šŸ”„šŸ”„ Donā€™t Miss Out on Our End of Autumn Sale. If you have any questions, feel free to click the bottom right corner to contact our customer service..

Concat us[email protected]
Shopping Cart

No products in the cart.

šŸ”
BS ISO 13491-1:2016

BS ISO 13491-1:2016

$167.15

Financial services. Secure cryptographic devices (retail) – Concepts, requirements and evaluation methods

Published By Publication Date Number of Pages
BSI 2016 44
PDF Format Searchable Printable Preview Now
Guaranteed Safe Checkout
Categories: ,

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. Weā€™re here to assist you 24/7.
Email:[email protected]

This part of ISO 13491 specifies the security characteristics for secure cryptographic devices (SCDs) based on the cryptographic processes defined in ISO 9564 , ISO 16609 , and ISO 11568 .

This part of ISO 13491 has two primary purposes:

  • to state the security characteristics concerning both the operational characteristics of SCDs and the management of such devices throughout all stages of their life cycle;

  • to provide guidance for methodologies to verify compliance with those requirements. This information is contained in Annex A.

ISO 13491ā€‘2 specifies checklists to be used to evaluate secure cryptographic devices (SCDs) incorporating cryptographic processes as specified in ISO 9564ā€‘1 , ISO 9564ā€‘2 , ISO 16609 , ISO 11568ā€‘1 , ISO 11568ā€‘2 , ISO 11568ā€‘3 , ISO 11568ā€‘4 , ISO 11568ā€‘5 , and ISO 11568ā€‘6 in the financial services environment.

Annex A provides an informative illustration of the concepts of security levels described in this part of ISO 13491 as being applicable to SCDs.

This part of ISO 13491 does not address issues arising from the denial of service of an SCD.

Specific requirements for the security characteristics and management of specific types of SCD functionality used in the retail financial services environment are contained in ISO 13491ā€‘2 .

PDF Catalog

PDF Pages PDF Title
7 Foreword
8 Introduction
9 1 Scope
2 Normative references
3 Terms and definitions
13 4 Abbreviated terms
5 Secure cryptographic device concepts
5.1 General
14 5.2 Attack scenarios
5.2.1 General
5.2.2 Penetration
5.2.3 Monitoring
5.2.4 Manipulation
5.2.5 Modification
5.2.6 Substitution
15 5.3 Defence measures
5.3.1 General
5.3.2 Device characteristics
16 5.3.3 Device management
5.3.4 Environment
6 Requirements for device security characteristics
6.1 General
17 6.2 Physical security requirements for SCDs
6.2.1 General
6.3 Tamper evident requirements
6.3.1 General
18 6.4 Tamper resistant requirements
6.4.1 General
6.5 Tamper responsive requirements
6.5.1 General
19 6.6 Logical security requirements for SCDs
6.6.1 Dual control
6.6.2 Unique key per device
6.6.3 Assurance of genuine device
6.6.4 Design of functions
20 6.6.5 Use of cryptographic keys
6.6.6 Sensitive device states
6.6.7 Multiple cryptographic relationships
6.6.8 SCD software authentication
7 Requirements for device management
7.1 General
21 7.2 Life cycle phases
22 7.3 Life cycle protection requirements
7.3.1 General
7.3.2 Manufacturing phase
23 7.3.3 Post-manufacturing phase
7.3.4 Commissioning (initial financial key loading) phase
7.3.5 Inactive operational phase
24 7.3.6 Active operational phase (use)
7.3.7 Decommissioning (post-use) phase
7.3.8 Repair phase
25 7.3.9 Destruction phase
7.4 Life cycle protection methods
7.4.1 Manufacturing
7.4.2 Post manufacturing phase
7.4.3 Commissioning (initial financial key loading) phase
26 7.4.4 Inactive Operational Phase
7.4.5 Active operational (use) phase
7.4.6 Decommissioning phase
27 7.4.7 Repair
7.4.8 Destruction
7.5 Accountability
28 7.6 Device management principles of audit and control
31 AnnexĀ A (informative) Evaluation methods
41 Bibliography

Related products

BS ISO 13491-1:2016
$167.15