Skip to content
Please enter a keyword to search

  • ISO 13491-1:2016

    Current The latest, up-to-date edition.

    Financial services Secure cryptographic devices (retail) Part 1: Concepts, requirements and evaluation methods

    Available format(s):  Hardcopy, PDF, PDF 3 Users, PDF 5 Users, PDF 9 Users

    Language(s):  English

    Published date:  17-03-2016

    Publisher:  International Organization for Standardization

    Add To Cart

    Abstract - (Show below) - (Hide below)

    ISO 13491-1:2016 specifies the security characteristics for secure cryptographic devices (SCDs) based on the cryptographic processes defined in ISO 9564, ISO 16609, and ISO 11568.

    ISO 13491-1:2016 has two primary purposes:

    - to state the security characteristics concerning both the operational characteristics of SCDs and the management of such devices throughout all stages of their life cycle;

    ? to provide guidance for methodologies to verify compliance with those requirements. This information is contained in Annex A.

    ISO 13491-2 specifies checklists to be used to evaluate secure cryptographic devices (SCDs) incorporating cryptographic processes as specified in ISO 9564-1, ISO 9564-2, ISO 16609, ISO 11568-1, ISO 11568-2, ISO 11568-3, ISO 11568-4, ISO 11568-5, and ISO 11568-6 in the financial services environment.

    Annex A provides an informative illustration of the concepts of security levels described in this part of ISO 13491 as being applicable to SCDs.

    ISO 13491-1:2016 does not address issues arising from the denial of service of an SCD.

    Specific requirements for the security characteristics and management of specific types of SCD functionality used in the retail financial services environment are contained in ISO 134912.

    General Product Information - (Show below) - (Hide below)

    Development Note Supersedes ISO/DIS 13491-1. (03/2016)
    Document Type Standard
    Publisher International Organization for Standardization
    Status Current
    Supersedes

    Standards Referenced By This Book - (Show below) - (Hide below)

