ISO 21188:2018
Current
The latest, up-to-date edition.
Public key infrastructure for financial services — Practices and policy framework
Hardcopy , PDF , PDF 3 Users , PDF 5 Users , PDF 9 Users
English
09-04-2018
Important note : Users cannot be edited or removed once added to your Multi user PDF.
ISO 21188:2018 sets out a framework of requirements to manage a PKI through certificate policies and certification practice statements and to enable the use of public key certificates in the financial services industry. It also defines control objectives and supporting procedures to manage risks. While this document addresses the generation of public key certificates that might be used for digital signatures or key establishment, it does not address authentication methods, non-repudiation requirements or key management protocols.
ISO 21188:2018 draws a distinction between PKI systems used in closed, open and contractual environments. It further defines the operational practices relative to financial-services-industry-accepted information systems control objectives. This document is intended to help implementers to define PKI practices that can support multiple certificate policies that include the use of digital signature, remote authentication, key exchange and data encryption.
ISO 21188:2018 facilitates the implementation of operational, baseline PKI control practices that satisfy the requirements for the financial services industry in a contractual environment. While the focus of this document is on the contractual environment, application of this document to other environments is not specifically precluded. For the purposes of this document, the term "certificate" refers to public key certificates. Attribute certificates are outside the scope of this document
ISO 21188:2018 is targeted for several audiences with different needs and therefore the use of this document will have a different focus for each.
Business managers and analysts are those who require information regarding using PKI technology in their evolving businesses (e.g. electronic commerce); see Clauses 1 to 6.
Technical designers and implementers are those who are writing their certificate policies and certification practice statement(s); see Clauses 6 to 7 and Annexes A to G.
Operational management and auditors are those who are responsible for day-to-day operations of the PKI and validating compliance to this document; see Clauses 6 to 7.
| Committee |
ISO/TC 68/SC 2
|
| DevelopmentNote |
Supersedes ISO/DIS 21188. Supersedes and incorporates ISO 15782-1 & ISO 15782-2. (04/2018)
|
| DocumentType |
Standard
|
| Pages |
108
|
| PublisherName |
International Organization for Standardization
|
| Status |
Current
|
| Supersedes |
| Standards | Relationship |
| BS ISO 21188:2006 | Identical |
| BS ISO 21188:2018 | Identical |
| ISO/IEC 18033-1:2015 | Information technology Security techniques Encryption algorithms Part 1: General |
| ISO/IEC 18032:2005 | Information technology Security techniques Prime number generation |
| ISO/IEC 18014-3:2009 | Information technology Security techniques Time-stamping services Part 3: Mechanisms producing linked tokens |
| ISO/IEC 15945:2002 | Information technology — Security techniques — Specification of TTP services to support the application of digital signatures |
| ISO/IEC 7813:2006 | Information technology Identification cards Financial transaction cards |
| ISO/IEC 9834-1:2012 | Information technology — Procedures for the operation of object identifier registration authorities — Part 1: General procedures and top arcs of the international object identifier tree |
| ISO/IEC 18033-2:2006 | Information technology — Security techniques — Encryption algorithms — Part 2: Asymmetric ciphers |
| ISO/IEC 18033-3:2010 | Information technology Security techniques Encryption algorithms Part 3: Block ciphers |
| ISO/IEC 18014-2:2009 | Information technology Security techniques Time-stamping services Part 2: Mechanisms producing independent tokens |
| ISO 13491-1:2016 | Financial services — Secure cryptographic devices (retail) — Part 1: Concepts, requirements and evaluation methods |
| FIPS PUB 140-2 : 0 | SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES |
| ISO/IEC 19790:2012 | Information technology — Security techniques — Security requirements for cryptographic modules |
| ISO/IEC 27002:2013 | Information technology Security techniques Code of practice for information security controls |
| ISO/IEC 8824:1990 | Information technology — Open Systems Interconnection — Specification of Abstract Syntax Notation One (ASN.1) |
| ISO/TR 13569:2005 | Financial services Information security guidelines |
| ISO/IEC 9594-8:2017 | Information technology Open Systems Interconnection The Directory Part 8: Public-key and attribute certificate frameworks |
| TS 101 456 : 1.4.3 | ELECTRONIC SIGNATURES AND INFRASTRUCTURES (ESI); POLICY REQUIREMENTS FOR CERTIFICATION AUTHORITIES ISSUING QUALIFIED CERTIFICATES |
| ISO/IEC 10118-3:2004 | Information technology Security techniques Hash-functions Part 3: Dedicated hash-functions |
| ISO/IEC 7810:2003 | Identification cards Physical characteristics |
| ISO/IEC 10646-1:2000 | Information technology Universal Multiple-Octet Coded Character Set (UCS) Part 1: Architecture and Basic Multilingual Plane |
| TS 102 042 : 2.4.1 | ELECTRONIC SIGNATURES AND INFRASTRUCTURES (ESI); POLICY REQUIREMENTS FOR CERTIFICATION AUTHORITIES ISSUING PUBLIC KEY CERTIFICATES |
| ISO/IEC 18033-4:2011 | Information technology — Security techniques — Encryption algorithms — Part 4: Stream ciphers |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.