| Name |
Description |
Abstract |
Status |
Publication date |
Edition |
Number of pages |
Technical committee |
ICS |
| ISO 8730:1990/Cor 1:1999 |
Banking — Requirements for message authentication (wholesale) — Technical Corrigendum 1: . |
|
Withdrawn |
1999-12 |
Edition : 2 |
Number of pages : 1 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 8731-1:1987 |
Banking — Approved algorithms for message authentication — Part 1: DEA |
This part ISO 8731 deals with the Data Encryption Algorithm (DEA) as a method for use in the calculation of the Message Authentication Code (MAC). It meets the requirements specified in ISO 8730.
|
Withdrawn |
1987-05 |
Edition : 1 |
Number of pages : 2 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 8731-2:1987 |
Banking — Approved algorithm for message authentication — Part 2: Message authenticator algorithms |
|
Withdrawn |
1987-12 |
Edition : 1 |
Number of pages : 8 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 8731-2:1992 |
Banking — Approved algorithms for message authentication — Part 2: Message authenticator algorithm |
The algorithm described is specifically designed for high-speed authentication using a mainframe computer. It is also suitable for use with a programmable calculator. It works on the principle of a Message Authentication Code (MAC), a number sent with a message, so that a check can be made by the receiver of the message that it has not been altered since it left the sender. Annex A gives test examples for implementation of the algorithm, Annex B the specification of the algorithm in the Vienna Development Method (VDM).
|
Withdrawn |
1992-09 |
Edition : 2 |
Number of pages : 19 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 8732:1988/Cor 1:1999 |
Banking — Key management (wholesale) — Technical Corrigendum 1: . |
|
Withdrawn |
1999-12 |
Edition : 1 |
Number of pages : 1 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 8908:1993 |
Banking and related financial services — Vocabulary and data elements |
|
Withdrawn |
1993-12 |
Edition : 1 |
Number of pages : 117 |
Technical Committee |
03.060
Finances. Banking. Monetary systems. Insurance
;
01.040.03
Services. Company organization, management and quality. Administration. Transport. Sociology. (Vocabularies)
;
01.040.35
Information technology (Vocabularies)
;
35.240.40
IT applications in banking
|
| ISO 9144:1991 |
Securities — Optical character recognition line — Position and structure |
Defines: the location and size of one or more areas on the securities for the printing of a line of characters; the position of this line; the structure and the contents of this line. Annexes A, B, C and D form an integral part of this standard.
|
Published |
1991-10 |
Edition : 1 |
Number of pages : 13 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 9564-1:1991 |
Banking — Personal Identification Number management and security — Part 1: PIN protection principles and techniques |
Specifies the minimum security measures required for effective international PIN management. Annexes A and B form an integral part of this standard. Annexes C, D, E, F, G and H are for information only.
|
Withdrawn |
1991-12 |
Edition : 1 |
Number of pages : 28 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 9564-1:2002 |
Banking — Personal Identification Number (PIN) management and security — Part 1: Basic principles and requirements for online PIN handling in ATM and POS systems |
This part of ISO 9564 specifies the basic principles and techniques which provide the minimum security measures required for effective international PIN management. These measures are applicable to those institutions responsible for implementing techniques for the management and protection of PINs.
This part of ISO 9564 also specifies PIN protection techniques applicable to financial transaction-card-originated transactions in an online environment and a standard means of interchanging PIN data. These techniques are applicable to those institutions responsible for implementing techniques for the management and protection of the PIN at Automated Teller Machines (ATM) and acquirer sponsored Point-of-Sale (POS) terminals.
The provisions of this part of ISO 9564 are not intended to cover:
PIN management and security in the offline PIN environment, which is covered in ISO 9564-3;PIN management and security in the electronic commerce environments, which is to be covered in a subsequent part of ISO 9564;the protection of the PIN against loss or intentional misuse by the customer or authorized employees of the issuer;privacy of non-PIN transaction data;protection of transaction messages against alteration or substitution, e.g. an authorization response to a PIN verification;protection against replay of the PIN or transaction;specific key management techniques.
|
Withdrawn |
2002-04 |
Edition : 2 |
Number of pages : 30 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 9564-1:2011 |
Financial services — Personal Identification Number (PIN) management and security — Part 1: Basic principles and requirements for PINs in card-based systems |
ISO 9564-1:2011 specifies the basic principles and techniques which provide the minimum security measures required for effective international personal identification number (PIN) management. These measures are applicable to those institutions responsible for implementing techniques for the management and protection of PINs during their creation, issuance, usage and deactivation.
ISO 9564-1:2011 is applicable to the management of cardholder PINs for use as a means of cardholder verification in retail banking systems in, notably, automated teller machine (ATM) systems, point-of-sale (POS) terminals, automated fuel dispensers, vending machines, banking kiosks and PIN selection/change systems. It is applicable to issuer and interchange environments.
The provisions of ISO 9564-1:2011 are not intended to cover:
a) PIN management and security in environments where no persistent cryptographic relationship exists between the transaction-origination device and the acquirer, e.g. use of a browser for online shopping;
b) protection of the PIN against loss or intentional misuse by the customer;
c) privacy of non-PIN transaction data;
d) protection of transaction messages against alteration or substitution;
e) protection against replay of the PIN or transaction;
f) specific key management techniques;
g) offline PIN verification used in contactless devices;
h) requirements specifically associated with PIN management as it relates to multi-application functionality in integrated circuit (IC) cards.
|
Withdrawn |
2011-02 |
Edition : 3 |
Number of pages : 29 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 9564-1:2011/Amd 1:2015 |
Financial services — Personal Identification Number (PIN) management and security — Part 1: Basic principles and requirements for PINs in card-based systems — Amendment 1 |
|
Withdrawn |
2015-03 |
Edition : 3 |
Number of pages : 6 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 9807:1991 |
Banking and related financial services — Requirements for message authentication (retail) |
Specifies procedures to be used for protecting the integrity of retail banking messages and for verifying that the message originated from an authorized source. Describes the method by which algorithms are approved.
|
Withdrawn |
1991-12 |
Edition : 1 |
Number of pages : 11 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 10126-1:1991 |
Banking — Procedures for message encipherment (wholesale) — Part 1: General principles |
Gives terms and definitions. Defines procedures in order to protect financial messages exchanged through any communications architecture. Annex A forms an integral part of this standard. Annexes B, C and D are for information only.
|
Withdrawn |
1991-10 |
Edition : 1 |
Number of pages : 18 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 10126-2:1991 |
Banking — Procedures for message encipherment (wholesale) — Part 2: DEA algorithm |
DEA may be used as a suitable algorithm to implement ISO 10126-1, and is specified in ANSI X3.92. Keys shall be managed in accordance with ISO 8732.
|
Withdrawn |
1991-07 |
Edition : 1 |
Number of pages : 3 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 9564-1:2017 |
Financial services — Personal Identification Number (PIN) management and security — Part 1: Basic principles and requirements for PINs in card-based systems |
ISO 9564-1:2017 specifies the basic principles and techniques which provide the minimum security measures required for effective international PIN management. These measures are applicable to those institutions responsible for implementing techniques for the management and protection of PINs during their creation, issuance, usage and deactivation.
ISO 9564-1:2017 is applicable to the management of cardholder PINs for use as a means of cardholder verification in retail banking systems in, notably, automated teller machine (ATM) systems, point-of-sale (POS) terminals, automated fuel dispensers, vending machines, banking kiosks and PIN selection/change systems. It is applicable to issuer and interchange environments.
