Skip to content
Please enter a keyword to search

  • ISO 21188:2018

    Current The latest, up-to-date edition.

    Public key infrastructure for financial services — Practices and policy framework

    Available format(s):  Hardcopy, PDF, PDF 3 Users, PDF 5 Users, PDF 9 Users

    Language(s):  English

    Published date:  09-04-2018

    Publisher:  International Organization for Standardization

    Add To Cart

    Abstract - (Show below) - (Hide below)

    ISO 21188:2018 sets out a framework of requirements to manage a PKI through certificate policies and certification practice statements and to enable the use of public key certificates in the financial services industry. It also defines control objectives and supporting procedures to manage risks. While this document addresses the generation of public key certificates that might be used for digital signatures or key establishment, it does not address authentication methods, non-repudiation requirements or key management protocols.

    ISO 21188:2018 draws a distinction between PKI systems used in closed, open and contractual environments. It further defines the operational practices relative to financial-services-industry-accepted information systems control objectives. This document is intended to help implementers to define PKI practices that can support multiple certificate policies that include the use of digital signature, remote authentication, key exchange and data encryption.

    ISO 21188:2018 facilitates the implementation of operational, baseline PKI control practices that satisfy the requirements for the financial services industry in a contractual environment. While the focus of this document is on the contractual environment, application of this document to other environments is not specifically precluded. For the purposes of this document, the term "certificate" refers to public key certificates. Attribute certificates are outside the scope of this document

    ISO 21188:2018 is targeted for several audiences with different needs and therefore the use of this document will have a different focus for each.

    Business managers and analysts are those who require information regarding using PKI technology in their evolving businesses (e.g. electronic commerce); see Clauses 1 to 6.

    Technical designers and implementers are those who are writing their certificate policies and certification practice statement(s); see Clauses 6 to 7 and Annexes A to G.

    Operational management and auditors are those who are responsible for day-to-day operations of the PKI and validating compliance to this document; see Clauses 6 to 7.

    General Product Information - (Show below) - (Hide below)

    Committee ISO/TC 68/SC 2
    Development Note Supersedes ISO/DIS 21188. Supersedes and incorporates ISO 15782-1 & ISO 15782-2. (04/2018)
    Document Type Standard
    Publisher International Organization for Standardization
    Status Current
    Supersedes

    Standards Referencing This Book - (Show below) - (Hide below)

    ISO/IEC 18033-1:2015 Information technology Security techniques Encryption algorithms Part 1: General
    ISO/IEC 18032:2005 Information technology Security techniques Prime number generation
    ISO/IEC 18014-3:2009 Information technology Security techniques Time-stamping services Part 3: Mechanisms producing linked tokens
    ISO/IEC 15945:2002 Information technology — Security techniques — Specification of TTP services to support the application of digital signatures
    ISO/IEC 7813:2006 Information technology Identification cards Financial transaction cards
    ISO/IEC 9834-1:2012 Information technology — Procedures for the operation of object identifier registration authorities — Part 1: General procedures and top arcs of the international object identifier tree
    ISO/IEC 18033-2:2006 Information technology — Security techniques — Encryption algorithms — Part 2: Asymmetric ciphers
    ISO/IEC 18033-3:2010 Information technology Security techniques Encryption algorithms Part 3: Block ciphers
    ISO/IEC 18014-2:2009 Information technology Security techniques Time-stamping services Part 2: Mechanisms producing independent tokens
    ISO 13491-1:2016 Financial services Secure cryptographic devices (retail) Part 1: Concepts, requirements and evaluation methods
    FIPS PUB 140-2 : 0 SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES
    ISO/IEC 19790:2012 Information technology Security techniques Security requirements for cryptographic modules
    ISO/IEC 27002:2013 Information technology Security techniques Code of practice for information security controls
    ISO/IEC 8824:1990 Information technology — Open Systems Interconnection — Specification of Abstract Syntax Notation One (ASN.1)
    ISO/TR 13569:2005 Financial services Information security guidelines
    ISO/IEC 9594-8:2017 Information technology Open Systems Interconnection The Directory Part 8: Public-key and attribute certificate frameworks
    TS 101 456 : 1.4.3 ELECTRONIC SIGNATURES AND INFRASTRUCTURES (ESI); POLICY REQUIREMENTS FOR CERTIFICATION AUTHORITIES ISSUING QUALIFIED CERTIFICATES
    ISO/IEC 10118-3:2004 Information technology Security techniques Hash-functions Part 3: Dedicated hash-functions
    ISO/IEC 7810:2003 Identification cards Physical characteristics
    ISO/IEC 10646-1:2000 Information technology Universal Multiple-Octet Coded Character Set (UCS) Part 1: Architecture and Basic Multilingual Plane
    TS 102 042 : 2.4.1 ELECTRONIC SIGNATURES AND INFRASTRUCTURES (ESI); POLICY REQUIREMENTS FOR CERTIFICATION AUTHORITIES ISSUING PUBLIC KEY CERTIFICATES
    ISO/IEC 18033-4:2011 Information technology — Security techniques — Encryption algorithms — Part 4: Stream ciphers
    View more information

    • Access your standards online with a subscription

      Features

      • Simple online access to standards, technical information and regulations
      • Critical updates of standards and customisable alerts and notifications
      • Multi - user online standards collection: secure, flexibile and cost effective