ISO 13491-1:2016
Superseded
A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.
View Superseded by
Financial services — Secure cryptographic devices (retail) — Part 1: Concepts, requirements and evaluation methods
Hardcopy , PDF , PDF 3 Users , PDF 5 Users , PDF 9 Users
17-07-2024
English
17-03-2016
Important note : Users cannot be edited or removed once added to your Multi user PDF.
ISO 13491-1:2016 specifies the security characteristics for secure cryptographic devices (SCDs) based on the cryptographic processes defined in ISO 9564, ISO 16609, and ISO 11568.
ISO 13491-1:2016 has two primary purposes:
- to state the security characteristics concerning both the operational characteristics of SCDs and the management of such devices throughout all stages of their life cycle;
? to provide guidance for methodologies to verify compliance with those requirements. This information is contained in Annex A.
ISO 13491-2 specifies checklists to be used to evaluate secure cryptographic devices (SCDs) incorporating cryptographic processes as specified in ISO 9564-1, ISO 9564-2, ISO 16609, ISO 11568-1, ISO 11568-2, ISO 11568-3, ISO 11568-4, ISO 11568-5, and ISO 11568-6 in the financial services environment.
Annex A provides an informative illustration of the concepts of security levels described in this part of ISO 13491 as being applicable to SCDs.
ISO 13491-1:2016 does not address issues arising from the denial of service of an SCD.
Specific requirements for the security characteristics and management of specific types of SCD functionality used in the retail financial services environment are contained in ISO 13491‑2.
| Committee |
ISO/TC 68/SC 2
|
| DevelopmentNote |
Supersedes ISO/DIS 13491-1. (03/2016)
|
| DocumentType |
Standard
|
| Pages |
33
|
| PublisherName |
International Organization for Standardization
|
| Status |
Superseded
|
| SupersededBy | |
| Supersedes | |
| UnderRevision |
| Standards | Relationship |
| BS ISO 13491-1:2007 | Identical |
| AS ISO 13491.1:2019 | Identical |
| NEN ISO 13491-1 : 2016 | Identical |
| ANSI X9.97-1:2024 | Identical |
| DS ISO 13491-1 : 2016 | Identical |
| BIS IS 16005-1 : 2013 | Identical |
| UNI ISO 13491-1 : 2003 | Identical |
| NF ISO 13491-1 : 1999 | Identical |
| BS ISO 13491-1:2016 | Identical |
| 11/30231373 DC : 0 | BS ISO 11568-2 - FINANCIAL SERVICES - KEY MANAGEMENT (RETAIL) - PART 2: SYMMETRIC CIPHERS, THEIR KEY MANAGEMENT AND LIFE CYCLE |
| BS ISO 11568-4:2007 | Banking. Key management (retail) Asymmetric cryptosystems. Key management and life cycle |
| ISO/TR 9564-4:2004 | Banking Personal Identification Number (PIN) management and security Part 4: Guidelines for PIN handling in open networks |
| BS ISO 9564-4:2016 | Financial services. Personal Identification Number (PIN) management and security Requirements for PIN handling in eCommerce for Payment Transactions |
| 14/30265618 DC : 0 | BS ISO 13491-2 - BANKING - SECURE CRYPTOGRAPHIC DEVICES (RETAIL) - PART 2: SECURITY COMPLIANCE CHECKLISTS FOR DEVICES USED IN FINANCIAL TRANSACTIONS |
| BS ISO 21188:2006 | Public key infrastructure for financial services. Practices and policy framework |
| ISO 9564-4:2016 | Financial services — Personal Identification Number (PIN) management and security — Part 4: Requirements for PIN handling in eCommerce for Payment Transactions |
| ISO 21188:2018 | Public key infrastructure for financial services — Practices and policy framework |
| BIS IS 15256-4 : 2013 | BANKING - KEY MANAGEMENT (RETAIL) - PART 4: ASYMMETRIC CRYPTOSYSTEMS - KEY MANAGEMENT AND LIFE CYCLE |
| ISO 11568-4:2007 | Banking — Key management (retail) — Part 4: Asymmetric cryptosystems — Key management and life cycle |
| ISO 13491-2:2017 | Financial services — Secure cryptographic devices (retail) — Part 2: Security compliance checklists for devices used in financial transactions |
| BS ISO 11568-1:2005 | Banking. Key management (retail) Principles |
| 14/30265624 DC : 0 | BS ISO 9564-4 - FINANCIAL SERVICES - PERSONAL IDENTIFICATION NUMBER (PIN) MANAGEMENT AND SECURITY - PART 4: REQUIREMENTS FOR PIN HANDLING IN ECOMMERCE FOR PAYMENT TRANSACTIONS |
| 07/30169475 DC : 0 | BS ISO 15782-1 - CERTIFICATE MANAGEMENT FOR FINANCIAL SERVICES - PART 1: PUBLIC KEY CERTIFICATES |
| BS ISO 10202-7:1998 | Financial transaction cards. Security architecture of financial transaction systems using integrated circuit cards Key management |
| 04/30104265 DC : DRAFT SEP 2004 | ISO 13491-2 - BANKING - SECURE CRYPTOGRAPHIC DEVICES, RETAIL - PART 2: SECURITY COMPLIANCE CHECKLISTS FOR DEVICES USED IN FINANCIAL TRANSACTION ENVIRONMENTS |