The provisions of ISO 9564-1:2017 are not intended to cover:
a) PIN management and security in environments where no persistent cryptographic relationship exists between the transaction-origination device and the acquirer, e.g. use of a browser for online shopping (for these environments, see ISO 9564-4);
b) protection of the PIN against loss or intentional misuse by the customer;
c) privacy of non-PIN transaction data;
d) protection of transaction messages against alteration or substitution;
e) protection against replay of the PIN or transaction;
f) specific key management techniques;
g) offline PIN verification used in contactless devices;
h) requirements specifically associated with PIN management as it relates to multi-application functionality in an ICC.
|
Published |
2017-11 |
Edition : 4 |
Number of pages : 32 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO/CD 9564-1 |
Financial services — Personal Identification Number (PIN) management and security — Part 1: Basic principles and requirements for PINs in card-based systems |
|
Under development |
|
Edition : 5 |
|
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 9564-2:1991 |
Banking — Personal Identification Number management and security — Part 2: Approved algorithm(s) for PIN encipherment |
Specifies the definition of the data encryption algorithm (DEA) as given in ANSI X3.92:1981.
|
Withdrawn |
1991-12 |
Edition : 1 |
Number of pages : 1 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 9564-2:2005 |
Banking — Personal Identification Number management and security — Part 2: Approved algorithms for PIN encipherment |
ISO 9564-2:2005 specifies algorithms for the encipherment of Personal Identification Numbers (PINs). Based on the approval processes established in ISO 9564-1, these are the data encryption algorithm (DEA) and the RSA encryption algorithm.
|
Withdrawn |
2005-02 |
Edition : 2 |
Number of pages : 2 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 9564-2:2014 |
Financial services — Personal Identification Number (PIN) management and security — Part 2: Approved algorithms for PIN encipherment |
ISO 9564-2:2014 specifies approved algorithms for the encipherment of Personal Identification Numbers (PINs).
|
Published |
2014-08 |
Edition : 3 |
Number of pages : 2 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 9564-3:2003 |
Banking — Personal Identification Number management and security — Part 3: Requirements for offline PIN handling in ATM and POS systems |
ISO 9564-3:2003 specifies the minimum security measures required for offline PIN handling and a standard means of interchanging PIN data in an offline environment. It is applicable to financial transaction card-originated transactions requiring offline PIN verification and to those institutions responsible for implementing techniques for the management and protection of the PIN at Automated Teller Machines (ATMs) and acquirer sponsored Point-of-Sale (POS) terminals.
|
Withdrawn |
2003-11 |
Edition : 1 |
Number of pages : 5 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 9564-4:2016 |
Financial services — Personal Identification Number (PIN) management and security — Part 4: Requirements for PIN handling in eCommerce for Payment Transactions |
ISO 9564-4:2016 provides requirements for the use of personal identification numbers (PIN) in eCommerce. The PINs in scope are the same cardholder PINs used as a means of cardholder verification in card-based financial transactions; notably, automated teller machine (ATM) systems, point-of-sale (POS) terminals, automated fuel dispensers, and vending machines.
It is applicable to financial card-originated transactions requiring verification of the PIN and to those organizations responsible for implementing techniques for the management of the PIN in eCommerce.
The provisions of this part of ISO 9564 are not intended to cover
- passwords, passcodes, pass phrases and other shared secrets used for customer authentication in online banking, telephone banking, digital wallets, mobile payment, etc.,
- management of cardholder PINs for use as a means of cardholder verification in retail banking systems in, notably, automated teller machine (ATM) systems, point-of-sale (POS) terminals, automated fuel dispensers, vending machines, banking kiosks and PIN selection/change systems, which are covered in ISO 9564‑1,
- card proxies such as mobile phones or key fobs,
- approved algorithms for PIN encipherment, which are covered in ISO 9564‑2,
- the protection of the PIN against loss or intentional misuse by the customer or authorized employees of the issuer,
- privacy of non-PIN transaction data,
- protection of transaction messages against alteration or substitution, e.g. an online authorization response,
- protection against replay of the transaction,
- functionality of devices used for PIN entry which is related to issuer functions other than PIN entry,
- specific key management techniques, and
- access to, and storage of, card data other than the PIN by applications such as wallets.
|
Published |
2016-03 |
Edition : 1 |
Number of pages : 14 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO/TR 9564-4:2004 |
Banking — Personal Identification Number (PIN) management and security — Part 4: Guidelines for PIN handling in open networks |
ISO/TR 9564-4:2004 provides guidelines for personal identification number PIN handling in open networks, presenting finance industry best-practice security measures for PIN management and the handling of financial card originated transactions in environments where issuers and acquirers have no direct control over management, or where no relationship exists between the PIN entry device and the acquirer prior to the transaction.
|
Withdrawn |
2004-03 |
Edition : 1 |
Number of pages : 6 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 11568-1:1994 |
Banking — Key management (retail) — Part 1: Introduction to key management |
Specifies the principles for the management of keys used in cipher systems implemented within the retail banking environment. Applies both to the keys of symmetric cipher systems and to the secret and public keys of asymmetric cipher systems. Appropriate for use by financial institutions and other organizations engaged in the area of retail financial services, where the interchange of information requires confidentiality, integrity, or authentication.
|
Withdrawn |
1994-11 |
Edition : 1 |
Number of pages : 11 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 11568-1:2005 |
Banking — Key management (retail) — Part 1: Principles |
ISO 11568-1:2005 specifies the principles for the management of keys used in cryptosystems implemented within the retail-banking environment. The retail-banking environment includes the interface between a card accepting device and an acquirer, an acquirer and a card issuer, an ICC and a card-accepting device.
An example of this environment and threats associated with the implementation of ISO 11568-1:2005 in the retail-banking environment are also described.
ISO 11568-1:2005 is applicable both to the keys of symmetric cipher systems, where both originator and recipient use the same secret key(s), and to the private and public keys of asymmetric cryptosystems, unless otherwise stated. The procedure for the approval of cryptographic algorithms used for key management is specified.
The use of ciphers often involves control information other than keys, e.g. initialization vectors and key identifiers. This other information is collectively called "keying material". Although ISO 11568-1:2005 specifically addresses the management of keys, the principles, services, and techniques applicable to keys may also be applicable to keying material.
ISO 11568-1:2005 is appropriate for use by financial institutions and other organizations engaged in the area of retail financial services, where the interchange of information requires confidentiality, integrity, or authentication. Retail financial services include but are not limited to such processes as POS debit and credit authorizations, automated dispensing machine and ATM transactions, etc.
ISO 9564 and ISO 16609 specify the use of cryptographic operations within retail financial transactions for personal identification number (PIN) encipherment and message authentication, respectively. The ISO 11568 series of standards is applicable to the management of the keys introduced by those standards. Additionally, the key management procedures may themselves require the introduction of further keys, e.g. key encipherment keys. The key management procedures are equally applicable to those keys.
|
Withdrawn |
2005-06 |
Edition : 2 |
Number of pages : 16 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 11568-2:1994 |
Banking — Key management (retail) — Part 2: Key management techniques for symmetric ciphers |
Specifies techniques for the protection of the cryptographic keys for symmetric siphers used in a retail banking environment. Applicable to any organisation which is responsible for implementing procedures for the protection of keys during the life cycle. Gives in annex B algorithms approved for use with the techniques described herein.
|
Withdrawn |
1994-11 |
Edition : 1 |
Number of pages : 16 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 11568-2:2005 |
Banking — Key management (retail) — Part 2: Symmetric ciphers, their key management and life cycle |
ISO 11568-2:2005 specifies techniques for the protection of symmetric and asymmetric cryptographic keys in a retail banking environment using symmetric ciphers and the life-cycle management of the associated symmetric keys. The techniques described enable compliance with the principles described in ISO 11568-1.
The techniques described are applicable to any symmetric key management operation.
|
Withdrawn |
2005-10 |
Edition : 2 |
Number of pages : 29 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 11568-2:2012 |
Financial services — Key management (retail) — Part 2: Symmetric ciphers, their key management and life cycle |
1 Scope
This part of ISO 11568 specifies techniques for the protection of symmetric and asymmetric cryptographic keys in a retail banking environment using symmetric ciphers and the life-cycle management of the associated symmetric keys. The techniques described enable compliance with the principles described in ISO 11568-1.
The techniques described are applicable to any symmetric key management operation.
The notation used in this part of ISO 11568 is given in Annex A.
