDs) based on the cryptographic processes defined in ISO 9564, ISO 16609, and ISO 11568.
| Committee |
IT-005
|
| DocumentType |
Standard
|
| ISBN |
978 1 76072 355 2
|
| Pages |
33
|
| PublisherName |
Standards Australia
|
| Status |
Current
|
| Supersedes |
This part of ISO 13491 specifies the security characteristics for secure cryptographic devices (SCDs) based on the cryptographic processes defined in ISO 9564, ISO 16609, and ISO 11568.
This part of ISO 13491 has two primary purposes:
— to state the security characteristics concerning both the operational characteristics of SCDs and the management of such devices throughout all stages of their life cycle;
— to provide guidance for methodologies to verify compliance with those requirements. This information is contained in Annex A.
ISO 13491-2 specifies checklists to be used to evaluate secure cryptographic devices (SCDs) incorporating cryptographic processes as specified in ISO 9564-1, ISO 9564-2, ISO 16609, ISO 11568-1, ISO 11568-2, ISO 11568-3, ISO 11568-4, ISO 11568-5, and ISO 11568-6 in the financial services environment.
Annex A provides an informative illustration of the concepts of security levels described in this part of ISO 13491 as being applicable to SCDs.
This part of ISO 13491 does not address issues arising from the denial of service of an SCD.
Specific requirements for the security characteristics and management of specific types of SCD functionality used in the retail financial services environment are contained in ISO 13491-2.
| Standards | Relationship |
| ISO 13491-1:2016 | Identical |
Originated as AS 2805.14.2-2000.
Previous edition 2011.
Revised and redesignated as AS ISO 13491.1:2019.
| ISO 11568-1:2005 | Banking — Key management (retail) — Part 1: Principles |
| ISO/IEC 19790:2012 | Information technology — Security techniques — Security requirements for cryptographic modules |
| ISO 16609:2012 | Financial services — Requirements for message authentication using symmetric techniques |
| ISO 9564-1:2017 | Financial services — Personal Identification Number (PIN) management and security — Part 1: Basic principles and requirements for PINs in card-based systems |
| ISO 13491-2:2005 | Banking Secure cryptographic devices (retail) Part 2: Security compliance checklists for devices used in financial transactions |
| ISO 9564-2:2014 | Financial services — Personal Identification Number (PIN) management and security — Part 2: Approved algorithms for PIN encipherment |
| ISO/IEC 15408-3:2008 | Information technology — Security techniques — Evaluation criteria for IT security — Part 3: Security assurance components |
| ISO/IEC 15408-2:2008 | Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security functional components |
| ISO 11568-2:2012 | Financial services — Key management (retail) — Part 2: Symmetric ciphers, their key management and life cycle |
| ISO 11568-4:2007 | Banking — Key management (retail) — Part 4: Asymmetric cryptosystems — Key management and life cycle |
| ISO/IEC 17025:2017 | General requirements for the competence of testing and calibration laboratories |
| ISO/IEC 15408-1:2009 | Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.