| 02/647196 DC : 0 | BS ISO/TR 9564 - BANKING - PERSONAL IDENTIFICATION NUMBER MANAGEMENT AND SECURITY - PART 4: BEST PRACTICES FOR PIN HANDLING IN OPEN NETWORK DEVICES |
| BS ISO 13491-2:2017 | Financial services. Secure cryptographic devices (retail) Security compliance checklists for devices used in financial transactions |
| BS ISO 9564-1:2017 | Financial services. Personal Identification Number (PIN) management and security Basic principles and requirements for PINs in card-based systems |
| ISO 19092:2008 | Financial services — Biometrics — Security framework |
| ISO 11568-2:2012 | Financial services — Key management (retail) — Part 2: Symmetric ciphers, their key management and life cycle |
| 17/30281253 DC : 0 | BS ISO 21188 - PUBLIC KEY INFRASTRUCTURE FOR FINANCIAL SERVICES - PRACTICES AND POLICY FRAMEWORK |
| 13/30275456 DC : 0 | BS ISO 9564-1:2011/AMD 1 - FINANCIAL SERVICES - PERSONAL IDENTIFICATION NUMBER (PIN) MANAGEMENT AND SECURITY - PART 1: BASIC PRINCIPLES AND REQUIREMENTS FOR PINS IN CARD-BASED SYSTEMS |
| 15/30323818 DC : 0 | BS ISO 9564-1 - FINANCIAL SERVICES - PERSONAL IDENTIFICATION NUMBER (PIN) MANAGEMENT AND SECURITY - PART 1: BASIC PRINCIPLES AND REQUIREMENTS FOR PINS IN CARD-BASED SYSTEMS |
| 09/30201974 DC : 0 | BS ISO 9564-1 - FINANCIAL SERVICES - PERSONAL IDENTIFICATION NUMBER (PIN) MANAGEMENT AND SECURITY - PART 1: BASIC PRINCIPLES AND REQUIREMENTS FOR PINS IN CARD BASE SYSTEMS |
| NF ISO 11568-4 : 1999 | BANKING - KEY MANAGEMENT (RETAIL) - PART 4: KEY MANAGEMENT TECHNIQUES FOR PUBLIC KEY CRYPTOSYSTEMS |
| ISO 15782-1:2009 | Certificate management for financial services Part 1: Public key certificates |
| ISO 11568-1:2005 | Banking — Key management (retail) — Part 1: Principles |
| ISO/TR 13569:2005 | Financial services Information security guidelines |
| BS ISO 11568-2:2012 | Financial services. Key management (retail) Symmetric ciphers, their key management and life cycle |
| BS ISO 15782-1:2009 | Certificate management for financial services Public key certificates |
| ISO 9564-1:2017 | Financial services — Personal Identification Number (PIN) management and security — Part 1: Basic principles and requirements for PINs in card-based systems |
| ISO 19092-1:2006 | Financial services Biometrics Part 1: Security framework |
| ANSI X9.8-1 : 2015 | FINANCIAL SERVICES - PERSONAL IDENTIFICATION NUMBER (PIN) MANAGEMENT AND SECURITY - PART 1: BASIC PRINCIPLES AND REQUIREMENTS FOR PINS IN CARD-BASED SYSTEMS |
| ANSI X9.97-2 : 2009(R2017) | BANKING - SECURE CRYPTOGRAPHIC DEVICES (RETAIL) - PART 2: SECURITY COMPLIANCE CHECKLISTS FOR DEVICES USED IN FINANCIAL TRANSACTIONS |
| PD ISO/TR 13569:2005 | Financial services. Information security guidelines |
| ISO 11568-6:1998 | Banking Key management (retail) Part 6: Key management schemes |
| ISO 10202-7:1998 | Financial transaction cards Security architecture of financial transaction systems using integrated circuit cards Part 7: Key management |
| I.S. CWA 14174-3:2004 | FINANCIAL TRANSACTIONAL IC CARD READER (FINREAD) - PART 3: SECURITY REQUIREMENTS |
| ANSI X9.79-1 : 2001 | FINANCIAL SERVICES PUBLIC KEY INFRASTRUCTURE - PART 1: PKI PRACTICES AND POLICY FRAMEWORK |
| ISO/IEC 17025:2005 | General requirements for the competence of testing and calibration laboratories |
| ISO 11568-2:2012 | Financial services — Key management (retail) — Part 2: Symmetric ciphers, their key management and life cycle |
| ISO 13491-2:2017 | Financial services — Secure cryptographic devices (retail) — Part 2: Security compliance checklists for devices used in financial transactions |
| ISO/IEC 19790:2012 | Information technology — Security techniques — Security requirements for cryptographic modules |
| AS ISO 13491.2:2019 | Financial services - Secure cryptographic devices (retail) Security compliance checklists for devices used in financial transactions |
| ISO 16609:2012 | Financial services — Requirements for message authentication using symmetric techniques |
| ISO 9564-1:2017 | Financial services — Personal Identification Number (PIN) management and security — Part 1: Basic principles and requirements for PINs in card-based systems |
| ISO 11568-1:2005 | Banking — Key management (retail) — Part 1: Principles |
| ISO 9564-2:2014 | Financial services — Personal Identification Number (PIN) management and security — Part 2: Approved algorithms for PIN encipherment |
| ISO 11568-4:2007 | Banking — Key management (retail) — Part 4: Asymmetric cryptosystems — Key management and life cycle |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.