Algorithms approved for use with the techniques described in this part of ISO 11568 are given in Annex B.
|
Withdrawn |
2012-02 |
Edition : 3 |
Number of pages : 29 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 11568-3:1994 |
Banking — Key management (retail) — Part 3: Key life cycle for symmetric ciphers |
Specifies for the retail banking environment the security requirements and the implementation methods for each step in the key life cycle. Applicable to any organisation that is responsible for the protection of keys used in a symmetric sipher. Applicable to institutions responsible for implementing techniques for the management of keys used to protect data in bank card originated transactions.
|
Withdrawn |
1994-11 |
Edition : 1 |
Number of pages : 8 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 11568-4:1998 |
Banking — Key management (retail) — Part 4: Key management techniques using public key cryptosystems |
|
Withdrawn |
1998-07 |
Edition : 1 |
Number of pages : 26 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 11568-4:2007 |
Banking — Key management (retail) — Part 4: Asymmetric cryptosystems — Key management and life cycle |
ISO 11568-4:2007 specifies techniques for the protection of symmetric and asymmetric cryptographic keys in a retail financial services environment using asymmetric cryptosystems and the life-cycle management of the associated asymmetric keys. The techniques described in this part of ISO 11568 enable compliance with the principles described in ISO 11568-1. For the purposes of this document, the retail financial services environment is restricted to the interface between:
a card-accepting device and an acquirer;an acquirer and a card issuer;an ICC and a card-accepting device.
|
Withdrawn |
2007-07 |
Edition : 2 |
Number of pages : 22 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 11568-5:1998 |
Banking — Key management (retail) — Part 5: Key life cycle for public key cryptosystems |
|
Withdrawn |
1998-07 |
Edition : 1 |
Number of pages : 12 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 11568:2023 |
Financial services — Key management (retail) |
This document describes the management of symmetric and asymmetric cryptographic keys that can be used to protect sensitive information in financial services related to retail payments. The document covers all aspects of retail financial services, including connections between a card-accepting device and an Acquirer, between an Acquirer and a card Issuer, and between an ICC and a card-accepting device. It covers all phases of the key life cycle, including the generation, distribution, utilization, archiving, replacement and destruction of the keying material. This document covers manual and automated management of keying material, and any combination thereof, used for retail financial services. It includes guidance and requirements related to key separation, substitution prevention, identification, synchronization, integrity, confidentiality and compromise, as well as logging and auditing of key management events.
Requirements associated with hardware used to manage keys have also been included in this document.
|
Published |
2023-02 |
Edition : 1 |
Number of pages : 115 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 13491-1:1998 |
Banking — Secure cryptographic devices (retail) — Part 1: Concepts, requirements and evaluation methods |
|
Withdrawn |
1998-06 |
Edition : 1 |
Number of pages : 21 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 13491-1:2007 |
Banking — Secure cryptographic devices (retail) — Part 1: Concepts, requirements and evaluation methods |
ISO 13491-1:2007 specifies the requirements for secure cryptographic devices (SCDs) based on the cryptographic processes defined in ISO 9564, ISO 16609 and ISO 11568.
ISO 13491-1:2007 has two primary purposes:
to state the requirements concerning both the operational characteristics of SCDs and the management of such devices throughout all stages of their life cycle, and
to standardize the methodology for verifying compliance with those requirements.
Appropriate device characteristics are necessary to ensure that the device has the proper operational capabilities and provides adequate protection for the data it contains. Appropriate device management is necessary to ensure that the device is legitimate, that it has not been modified in an unauthorized manner (e.g. by “bugging”) and that any sensitive data placed within the device (e.g. cryptographic keys) has not been subject to disclosure or change.
Absolute security is not achievable in practical terms. Cryptographic security depends upon each life cycle phase of the SCD and the complementary combination of appropriate management procedures and secure cryptographic characteristics. These management procedures implement preventive measures to reduce the opportunity for a breach of SCD security. These aim for a high probability of detection of any unauthorized access to sensitive or confidential data, should device characteristics fail to prevent or detect the security compromise.
Annex A provides an informative illustration of the concepts of security levels described in ISO 13491-1:2007 as being applicable to SCDs.
|
Withdrawn |
2007-06 |
Edition : 2 |
Number of pages : 30 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 13491-1:2016 |
Financial services — Secure cryptographic devices (retail) — Part 1: Concepts, requirements and evaluation methods |
ISO 13491-1:2016 specifies the security characteristics for secure cryptographic devices (SCDs) based on the cryptographic processes defined in ISO 9564, ISO 16609, and ISO 11568.
ISO 13491-1:2016 has two primary purposes:
- to state the security characteristics concerning both the operational characteristics of SCDs and the management of such devices throughout all stages of their life cycle;
? to provide guidance for methodologies to verify compliance with those requirements. This information is contained in Annex A.
ISO 13491-2 specifies checklists to be used to evaluate secure cryptographic devices (SCDs) incorporating cryptographic processes as specified in ISO 9564-1, ISO 9564-2, ISO 16609, ISO 11568-1, ISO 11568-2, ISO 11568-3, ISO 11568-4, ISO 11568-5, and ISO 11568-6 in the financial services environment.
Annex A provides an informative illustration of the concepts of security levels described in this part of ISO 13491 as being applicable to SCDs.
ISO 13491-1:2016 does not address issues arising from the denial of service of an SCD.
Specific requirements for the security characteristics and management of specific types of SCD functionality used in the retail financial services environment are contained in ISO 13491‑2.
|
Published |
2016-03 |
Edition : 3 |
Number of pages : 33 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO/CD 13491-1 |
Financial services — Secure cryptographic devices (retail) — Part 1: Concepts, requirements and evaluation methods |
|
Under development |
|
Edition : 4 |
|
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 13491-2:2000 |
Banking — Secure cryptographic devices (retail) — Part 2: Security compliance checklists for devices used in magnetic stripe card systems |
|
Withdrawn |
2000-11 |
Edition : 1 |
Number of pages : 30 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 13491-2:2005 |
Banking — Secure cryptographic devices (retail) — Part 2: Security compliance checklists for devices used in financial transactions |
ISO 13491-2:2005 specifies checklists to be used to evaluate secure cryptographic devices (SCDs) incorporating cryptographic processes, as specified in parts 1 and 2 of ISO 9564, ISO 16609 and parts 1 to 6 of ISO 11568, in the financial services environment. IC payment cards are subject to the requirements identified in this part of ISO 13491 up until the time of issue, after which they are to be regarded as a "personal" device and outside of the scope of this document.
ISO 13491-2:2005 does not address issues arising from the denial of service of an SCD.
|
Withdrawn |
2005-06 |
Edition : 2 |
Number of pages : 31 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO/TR 22126-5:2022 |
Financial services — Semantic technology — Part 5: Mapping from FIX Orchestra to the common model |
This document reports on a study to map messages defined using FIX Orchestra into the ISO 20022 model.
|
Published |
2022-08 |
Edition : 1 |
Number of pages : 6 |
Technical Committee |
03.060
Finances. Banking. Monetary systems. Insurance
;
35.240.40
IT applications in banking
|
| ISO 3353:1976 |
Aerospace construction — Rolled threads — Runout and lead threads |
|
Withdrawn |
1976-10 |
Edition : 1 |
Number of pages : 4 |
Technical Committee |
49.030.10
Screw threads
|
| ISO 13491-2:2016 |
Financial services — Secure cryptographic devices (retail) — Part 2: Security compliance checklists for devices used in financial transactions |
ISO 13491-2:2016 specifies checklists to be used to evaluate secure cryptographic devices (SCDs) incorporating cryptographic processes as specified in H.5, ISO 9564‑2, ISO 16609, ISO 11568‑1, ISO 11568‑2, and ISO 11568‑4 in the financial services environment. IC payment cards are subject to the requirements identified in this part of ISO 13491 up until the time of issue after which they are to be regarded as a "personal" device and outside of the scope of this part of ISO 13491.
ISO 13491-2:2016 does not address issues arising from the denial of service of an SCD.
