ISO 13491-2:2017
Withdrawn
A Withdrawn Standard is one, which is removed from sale, and its unique number can no longer be used. The Standard can be withdrawn and not replaced, or it can be withdrawn and replaced by a Standard with a different number.
View Superseded by
Financial services — Secure cryptographic devices (retail) — Part 2: Security compliance checklists for devices used in financial transactions
Hardcopy , PDF , PDF 3 Users , PDF 5 Users , PDF 9 Users
11-01-2023
English
23-03-2017
Important note : Users cannot be edited or removed once added to your Multi user PDF.
ISO 13491-2:2017 specifies checklists to be used to evaluate secure cryptographic devices (SCDs) incorporating cryptographic processes as specified in ISO 9564‑1, ISO 9564‑2, ISO 16609, ISO 11568‑1, ISO 11568‑2, and ISO 11568‑4 in the financial services environment. Integrated circuit (IC) payment cards are subject to the requirements identified in this document up until the time of issue after which they are to be regarded as a "personal" device and outside of the scope of this document.
ISO 13491-2:2017 does not address issues arising from the denial of service of an SCD.
In the checklists given in Annex A to Annex H, the term "not feasible" is intended to convey the notion that although a particular attack might be technically possible, it would not be economically viable since carrying out the attack would cost more than any benefits obtained from a successful attack. In addition to attacks for purely economic gain, malicious attacks directed toward loss of reputation need to be considered.
| DevelopmentNote |
Supersedes ISO/DIS 13491-2. (03/2017)
|
| DocumentType |
Standard
|
| Pages |
39
|
| PublisherName |
International Organization for Standardization
|
| Status |
Withdrawn
|
| SupersededBy | |
| Supersedes |
| Standards | Relationship |
| DS ISO 13491-2 : 2017 | Identical |
| BS ISO 13491-2:2017 | Identical |
| NEN ISO 13491-2 : 2017 | Identical |
| AS ISO 13491.2:2019 | Identical |
| UNI ISO 13491-2 : 2003 | Identical |
| ANSI X9.97-2 : 2009(R2017) | Identical |
| BIS IS 16005-2 : 2013 | Identical |
| 11/30231373 DC : 0 | BS ISO 11568-2 - FINANCIAL SERVICES - KEY MANAGEMENT (RETAIL) - PART 2: SYMMETRIC CIPHERS, THEIR KEY MANAGEMENT AND LIFE CYCLE |
| BS ISO 11568-4:2007 | Banking. Key management (retail) Asymmetric cryptosystems. Key management and life cycle |
| 05/30144069 DC : DRAFT DEC 2005 | ISO 13491-1 - BANKING - SECURE CRYPTOGRAPHIC DEVICES (RETAIL) - PART 1: CONCEPTS, REQUIREMENTS AND EVALUATION METHODS |
| BIS IS 15256-4 : 2013 | BANKING - KEY MANAGEMENT (RETAIL) - PART 4: ASYMMETRIC CRYPTOSYSTEMS - KEY MANAGEMENT AND LIFE CYCLE |
| ISO 11568-4:2007 | Banking — Key management (retail) — Part 4: Asymmetric cryptosystems — Key management and life cycle |
| BS ISO 11568-1:2005 | Banking. Key management (retail) Principles |
| ISO 13491-1:2016 | Financial services — Secure cryptographic devices (retail) — Part 1: Concepts, requirements and evaluation methods |
| ANSI X9 TR 39 : 2009 | TG-3 RETAIL FINANCIAL SERVICES COMPLIANCE GUIDELINE - PART 1: PIN SECURITY AND KEY MANAGEMENT |
| BS ISO 9564-1:2017 | Financial services. Personal Identification Number (PIN) management and security Basic principles and requirements for PINs in card-based systems |
| NF ISO 13491-1 : 1999 | BANKING - SECURE CRYPTOGRAPHIC DEVICES (RETAIL) - CONCEPTS, REQUIREMENTS AND EVALUATION METHODS |
