ANSI X9.112-1 : 2009
Superseded
A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.
View Superseded by
WIRELESS MANAGEMENT AND SECURITY - PART 1: GENERAL REQUIREMENTS
27-05-2016
12-01-2013
Foreword
Introduction
1 Scope
1.1 Audience
1.2 Business Case
2 Normative references
3 Terms and definitions
4 Symbols and abbreviated terms
5 Wireless Risks
5.1 Introduction
5.2 Applicable Risks
5.2.1 Physical Topology
5.2.2 Access Control - Least Privilege
5.2.3 Encryption
5.2.4 Network Integrity
5.2.5 Wireless Transmission
5.2.6 Unauthorized Wireless Access Devices
5.2.7 Denial of Service (DoS)
5.2.8 Data Integrity
6 Requirements
6.1 Overview
6.2 Wireless Security Policy
6.3 Data Security
6.4 Entity Authentication
6.5 Data Integrity
6.6 Security Encapsulation
6.7 Key Management
6.8 Wireless Network
6.9 Audit Logging
6.10 Physical Security
6.11 Access Control
7 Wireless Security Policy
7.1 Roles and Responsibilities
7.2 Security Controls
7.3 Technology Controls
7.4 Access Controls
7.5 Configuration Controls
7.6 Cryptograph Controls
7.7 Physical Controls
7.8 Log Management
Annex A (normative) Wireless Validation Control Objectives
A.1 Introduction
A.2 Environmental Controls
A.2.1 Security Policy
A.2.2 Security Organization
A.2.3 Asset Classification and Management
A.2.4 Personnel Security
A.2.5 Physical and Environmental Security
A.2.6 Operations Management
A.2.7 System Access Management
A.2.8 Systems Development and Maintenance
A.2.9 Wireless Access Continuity Management
A.2.10 Monitoring and Compliance
A.2.11 Event Journaling
A.3 Key Management Life Cycle Controls
A.3.1 Key Generation
A.3.2 Key Storage, Backup and Recover
A.3.3 Key Distribution
A.3.4 Key Usage
A.3.5 Key Destruction and Archival
A.3.6 Cryptographic Device Life Cycle Controls
A.4 Wireless Management Life Cycle Controls
A.4.1 Wireless Device Life Cycle
A.4.2 Wireless Encryption
A.4.3 Wireless Authentication
A.4.4 Wireless Integrity
A.4.5 Wireless Encapsulation
Annex B (Normative) Wireless Cryptograph Controls
Annex C (Informative) Wireless Technology Standards
Wireless Local Area Networks
C.1 Broadband Wireless
C.2 Bluetooth
C.2.1 Architecture
C.2.2 Client ID
C.2.3 Client Provisioning
C.2.4 External Functional Interface (EFI)
C.2.5 General formats
C.2.6 Multimedia Messaging Service (MMS)
C.2.7 Persistence
C.2.8 Pictogram
C.2.9 Push
C.2.10 Synchronisation
C.2.11 User Agent Profile (UAProf)
C.2.12 Wireless Application Environment
C.2.13 Wireless Protocols
C.2.14 Wireless Security
C.2.15 Wireless Telephony Application (WTA)
C.3 Voice and Messaging
Annex D (Informative) X9 Registry
Annex E (Informative) OCC Risk Management of Wireless Networks
Bibliography
Covers an overview of wireless radio frequency (RF) technologies and general requirements applicable to all wireless implementations for the financial services industry.
Committee |
X9
|
DocumentType |
Standard
|
PublisherName |
American Bankers Association
|
Status |
Superseded
|
SupersededBy |
ANSI X9.30.1 : 1997 | PUBLIC KEY CRYPTOGRAPHY FOR THE FINANCIAL SERVICES INDUSTRY - PART 1: THE DIGITAL SIGNATURE ALGORITHM (DSA) |
ANSI X9.57 : 1997 | PUBLIC KEY CRYPTOGRAPHY FOR THE FINANCIAL SERVICES INDUSTRY: CERTIFICATE MANAGEMENT |
ANSI X9.95 : 2016 | FINANCIAL SERVICES - TRUSTED TIME STAMP MANAGEMENT AND SECURITY |
ISO/IEC 9798-3:1998 | Information technology Security techniques Entity authentication Part 3: Mechanisms using digital signature techniques |
ANSI X9.8-1 : 2015 | FINANCIAL SERVICES - PERSONAL IDENTIFICATION NUMBER (PIN) MANAGEMENT AND SECURITY - PART 1: BASIC PRINCIPLES AND REQUIREMENTS FOR PINS IN CARD-BASED SYSTEMS |
ISO 11568-2:2012 | Financial services — Key management (retail) — Part 2: Symmetric ciphers, their key management and life cycle |
ANSI X9.52 : 1998 | TRIPLE DATA ENCRYPTION ALGORITHM MODES OF OPERATION |
ISO/IEC 9798-4:1999 | Information technology Security techniques Entity authentication Part 4: Mechanisms using a cryptographic check function |
ISO/IEC 27002:2013 | Information technology Security techniques Code of practice for information security controls |
ISO 16609:2012 | Financial services — Requirements for message authentication using symmetric techniques |
ANSI X9.24-1 : 2017 | RETAIL FINANCIAL SERVICES - SYMMETRIC KEY MANAGEMENT - PART 1: USING SYMMETRIC TECHNIQUES |
ANSI X9.84 : 2010(R2017) | BIOMETRIC INFORMATION MANAGEMENT AND SECURITY FOR THE FINANCIAL SERVICES INDUSTRY |
ISO/IEC 9798-2:2008 | Information technology Security techniques Entity authentication Part 2: Mechanisms using symmetric encipherment algorithms |
ISO/IEC 9798-5:2009 | Information technology — Security techniques — Entity authentication — Part 5: Mechanisms using zero-knowledge techniques |
ISO 11568-1:2005 | Banking — Key management (retail) — Part 1: Principles |
ISO 11568-4:2007 | Banking — Key management (retail) — Part 4: Asymmetric cryptosystems — Key management and life cycle |
ANSI X9.30.2 : 1997 | PUBLIC KEY CRYPTOGRAPHY USING IRREVERSIBLE ALGORITHMS - PART 2: THE SECURE HASH ALGORITHM (SHA-1) |
ANSI X9.31 : 1998 | DIGITAL SIGNATURES USING REVERSIBLE PUBLIC KEY CRYPTOGRAPHY FOR THE FINANCIAL SERVICES INDUSTRY (RDSA) |
ISO/IEC 9798-1:2010 | Information technology Security techniques Entity authentication Part 1: General |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.