In the checklists given in Annexes A to H, the term "not feasible" is intended to convey the notion that although a particular attack might be technically possible, it would not be economically viable since carrying out the attack would cost more than any benefits obtained from a successful attack. In addition to attacks for purely economic gain, malicious attacks directed toward loss of reputation need to be considered.
|
Withdrawn |
2016-03 |
Edition : 3 |
Number of pages : 39 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 13491-2:2017 |
Financial services — Secure cryptographic devices (retail) — Part 2: Security compliance checklists for devices used in financial transactions |
ISO 13491-2:2017 specifies checklists to be used to evaluate secure cryptographic devices (SCDs) incorporating cryptographic processes as specified in ISO 9564‑1, ISO 9564‑2, ISO 16609, ISO 11568‑1, ISO 11568‑2, and ISO 11568‑4 in the financial services environment. Integrated circuit (IC) payment cards are subject to the requirements identified in this document up until the time of issue after which they are to be regarded as a "personal" device and outside of the scope of this document.
ISO 13491-2:2017 does not address issues arising from the denial of service of an SCD.
In the checklists given in Annex A to Annex H, the term "not feasible" is intended to convey the notion that although a particular attack might be technically possible, it would not be economically viable since carrying out the attack would cost more than any benefits obtained from a successful attack. In addition to attacks for purely economic gain, malicious attacks directed toward loss of reputation need to be considered.
|
Withdrawn |
2017-03 |
Edition : 4 |
Number of pages : 39 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 13491-2:2023 |
Financial services — Secure cryptographic devices (retail) — Part 2: Security compliance checklists for devices used in financial transactions |
This document specifies checklists to be used to evaluate secure cryptographic devices (SCDs) incorporating cryptographic processes as specified in ISO 9564‑1, ISO 9564‑2, ISO 16609, and ISO 11568 in the financial services environment. Integrated circuit (IC) payment cards are subject to the requirements identified in this document up until the time of issue, after which they are to be regarded as a “personal” device and outside of the scope of this document.
|
Published |
2023-01 |
Edition : 5 |
Number of pages : 39 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 13492:1998 |
Banking — Key management related data element (retail) |
|
Withdrawn |
1998-05 |
Edition : 1 |
Number of pages : 10 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 13492:2007 |
Financial services — Key management related data element — Application and usage of ISO 8583 data elements 53 and 96 |
ISO 13492:2007 describes a key management related data element that can be transmitted either in transaction messages to convey information about cryptographic keys used to secure the current transaction, or in cryptographic service messages to convey information about cryptographic keys to be used to secure future transactions.
ISO 13492:2007 addresses the requirements for the use of the key management related data element within ISO 8583, using the following two ISO 8583 data elements:
security related control information (data element 53), or
key management data (data element 96).
However, these data elements can be usefully employed in other messaging formats, given that the transportation of key management related data is not limited to ISO 8583.
ISO 13492:2007 is applicable to either symmetric or asymmetric cipher systems. Key management procedures for the secure management of the cryptographic keys within the financial services environment are described in ISO 11568. Security related data, such as PIN data and MACs, are described in ISO 9564 and ISO 16609, respectively.
|
Withdrawn |
2007-12 |
Edition : 2 |
Number of pages : 10 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 13492:2019 |
Financial services — Key-management-related data element — Application and usage of ISO 8583-1 data elements for encryption |
This document describes a data element related to key management which can be transmitted either in transaction messages to convey information about cryptographic keys used to secure the current transaction, or in cryptographic service messages to convey information about cryptographic keys to be used to secure future transactions.
This document addresses the requirements for the use of the data element related to key management within ISO 8583-1, using the following two ISO 8583-1 data elements for DEA and TDEA:
— security related control information (data element 53);
— key management data (data element 96).
The data element related to key management for DEA and TDEA is constructed from the concatenation of two ISO 8583-1 message elements, data element 53 — security related control information, and data element 96 — key management data. It conveys information about the associated transaction's cryptographic key(s) and is divided into subfields including a control field, a key-set identifier and additional optional information. For AES implementations, the data elements are summarized in one field.
This document is applicable to either symmetric or asymmetric cipher systems.
|
Published |
2019-10 |
Edition : 3 |
Number of pages : 14 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 389:1991 |
Acoustics — Standard reference zero for the calibration of pure-tone air conduction audiometers |
|
Withdrawn |
1991-03 |
Edition : 3 |
Number of pages : 6 |
Technical Committee |
13.140
Noise with respect to human beings
|
| ISO/TR 14742:2010 |
Financial services — Recommendations on cryptographic algorithms and their use |
ISO/TR 14742:2010 provides a list of recommended cryptographic algorithms for use within applicable financial services standards prepared by ISO/TC 68. It also provides strategic guidance on key lengths and associated parameters and usage dates.
The focus is on algorithms rather than protocols, and protocols are in general not included in ISO/TR 14742:2010.
ISO/TR 14742:2010 deals primarily with recommendations regarding algorithms and key lengths.
The categories of algorithms covered in ISO/TR 14742:2010 are:
block ciphers;
stream ciphers;
hash functions;
message authentication codes (MACs);
asymmetric algorithms;
digital signature schemes giving message recovery,
digital signatures with appendix,
asymmetric ciphers;
authentication mechanisms;
key establishment and agreement mechanisms;
key transport mechanisms.
ISO/TR 14742:2010 does not define any cryptographic algorithms; however, the standards to which ISO/TR 14742:2010 refers may contain necessary implementation information as well as more detailed guidance regarding choice of security parameters, security analysis, and other implementation considerations.
|
Published |
2010-07 |
Edition : 1 |
Number of pages : 31 |
Technical Committee |
03.060
Finances. Banking. Monetary systems. Insurance
;
35.240.40
IT applications in banking
|
| ISO 15782-1:2003 |
Certificate management for financial services — Part 1: Public key certificates |
ISO 15782-1:2003 defines a certificate management system for financial industry use for legal and natural persons that includes credentials and certificate contents, certification authority systems (including certificates for digital signatures and encryption key management), certificate generation, distribution, validation and renewal, authentication structure and certification paths, revocation and recovery procedures, and extensions to the definitions of public-key certificates and certificate revocation lists. It also recommends some useful operational procedures (e.g. distribution mechanisms, acceptance criteria for submitted credentials). While providing for the generation of certificates that could include a public key used for encryption key management, it does not address the generation or transport of keys used for encryption.
|
Withdrawn |
2003-06 |
Edition : 1 |
Number of pages : 96 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 15782-1:2009 |
Certificate management for financial services — Part 1: Public key certificates |
ISO 15782-1:2009 defines a certificate management system for financial industry use for legal and natural persons that includes
credentials and certificate contents,
Certification Authority systems, including certificates for digital signatures and for encryption key management,
certificate generation, distribution, validation and renewal,
authentication structure and certification paths, and
revocation and recovery procedures.
ISO 15782-1:2009 also recommends some useful operational procedures (e.g. distribution mechanisms, acceptance criteria for submitted credentials).
Implementation of ISO 15782-1:2009 will also be based on business risks and legal requirements.
ISO 15782-1:2009 does not include
the protocol messages used between the participants in the certificate management process,
requirements for notary and time stamping,
Certificate Policy and Certification Practices requirements, or
Attribute Certificates.
While ISO 15782-1:2009 provides for the generation of certificates that could include a public key used for encryption key management, it does not address the generation or transport of keys used for encryption.
|
Withdrawn |
2009-10 |
Edition : 2 |
Number of pages : 49 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 15782-2:2001 |
Banking — Certificate management — Part 2: Certificate extensions |
|
Withdrawn |
2001-11 |
Edition : 1 |
Number of pages : 38 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 16609:2004 |
Banking — Requirements for message authentication using symmetric techniques |
ISO 16609:2004 specifies procedures, independent of the transmission process, for protecting the integrity of transmitted banking messages and for verifying that a message has originated from an authorized source. It also specifies a method by which block ciphers can be approved for use in the authentication of banking messages. In addition, because of the necessity for both members in a communicating pair to use the same means for data representation, it defines some methods for data representation. A list of block ciphers approved for the calculation of a message authentication code (MAC), as well as the method to be used to approve additional block ciphers, is also provided. The authentication methods it defines are applicable to messages formatted and transmitted both as coded character sets and as binary data.