| ISO 11568-2:2012 | Financial services — Key management (retail) — Part 2: Symmetric ciphers, their key management and life cycle |
| 14/30265615 DC : 0 | BS ISO 13491-1 - BANKING - SECURE CRYPTOGRAPHIC DEVICES (RETAIL) - PART 1: CONCEPTS, REQUIREMENTS AND EVALUATION METHODS |
| 13/30275456 DC : 0 | BS ISO 9564-1:2011/AMD 1 - FINANCIAL SERVICES - PERSONAL IDENTIFICATION NUMBER (PIN) MANAGEMENT AND SECURITY - PART 1: BASIC PRINCIPLES AND REQUIREMENTS FOR PINS IN CARD-BASED SYSTEMS |
| 15/30323818 DC : 0 | BS ISO 9564-1 - FINANCIAL SERVICES - PERSONAL IDENTIFICATION NUMBER (PIN) MANAGEMENT AND SECURITY - PART 1: BASIC PRINCIPLES AND REQUIREMENTS FOR PINS IN CARD-BASED SYSTEMS |
| 09/30201974 DC : 0 | BS ISO 9564-1 - FINANCIAL SERVICES - PERSONAL IDENTIFICATION NUMBER (PIN) MANAGEMENT AND SECURITY - PART 1: BASIC PRINCIPLES AND REQUIREMENTS FOR PINS IN CARD BASE SYSTEMS |
| BS ISO 13491-1:2007 | Banking. Secure cryptographic devices (retail) Concepts, requirements and evaluation methods |
| ISO 11568-1:2005 | Banking — Key management (retail) — Part 1: Principles |
| BS ISO 11568-2:2012 | Financial services. Key management (retail) Symmetric ciphers, their key management and life cycle |
| ISO 9564-1:2017 | Financial services — Personal Identification Number (PIN) management and security — Part 1: Basic principles and requirements for PINs in card-based systems |
| ANSI X9.8-1 : 2015 | FINANCIAL SERVICES - PERSONAL IDENTIFICATION NUMBER (PIN) MANAGEMENT AND SECURITY - PART 1: BASIC PRINCIPLES AND REQUIREMENTS FOR PINS IN CARD-BASED SYSTEMS |
| ANSI X9/TG-3 : 2006 | RETAIL FINANCIAL SERVICES COMPLIANCE GUIDELINE - ONLINE PIN SECURITY AND KEY MANAGEMENT |
| I.S. CWA 14174-3:2004 | FINANCIAL TRANSACTIONAL IC CARD READER (FINREAD) - PART 3: SECURITY REQUIREMENTS |
| ISO/IEC 18031:2011 | Information technology Security techniques Random bit generation |
| ISO/IEC 15408-2:2008 | Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security functional components |
| ISO 11568-2:2012 | Financial services — Key management (retail) — Part 2: Symmetric ciphers, their key management and life cycle |
| ISO/IEC 15408-3:2008 | Information technology — Security techniques — Evaluation criteria for IT security — Part 3: Security assurance components |
| ISO 13491-1:2016 | Financial services — Secure cryptographic devices (retail) — Part 1: Concepts, requirements and evaluation methods |
| ISO/IEC 19790:2012 | Information technology — Security techniques — Security requirements for cryptographic modules |
| ISO 16609:2012 | Financial services — Requirements for message authentication using symmetric techniques |
| ISO 9564-1:2017 | Financial services — Personal Identification Number (PIN) management and security — Part 1: Basic principles and requirements for PINs in card-based systems |
| ISO 11568-1:2005 | Banking — Key management (retail) — Part 1: Principles |
| ISO/IEC 15408-1:2009 | Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model |
| ISO 9564-2:2014 | Financial services — Personal Identification Number (PIN) management and security — Part 2: Approved algorithms for PIN encipherment |
| ISO 11568-4:2007 | Banking — Key management (retail) — Part 4: Asymmetric cryptosystems — Key management and life cycle |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.