    11/30231373 DC : 0 BS ISO 11568-2 - FINANCIAL SERVICES - KEY MANAGEMENT (RETAIL) - PART 2: SYMMETRIC CIPHERS, THEIR KEY MANAGEMENT AND LIFE CYCLE
    BS ISO 11568-4:2007 Banking. Key management (retail) Asymmetric cryptosystems. Key management and life cycle
    ISO/TR 9564-4:2004 Banking Personal Identification Number (PIN) management and security Part 4: Guidelines for PIN handling in open networks
    BS ISO 9564-4:2016 Financial services. Personal Identification Number (PIN) management and security Requirements for PIN handling in eCommerce for Payment Transactions
    14/30265618 DC : 0 BS ISO 13491-2 - BANKING - SECURE CRYPTOGRAPHIC DEVICES (RETAIL) - PART 2: SECURITY COMPLIANCE CHECKLISTS FOR DEVICES USED IN FINANCIAL TRANSACTIONS
    BS ISO 21188:2006 Public key infrastructure for financial services. Practices and policy framework
    ISO 9564-4:2016 Financial services — Personal Identification Number (PIN) management and security — Part 4: Requirements for PIN handling in eCommerce for Payment Transactions
    ISO 21188:2018 Public key infrastructure for financial services — Practices and policy framework
    BIS IS 15256-4 : 2013 BANKING - KEY MANAGEMENT (RETAIL) - PART 4: ASYMMETRIC CRYPTOSYSTEMS - KEY MANAGEMENT AND LIFE CYCLE
    ISO 11568-4:2007 Banking — Key management (retail) — Part 4: Asymmetric cryptosystems — Key management and life cycle
    ISO 13491-2:2017 Financial services — Secure cryptographic devices (retail) — Part 2: Security compliance checklists for devices used in financial transactions
    BS ISO 11568-1:2005 Banking. Key management (retail) Principles
    14/30265624 DC : 0 BS ISO 9564-4 - FINANCIAL SERVICES - PERSONAL IDENTIFICATION NUMBER (PIN) MANAGEMENT AND SECURITY - PART 4: REQUIREMENTS FOR PIN HANDLING IN ECOMMERCE FOR PAYMENT TRANSACTIONS
    07/30169475 DC : 0 BS ISO 15782-1 - CERTIFICATE MANAGEMENT FOR FINANCIAL SERVICES - PART 1: PUBLIC KEY CERTIFICATES
    BS ISO 10202-7:1998 Financial transaction cards. Security architecture of financial transaction systems using integrated circuit cards Key management
    04/30104265 DC : DRAFT SEP 2004 ISO 13491-2 - BANKING - SECURE CRYPTOGRAPHIC DEVICES, RETAIL - PART 2: SECURITY COMPLIANCE CHECKLISTS FOR DEVICES USED IN FINANCIAL TRANSACTION ENVIRONMENTS
    02/647196 DC : 0 BS ISO/TR 9564 - BANKING - PERSONAL IDENTIFICATION NUMBER MANAGEMENT AND SECURITY - PART 4: BEST PRACTICES FOR PIN HANDLING IN OPEN NETWORK DEVICES
    BS ISO 13491-2:2017 Financial services. Secure cryptographic devices (retail) Security compliance checklists for devices used in financial transactions
    BS ISO 9564-1:2017 Financial services. Personal Identification Number (PIN) management and security Basic principles and requirements for PINs in card-based systems
    ISO 19092:2008 Financial services — Biometrics — Security framework
    ISO 11568-2:2012 Financial services — Key management (retail) — Part 2: Symmetric ciphers, their key management and life cycle
    17/30281253 DC : 0 BS ISO 21188 - PUBLIC KEY INFRASTRUCTURE FOR FINANCIAL SERVICES - PRACTICES AND POLICY FRAMEWORK
    13/30275456 DC : 0 BS ISO 9564-1:2011/AMD 1 - FINANCIAL SERVICES - PERSONAL IDENTIFICATION NUMBER (PIN) MANAGEMENT AND SECURITY - PART 1: BASIC PRINCIPLES AND REQUIREMENTS FOR PINS IN CARD-BASED SYSTEMS
    15/30323818 DC : 0 BS ISO 9564-1 - FINANCIAL SERVICES - PERSONAL IDENTIFICATION NUMBER (PIN) MANAGEMENT AND SECURITY - PART 1: BASIC PRINCIPLES AND REQUIREMENTS FOR PINS IN CARD-BASED SYSTEMS
    09/30201974 DC : 0 BS ISO 9564-1 - FINANCIAL SERVICES - PERSONAL IDENTIFICATION NUMBER (PIN) MANAGEMENT AND SECURITY - PART 1: BASIC PRINCIPLES AND REQUIREMENTS FOR PINS IN CARD BASE SYSTEMS
    NF ISO 11568-4 : 1999 BANKING - KEY MANAGEMENT (RETAIL) - PART 4: KEY MANAGEMENT TECHNIQUES FOR PUBLIC KEY CRYPTOSYSTEMS
    ISO 15782-1:2009 Certificate management for financial services Part 1: Public key certificates
    ISO 11568-1:2005 Banking — Key management (retail) — Part 1: Principles
    ISO/TR 13569:2005 Financial services Information security guidelines
    BS ISO 11568-2:2012 Financial services. Key management (retail) Symmetric ciphers, their key management and life cycle
    BS ISO 15782-1:2009 Certificate management for financial services Public key certificates
    ISO 9564-1:2017 Financial services — Personal Identification Number (PIN) management and security — Part 1: Basic principles and requirements for PINs in card-based systems
    ISO 19092-1:2006 Financial services Biometrics Part 1: Security framework
    ANSI X9.8-1 : 2015 FINANCIAL SERVICES - PERSONAL IDENTIFICATION NUMBER (PIN) MANAGEMENT AND SECURITY - PART 1: BASIC PRINCIPLES AND REQUIREMENTS FOR PINS IN CARD-BASED SYSTEMS
    ANSI X9.97-2 : 2009(R2017) BANKING - SECURE CRYPTOGRAPHIC DEVICES (RETAIL) - PART 2: SECURITY COMPLIANCE CHECKLISTS FOR DEVICES USED IN FINANCIAL TRANSACTIONS
    PD ISO/TR 13569:2005 Financial services. Information security guidelines
    ISO 11568-6:1998 Banking Key management (retail) Part 6: Key management schemes
    ISO 10202-7:1998 Financial transaction cards Security architecture of financial transaction systems using integrated circuit cards Part 7: Key management
    I.S. CWA 14174-3:2004 FINANCIAL TRANSACTIONAL IC CARD READER (FINREAD) - PART 3: SECURITY REQUIREMENTS

    Standards Referencing This Book - (Show below) - (Hide below)

    ISO/IEC 17025:2005 General requirements for the competence of testing and calibration laboratories
    ISO 11568-2:2012 Financial services — Key management (retail) — Part 2: Symmetric ciphers, their key management and life cycle
    ISO 13491-2:2017 Financial services — Secure cryptographic devices (retail) — Part 2: Security compliance checklists for devices used in financial transactions
    ISO/IEC 19790:2012 Information technology — Security techniques — Security requirements for cryptographic modules
    AS ISO 13491.2:2019 Financial services - Secure cryptographic devices (retail) Security compliance checklists for devices used in financial transactions
    ISO 16609:2012 Financial services — Requirements for message authentication using symmetric techniques
    ISO 9564-1:2017 Financial services — Personal Identification Number (PIN) management and security — Part 1: Basic principles and requirements for PINs in card-based systems
    ISO 11568-1:2005 Banking — Key management (retail) — Part 1: Principles
    ISO 9564-2:2014 Financial services — Personal Identification Number (PIN) management and security — Part 2: Approved algorithms for PIN encipherment
    ISO 11568-4:2007 Banking — Key management (retail) — Part 4: Asymmetric cryptosystems — Key management and life cycle
    View more information

    • Access your standards online with a subscription

      Features

      • Simple online access to standards, technical information and regulations
      • Critical updates of standards and customisable alerts and notifications
      • Multi - user online standards collection: secure, flexibile and cost effective