ISO 16609:2004 is designed for use with symmetric algorithms where both sender and receiver use the same key. It does not specify methods for establishing the shared key, nor does it provide for encipherment for the protection of messages against unauthorized disclosure. Its application will not protect the user against internal fraud by sender or receiver, or forgery of a MAC by the receiver.
|
Withdrawn |
2004-03 |
Edition : 1 |
Number of pages : 29 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 16609:2012 |
Financial services — Requirements for message authentication using symmetric techniques |
|
Withdrawn |
2012-03 |
Edition : 2 |
Number of pages : 10 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 22739:2020 |
Blockchain and distributed ledger technologies — Vocabulary |
This document provides fundamental terminology for blockchain and distributed ledger technologies.
|
Published |
2020-07 |
Edition : 1 |
Number of pages : 10 |
Technical Committee |
35.030
IT Security
;
01.040.35
Information technology (Vocabularies)
;
35.240.40
IT applications in banking
;
35.240.99
IT applications in other fields
|
| ISO 16609:2022 |
Financial services — Requirements for message authentication using symmetric techniques |
This document specifies procedures, independent of the transmission process, for protecting the integrity of transmitted financial-service-related messages and for verifying that a message has originated from an authorized source, or that stored data has retained integrity. A list of block ciphers approved for the calculation of a message authentication code (MAC) is also provided. The authentication methods defined in this document are applicable to stored data and to messages formatted and transmitted both as coded character sets or as binary data.
This document is designed for use with symmetric algorithms where both sender and receiver use the same key. It does not specify methods for establishing the shared key. Its application will not protect the user against internal fraud perpetrated by the sender or the receiver, nor against forgery of a MAC by the receiver.
|
Published |
2022-08 |
Edition : 3 |
Number of pages : 13 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO/TR 17944:2002 |
Banking — Security and other financial services — Framework for security in financial systems |
ISO/TR 17944:2002 provides a framework for standards dealing with security that are deemed necessary for the financial industry. It consists of an inventory of the key security issues which arise in the financial industry and, for each of these issues, the titles of the relevant existing standards are given.
|
Withdrawn |
2002-08 |
Edition : 1 |
Number of pages : 13 |
Technical Committee |
03.060
Finances. Banking. Monetary systems. Insurance
;
35.240.40
IT applications in banking
|
| ISO/TR 19038:2005 |
Banking and related financial services — Triple DEA — Modes of operation — Implementation guidelines |
ISO/TR 19038:2005 provides the user with technical support and details for the safe and efficient implementation of the Triple Data Encryption Algorithm (TDEA) modes of operation for the enhanced cryptographic protection of digital data. The modes of operation described therein are specified for both enciphering and deciphering operations. The modes described in this Technical Report are implementations of the block cipher modes of operation specified in ISO/IEC 10116 using the Triple DEA algorithm (TDEA) specified in ISO/IEC 18033-3.
The TDEA modes of operation may be used in both wholesale and retail financial applications. The use of ISO/TR 19038:2005 provides the basis for the interoperability of products and facilitates the development of application standards that use the TDEA modes of operation. This Technical Report is intended for use with other ISO standards using DEA.
|
Published |
2005-06 |
Edition : 1 |
Number of pages : 54 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 19092-1:2006 |
Financial services — Biometrics — Part 1: Security framework |
ISO 19092-1:2006 describes the security framework for using biometrics for authentication of individuals in financial services. It introduces the types of biometric technologies and addresses issues concerning their application. ISO 19092-1:2006 also describes the architectures for implementation, specifies the minimum security requirements for effective management, and provides control objectives and recommendations suitable for use by a professional practitioner.
The following are within the scope of ISO 19092-1:2006:
usage of biometrics for the authentication of employees and persons seeking financial services by:verification of a claimed identity;identification of an individual;validation of credentials presented at enrolment to support authentication as required by risk management;management of biometric information across its life cycle comprised of the enrolment, transmission and storage, verification, identification and termination processes;security of biometric information during its life cycle, encompassing data integrity, origin authentication and confidentiality;application of biometrics for logical and physical access control;surveillance to protect the financial institution and its customers;security of the physical hardware used throughout the biometric information life cycle.
ISO 19092-1:2006 provides the mandatory means whereby biometric information may be encrypted for data confidentiality or other reasons.
|
Withdrawn |
2006-12 |
Edition : 1 |
Number of pages : 81 |
Technical Committee |
03.060
Finances. Banking. Monetary systems. Insurance
;
35.240.40
IT applications in banking
|
| ISO 19092:2008 |
Financial services — Biometrics — Security framework |
ISO 19092:2008 describes the security framework for using biometrics for authentication of individuals in financial services. It introduces the types of biometric technologies and addresses issues concerning their application. ISO 19092:2008 also describes the architectures for implementation, specifies the minimum security requirements for effective management, and provides control objectives and recommendations suitable for use by a professional practitioner.
The following are within the scope of ISO 19092:2008:
usage of biometrics for the authentication of employees and persons seeking financial services by:
verification of a claimed identity;
identification of an individual;
validation of credentials presented at enrolment to support authentication as required by risk management;
management of biometric information across its life cycle comprised of the enrolment, transmission and storage, verification, identification and termination processes;
security of biometric information during its life cycle, encompassing data integrity, origin authentication and confidentiality;
application of biometrics for logical and physical access control;
surveillance to protect the financial institution and its customers;
security of the physical hardware used throughout the biometric information life cycle.
ISO 19092:2008 provides the mandatory means whereby biometric information may be encrypted for data confidentiality or other reasons.
|
Withdrawn |
2008-01 |
Edition : 1 |
Number of pages : 77 |
Technical Committee |
03.060
Finances. Banking. Monetary systems. Insurance
;
35.240.40
IT applications in banking
|
| ISO 4037:1979/Amd 1:1983 |
X and gamma reference radiations for calibrating dosemeters and dose ratemeters and for determining their response as a function of photon energy — Amendment 1: Low rate series of filtered X-radiations |
|
Withdrawn |
1983-09 |
Edition : 1 |
Number of pages : 2 |
Technical Committee |
17.240
Radiation measurements
|
| ISO 19092:2023 |
Financial services — Biometrics — Security framework |
This document specifies the security framework for using biometrics for authentication of customers in financial services, focusing exclusively on retail payments. It introduces the most common types of biometric technologies and addresses issues concerning their application. This document also describes representative architectures for the implementation of biometric authentication and associated minimum control objectives.
The following are within the scope of this document:
— use of biometrics for the purpose of:
— verification of a claimed identity;
— identification of an individual;
— biometric authentication threats, vulnerabilities and controls;
— validation of credentials presented at enrolment to support authentication;
— management of biometric information across its life cycle, comprising enrolment, transmission and storage, verification, identification and termination processes;
— security requirements for hardware used in conjunction with biometric capture and biometric data processing;
— biometric authentication architectures and associated security requirements.
The following are not within the scope of this document:
— detailed specifications for data collection, feature extraction and comparison of biometric data and the biometric decision-making process;
— use of biometric technology for non-financial transaction applications, such as physical or logical system access control.
|
Published |
2023-03 |
Edition : 2 |
Number of pages : 65 |
Technical Committee |
03.060
Finances. Banking. Monetary systems. Insurance
;
35.240.40
IT applications in banking
|
| ISO 20038:2017 |
Banking and related financial services — Key wrap using AES |
ISO 20038:2017 defines a method for packaging cryptographic keys for transport. This method can also be used for the storage of keys under an AES key. The method uses the block cipher AES as the wrapping cipher algorithm.
Other methods for wrapping keys are outside the scope of this document but can use the authenticated encryption algorithms specified in ISO/IEC 19772.
|
Published |
2017-11 |
Edition : 1 |
Number of pages : 22 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 20038:2017/CD Amd 1 |
Banking and related financial services — Key wrap using AES — Amendment 1 |
|
Deleted |
|
Edition : 1 |
|
Technical Committee |
35.240.40
IT applications in banking
|
| ISO/DIS 20038 |
Banking and related financial services — Key wrap using AES |
ISO 20038:2017 defines a method for packaging cryptographic keys for transport. This method can also be used for the storage of keys under an AES key. The method uses the block cipher AES as the wrapping cipher algorithm.
Other methods for wrapping keys are outside the scope of this document but can use the authenticated encryption algorithms specified in ISO/IEC 19772.
|
Under development |
|
Edition : 2 |
Number of pages : 80 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 21188:2006 |
Public key infrastructure for financial services — Practices and policy framework |
ISO 21188:2006 sets out a framework of requirements to manage a PKI through certificate policies and certification practice statements and to enable the use of public key certificates in the financial services industry. It also defines control objectives and supporting procedures to manage risks.
ISO 21188:2006 draws a distinction between PKI systems used in open, closed and contractual environments. It further defines the operational practices relative to financial services industry accepted information systems control objectives. ISO 21188:2006 is intended to help implementers to define PKI practices that can support multiple certificate policies that include the use of digital signature, remote authentication and data encryption.
ISO 21188:2006 facilitates the implementation of operational, baseline PKI control practices that satisfy the requirements for the financial services industry in a contractual environment. While the focus of ISO 21188:2006 is on the contractual environment, application of this document to other environments is not specifically precluded. For the purposes of this document, the term "certificate" refers to public key certificates. Attribute certificates are outside the scope of ISO 21188:2006.
|
Withdrawn |
2006-05 |
Edition : 1 |
Number of pages : 107 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 21188:2018 |
Public key infrastructure for financial services — Practices and policy framework |
ISO 21188:2018 sets out a framework of requirements to manage a PKI through certificate policies and certification practice statements and to enable the use of public key certificates in the financial services industry. It also defines control objectives and supporting procedures to manage risks. While this document addresses the generation of public key certificates that might be used for digital signatures or key establishment, it does not address authentication methods, non-repudiation requirements or key management protocols.
ISO 21188:2018 draws a distinction between PKI systems used in closed, open and contractual environments. It further defines the operational practices relative to financial-services-industry-accepted information systems control objectives. This document is intended to help implementers to define PKI practices that can support multiple certificate policies that include the use of digital signature, remote authentication, key exchange and data encryption.
ISO 21188:2018 facilitates the implementation of operational, baseline PKI control practices that satisfy the requirements for the financial services industry in a contractual environment. While the focus of this document is on the contractual environment, application of this document to other environments is not specifically precluded. For the purposes of this document, the term "certificate" refers to public key certificates. Attribute certificates are outside the scope of this document
ISO 21188:2018 is targeted for several audiences with different needs and therefore the use of this document will have a different focus for each.
Business managers and analysts are those who require information regarding using PKI technology in their evolving businesses (e.g. electronic commerce); see Clauses 1 to 6.
Technical designers and implementers are those who are writing their certificate policies and certification practice statement(s); see Clauses 6 to 7 and Annexes A to G.
Operational management and auditors are those who are responsible for day-to-day operations of the PKI and validating compliance to this document; see Clauses 6 to 7.
|
Published |
2018-04 |
Edition : 2 |
Number of pages : 108 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO/TR 22126-3:2023 |
Financial services — Semantic technology — Part 3: Semantic enrichment of the ISO 20022 conceptual model |
This document examines semantic enrichment to support the maintenance of the ISO 20022 conceptual model. It reports on existing and proposed practices to enrich a model:
— in a repository, annotating repository concepts with metadata using semantic markup or constraints;
— outside a repository, using references to repository concepts, such as the provenance of changes.
|
Published |
2023-01 |
Edition : 1 |
Number of pages : 12 |
Technical Committee |
03.060
Finances. Banking. Monetary systems. Insurance
;
35.240.40
IT applications in banking
|
| ISO 2953:1999 |
Mechanical vibration — Balancing machines — Description and evaluation |
|
Withdrawn |
1999-04 |
Edition : 3 |
Number of pages : 55 |
Technical Committee |
21.120.40
Balancing and balancing machines
|
| ISO/DIS 22739 |
Blockchain and distributed ledger technologies — Vocabulary |
|
Under development |
|
Edition : 2 |
Number of pages : 14 |
Technical Committee |
35.030
IT Security
;
01.040.35
Information technology (Vocabularies)
;
35.240.40
IT applications in banking
;
35.240.99
IT applications in other fields
|
| ISO/TS 23029:2020 |
Web-service-based application programming interface (WAPI) in financial services |
This document defines the framework, function and protocols for an API ecosystem that will enable online synchronised interaction. Specifically, the document:
— defines a logical and technical layered approach for developing APIs, including transformational rules. Specific logical models (such as ISO 20022 models) are not included, but they will be referenced in the context of specific scenarios for guidance purposes;
— will primarily be thought about from a RESTful design point of view, but will consider alternative architectural styles (such as WebSocket and Webhook) where other blueprints or scenarios are offered;
— defines for the API ecosystem design principles of an API, rules of a Web-service-based API, the data payload and version control;
— sets out considerations relevant to security, identity and registration of an API ecosystem. Specific technical solutions will not be defined, but they will be referenced in the context of specific scenarios for guidance purposes;
— defines architectural usage beyond query/response asynchronous messaging towards publish/subscribe to support advanced and existing business models.
This document does not include:
— a specific technical specification of an API implementation in financial services;
— the development of JSON APIs based on the ISO 20022 specific message formats, such as PAIN, CAMT and PACS;
— a technical specification that is defined or determined by specific legal frameworks.
|
Published |
2020-02 |
Edition : 1 |
Number of pages : 52 |
Technical Committee |
35.240.40
IT applications in banking
|
| ISO 23195:2021 |
Security objectives of information systems of third-party payment services |
This document defines a common terminology to be used in the context of third-party payment (TPP). Next, it establishes two logical structural models in which the assets to be protected are clarified. Finally, it specifies security objectives based on the analysis of the logical structural models and the interaction of the assets affected by threats, organizational security policies and assumptions. These security objectives are set out in order to counter the threats resulting from the intermediary nature of TPPSPs offering payment services compared with simpler payment models where the payer and the payee directly interact with their respective account servicing payment service provider (ASPSP).
This document assumes that TPP-centric payments rely on the use of TPPSP credentials and the corresponding certified processes for issuance, distribution and renewal purposes. However, security objectives for such processes are out of the scope of this document.
NOTE This document is based on the methodology specified in the ISO/IEC 15408 series. Therefore, the security matters that do not belong to the TOE are dealt with as assumptions, such as the security required by an information system that provides TPP services and the security of communication channels between the entities participating in a TPP business.
|
Published |
2021-06 |
Edition : 1 |
Number of pages : 40 |
Technical Committee |
03.060
Finances. Banking. Monetary systems. Insurance
;
35.240.40
IT applications in banking
|
| ISO/TR 23244:2020 |
Blockchain and distributed ledger technologies — Privacy and personally identifiable information protection considerations |
This document provides an overview of privacy and personally identifiable information (PII) protection as applied to blockchain and distributed ledger technologies (DLT) systems.
|
Published |
2020-05 |
Edition : 1 |
Number of pages : 17 |
Technical Committee |
35.030
IT Security
;
35.240.40
IT applications in banking
;
35.240.99
IT applications in other fields
|
| ISO/TR 23249:2022 |
Blockchain and distributed ledger technologies – Overview of existing DLT systems for identity management |
This document provides an overview of existing DLT systems for identity management, i.e. the mechanisms by which one or more entities can create, receive, modify, use and revoke a set of identity attributes.
This document covers the following topics:
— Managing identity for individuals, organizations, things (IoT & objects), functions and processes and other entities including within and across DLT systems.
— Description of the actors and their interactions and common interfaces.
— Architectures.
— Existing relevant standards and frameworks.
|
Published |
2022-05 |
Edition : 1 |
Number of pages : 37 |
Technical Committee |
35.030
IT Security
;
35.240.40
IT applications in banking
;
35.240.99
IT applications in other fields
|
| ISO 23257:2022 |
Blockchain and distributed ledger technologies — Reference architecture |
This document specifies a reference architecture for Distributed Ledger Technology (DLT) systems including blockchain systems. The reference architecture addresses concepts, cross-cutting aspects, architectural considerations, and architecture views, including functional components, roles, activities, and their relationships for blockchain and DLT.
|
Published |
2022-02 |
Edition : 1 |
Number of pages : 52 |
Technical Committee |
35.030
IT Security
;
35.240.40
IT applications in banking
;
35.240.99
IT applications in other fields
|
| ISO 8041:1990/Amd 1:1999 |
Human response to vibration — Measuring instrumentation — Amendment 1 |
|
Withdrawn |
1999-11 |
Edition : 1 |
Number of pages : 23 |
Technical Committee |
13.160
Vibration and shock with respect to human beings
|
| ISO/TS 23258:2021 |
Blockchain and distributed ledger technologies — Taxonomy and Ontology |
This document specifies a taxonomy and an ontology for blockchain and distributed ledger technologies (DLT). The taxonomy includes a taxonomy of concepts, a taxonomy of DLT systems and a taxonomy of application domains, purposes and economy activity sections for use cases. The ontology includes classes and attributes as well as relations between concepts.
The audience includes but is not limited to academics, architects, customers, users, tool developers, regulators, auditors and standards development organizations.
|
Published |
2021-11 |
Edition : 1 |
Number of pages : 28 |
Technical Committee |
35.030
IT Security
;
35.240.40
IT applications in banking
;
35.240.99
IT applications in other fields
|
| ISO/DTS 23259 |
Blockchain and distributed ledger technologies — Legally binding smart contracts |
|
Deleted |
|
Edition : 1 |
|
Technical Committee |
35.030
IT Security
;
35.240.40
IT applications in banking
;
35.240.99
IT applications in other fields
|
| ISO/TR 23455:2019 |
Blockchain and distributed ledger technologies — Overview of and interactions between smart contracts in blockchain and distributed ledger technology systems |
This document provides an overview of smart contracts in BC/DLT systems; describing what smart contracts are and how they work. It also discusses methods of interaction between multiple smart contracts. This document focuses on technical aspects of smart contracts. Smart contracts for legally binding use and applications will only be briefly mentioned in this document.
|
Published |
2019-09 |
Edition : 1 |
Number of pages : 42 |
Technical Committee |
35.030
IT Security
;
35.240.40
IT applications in banking
;
35.240.99
IT applications in other fields
|
| ISO/PRF TS 23526 |
Security aspects for digital currencies |
|
Under development |
|
Edition : 1 |
|
Technical Committee |
03.060
Finances. Banking. Monetary systems. Insurance
;
35.240.40
IT applications in banking
|
| ISO/TR 23576:2020 |
Blockchain and distributed ledger technologies — Security management of digital asset custodians |
This document discusses the threats, risks, and controls related to:
— systems that provide digital asset custodian services and/or exchange services to their customers (consumers and businesses) and management of security when an incident occurs;
— asset information (including the signature key of the digital asset) that a custodian of digital assets manages.
This document is addressed to digital asset custodians that manage signature keys associated with digital asset accounts. In such a case, certain specific recommendations apply.
The following is out of scope of this document:
— core security controls of blockchain and DLT systems;
— business risks of digital asset custodians;
— segregation of customer's assets;
— governance and management issues.
|
Published |
2020-12 |
Edition : 1 |
Number of pages : 35 |
Technical Committee |
35.030
IT Security
;
35.240.40
IT applications in banking
;
35.240.99
IT applications in other fields
|
| ISO/TS 23635:2022 |
Blockchain and distributed ledger technologies — Guidelines for governance |
This document provides guiding principles and a framework for the governance of DLT systems.
The document also provides guidance on the fulfilment of governance, including risk and regulatory contexts, that supports the effective, efficient, and acceptable use of DLT systems.
|
Published |
2022-02 |
Edition : 1 |
Number of pages : 26 |
Technical Committee |
35.030
IT Security
;
35.240.40
IT applications in banking
;
35.240.99
IT applications in other fields
|
| ISO/TR 23644 |
Blockchain and distributed ledger technologies (DLTs) — Overview of trust anchors for DLT-based identity management |
|
Under development |
|
Edition : 1 |
|
Technical Committee |
35.030
IT Security
;
35.240.40
IT applications in banking
;
35.240.99
IT applications in other fields
|
| ISO/TR 24374 |
Financial services — Security information for PKI in blockchain and DLT implementations |
|
Under development |
2023-04 |
Edition : 1 |
|
Technical Committee |
35.030
IT Security
;
35.240.40
IT applications in banking
|
| ISO/IEC CD 27562 |
Privacy guidelines for fintech services |
|
Under development |
|
Edition : 1 |
|
Technical Committee |
03.060
Finances. Banking. Monetary systems. Insurance
;
35.030
IT Security
;
35.240.40
IT applications in banking
|
| ISO/CD TS 21030 |
Educational organizations — Requirements for bodies providing audit and certification of educational organizations management systems |
|
Under development |
|
Edition : 1 |
|
Technical Committee |
03.180
Education
;
03.120.20
Product and company certification. Conformity assessment
|
| ISO/IEC 30163:2021 |
Internet of Things (IoT) — System requirements of IoT/SN technology-based integrated platform for chattel asset monitoring supporting financial services |
ISO/IEC 30163:2021 specifies the system requirements of an Internet of Things (IoT)/Sensor Network (SN) technology-based platform for chattel asset monitoring supporting financial services, including:
- System infrastructure that describes functional components;
- System and functional requirements during the entire chattel asset management process, including chattel assets in transition, in/out of warehouse, storage, mortgage, etc.;
- Performance requirements and performance specifications of each functional component;
- Interface definition of the integrated platform system.
This document is applicable to the design and development of IoT/SN system for chattel asset monitoring supporting financial services.
|
Published |
2021-03 |
Edition : 1 |
Number of pages : 20 |
Technical Committee |
35.020
Information technology (IT) in general
;
35.240.40
IT applications in banking
|
| ISO 11180:1993 |
Postal addressing |
Specifies the maximum dimensions of the postal address and its locations on forms complying with ISO 8439 and is designed to standardize its presentation and structure. Annexes A and B give elements of the addressee's address and examples of addresses.
|
Withdrawn |
1993-03 |
Edition : 1 |
Number of pages : 8 |
Technical Committee |
03.240
Postal services
;
01.140.30
Documents in administration, commerce and industry
|
| ISO 10668:2010 |
Brand valuation — Requirements for monetary brand valuation |
ISO 10668:2010 specifies requirements for procedures and methods of monetary brand value measurement.
ISO 10668:2010 specifies a framework for brand valuation, including objectives, bases of valuation, approaches to valuation, methods of valuation and sourcing of quality data and assumptions. It also specifies methods for reporting the results of such valuation.
|
Published |
2010-09 |
Edition : 1 |
Number of pages : 11 |
Technical Committee |
03.140
Patents. Intellectual property
|
| ISO 12931:2012 |
Performance criteria for authentication solutions used to combat counterfeiting of material goods |
ISO 12931:2012 specifies performance criteria and evaluation methodology for authentication solutions used to establish material good authenticity throughout the entire material good life cycle. It does not specify how technical solutions achieve these performance criteria.
ISO 12931:2012 is intended for all types and sizes of organizations that require the ability to validate the authenticity of material goods. It is intended to guide such organizations in the determination of the categories of authentication elements they need to combat those risks, and the criteria for selection of authentication elements that provide those categories, having undertaken a counterfeiting risk analysis. Such authentication elements can be part of the material good itself and/or its packaging. The criteria applies to the material good and/or its packaging.
|
Withdrawn |
2012-06 |
Edition : 1 |
Number of pages : 28 |
Technical Committee |
03.140
Patents. Intellectual property
|
| ISO 20671-1:2021 |
Brand evaluation — Part 1: Principles and fundamentals |
This document specifies the fundamentals and principles for brand evaluation, including an integrated framework for brand evaluation containing necessary brand input elements, output dimensions and sample indicators.
This document can be used in internal and external brand evaluation.
|
Published |
2021-11 |
Edition : 1 |
Number of pages : 12 |
Technical Committee |
03.140
Patents. Intellectual property
|
| ISO 20671-2:2023 |
Brand evaluation — Part 2: Implementation and reporting |
This document provides requirements for implementing and reporting brand evaluations.
|
Published |
2023-03 |
Edition : 1 |
Number of pages : 19 |
Technical Committee |
03.140
Patents. Intellectual property
|
| ISO 20671-3 |
Brand evaluation — Part 3: Requirements and recommendations for brands related to geographical indications |
|
Under development |
2023-04 |
Edition : 1 |
|
Technical Committee |
03.140
Patents. Intellectual property
|
| ISO 20671:2019 |
Brand evaluation — Principles and fundamentals |
This document specifies the fundamentals and principles for brand evaluation, including an integrated framework for brand evaluation containing necessary brand input elements, output dimensions and sample indicators.
This document can be used in internal and external brand evaluation.
|
Withdrawn |
2019-03 |
Edition : 1 |
Number of pages : 12 |
Technical Committee |
03.140
Patents. Intellectual property
|
| ISO/TR 22038:2020 |
Information and documentation — Description and presentation of rights information |
This document provides an effective presentation of rights information in digital collections to end-users. Digital collection, in this document, is mainly focused on digital collections in libraries, museums, archives or other organizations that offer similar resources to their patrons.
This document deals with the human-readable aspects of the rights presentation. Technical aspects of the storage and management of rights expression information, such as, metadata schemas, interoperability of machine-readable expressions and user interfaces are out of scope of this document.
|
Published |
2020-06 |
Edition : 1 |
Number of pages : 8 |
Technical Committee |
03.140
Patents. Intellectual property
;
01.140.20
Information sciences
|
| ISO 5347-0:1987/Cor 2:1993 |
Methods for the calibration of vibration and shock pick-ups — Part 0: Basic concepts — Technical Corrigendum 2 |
|
Withdrawn |
1993-06 |
Edition : 1 |
Number of pages : 1 |
Technical Committee |
17.160
Vibrations, shock and vibration measurements
|
| ISO 56005:2020 |
Innovation management — Tools and methods for intellectual property management — Guidance |
Efficient management of IP is key to support the process of innovation, is essential for organizations' growth and protection, and is their engine for competitiveness.
This document proposes guidelines for supporting the role of IP within innovation management. It aims to address the following issues concerning IP management at strategic and operational levels:
— Creating an IP strategy to support innovation in an organization;
— Establishing systematic IP management within the innovation processes;
— Applying consistent IP tools and methods in support of efficient IP management.
This document can be used for any type of innovation activities and initiatives.
|
Published |
2020-11 |
Edition : 1 |
Number of pages : 35 |
Technical Committee |
03.140
Patents. Intellectual property
;
03.100.01
Company organization and management in general
;
03.100.40
Research and development
|
| ISO/TS 17582:2014 |
Quality management systems — Particular requirements for the application of ISO 9001:2008 for electoral organizations at all levels of government |
ISO/TS 17582:2014 specifies requirements for a quality management system where an electoral organization
needs to demonstrate its ability to manage elections by secret ballot, which provide reliable, transparent, free and fair results that comply with electoral requirements;
within the established legal framework, aims to enhance the trust and confidence of citizens, candidates, political organizations, and other electoral interested parties through the effective implementation of the electoral quality management system, including processes for continual improvement.
ISO/TS 17582:2014 applies to the election period, including pre-election and post-election activities or processes.
ISO/TS 17582:2014 applies to all electoral bodies involved in any aspect of the electoral process, whether they are permanent organizations or temporary organizations established in support of a particular election period.
ISO/TS 17582:2014 is applicable to elections at all levels of government, whether local, regional or national.
|
Withdrawn |
2014-02 |
Edition : 1 |
Number of pages : 43 |
Technical Committee |
03.160
Law. Administration
;
03.100.70
Management systems
|
| ISO 18091:2014 |
Quality management systems — Guidelines for the application of ISO 9001:2008 in local government |
The objective of ISO 18091:2014 is to provide local governments with guidelines for achieving reliable results through the application of ISO 9001:2008 on an integral basis. These guidelines do not, however, add, change or modify the requirements of ISO 9001:2008.
All the guidelines indicated in ISO 18091:2014 are generic and applicable to all local governments, regardless of their type, size and product/service provided. The user can apply the guidance contained in ISO 18091:2014 as a whole or, in part, as necessary, to their maximum benefit.
|
Withdrawn |
2014-02 |
Edition : 1 |
Number of pages : 57 |
Technical Committee |
03.160
Law. Administration
;
03.100.70
Management systems
|
| ISO 18091:2019 |
Quality management systems — Guidelines for the application of ISO 9001 in local government |
This International Standard specifies requirements for a quality management system when an organization:
a) needs to demonstrate its ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements, and
b) aims to enhance customer satisfaction through the effective application of the system, including processes for improvement of the system and the assurance of conformity to customer and applicable statutory and regulatory requirements.
All the requirements of this International Standard are generic and are intended to be applicable to any organization, regardless of its type or size, or the products and services it provides.
NOTE 1 In this International Standard, the terms "product" or "service" only apply to products and services intended for, or required by, a customer.
NOTE 2 Statutory and regulatory requirements can be expressed as legal requirements.
This document gives guidelines for local governments on understanding and implementing a quality management system that meets the requirements of ISO 9001:2015, in order to meet the needs and expectations of their customers/citizens and all other relevant interested parties by consistently providing them with products and services.
It promotes implementing a quality management system in a responsible and accountable manner, through the application of ISO 9001 on a comprehensive basis. These guidelines do not add, change or modify the requirements of ISO 9001.
It is applicable to all local government processes at all levels (i.e. strategical, tactical-managerial and operational) in order to constitute a comprehensive quality management system that focuses on the local government achieving its objectives. The comprehensive character of this system is essential to ensure that all the areas of the local government have a specified level of reliability (i.e. effectiveness of the processes).
Annex A, as a starting point for users of this document, gives a diagnostic methodology for local governments to evaluate the scope and maturity of their processes and products and services. Annex B gives the processes necessary to provide reliable products and services to customers/citizens.
|
Published |
2019-03 |
Edition : 2 |
Number of pages : 73 |
Technical Committee |
03.160
Law. Administration
;
03.100.70
Management systems
|
| ISO/TS 54001:2019 |
Quality management systems — Particular requirements for the application of ISO 9001:2015 for electoral organizations at all levels of government |
This International Standard specifies requirements for a quality management system when an organization:
a) needs to demonstrate its ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements, and
b) aims to enhance customer satisfaction through the effective application of the system, including processes for improvement of the system and the assurance of conformity to customer and applicable statutory and regulatory requirements.
All the requirements of this International Standard are generic and are intended to be applicable to any organization, regardless of its type or size, or the products and services it provides.
NOTE 1 In this International Standard, the terms "product" or "service" only apply to products and services intended for, or required by, a customer.
NOTE 2 Statutory and regulatory requirements can be expressed as legal requirements.
This document specifies requirements for a quality management system where an electoral organization:
— needs to demonstrate its ability to manage elections by secret ballot, to provide reliable, transparent, free and fair results that comply with electoral requirements;
— within the established legal framework, aims to enhance the trust and confidence of citizens, candidates, political organizations and other electoral interested parties through the effective implementation of the electoral quality management system, including processes for continual improvement.
NOTE 3 Electoral bodies can be constituted to reflect local legal requirements.
NOTE 4 In this document, the term "product" only applies to the electoral service provided by an electoral body.
This document is applicable to the election period, including pre-election and post-election activities or processes.
This document is applicable to all electoral bodies involved in any aspect of the electoral process, whether they are permanent organizations or temporary organizations established in support of a particular election period.
|
Published |
2019-04 |
Edition : 1 |
Number of pages : 54 |
Technical Committee |
03.160
Law. Administration
;
03.100.70
Management systems
|