Customer Service:
Mon - Fri: 8:30 am - 6 pm EST
Back
Standards PDF Cover Page preview

 Historical

ANSI X9.97-2009

Financial services - Secure Cryptographic Devices (Retail) - Part 1: Concepts, Requirements and Evaluation Methods

This part of ANS X9.97 specifies the requirements for Secure Cryptographic Devices which incorporate the cryptographic processes defined in ISO 9564, ISO 16609 and ISO 11568. This part of ANS X9.97 has two primary purposes: 1) to state the requirements concerning both the operational characteristics of SCDs and the management of such devices throughout all stages of their life cycle, 2) to standardize the methodology for verifying compliance with those requirements. Appropriate device characteristics are necessary to ensure that the device has the proper operational capabilities and provides adequate protection for the data it contains. Appropriate device management is necessary to ensure that the device is legitimate, that it has not been modified in an unauthorized manner, e.g., by "bugging", and that any sensitive data placed within the device (e.g., cryptographic keys) has not been subject to disclosure or change. Absolute security is not practically achievable. Cryptographic security depends upon each life cycle phase of the SCD and the complementary combination of appropriate management procedures and secure cryptographic characteristics. These management procedures implement preventive measures to reduce the opportunity for a breach of SCD security. These aim for a high probability of detection of any unauthorized access to sensitive or confidential data should device characteristics fail to prevent or detect the security compromise. Annex A provides an informative illustration of the concepts of security levels described in this part of ANS X9.97 as being applicable to SCDs. This part of ANS X9.97 does not address issues arising from the denial of service of an SCD. Specific requirements for the characteristics and management of specific types of SCD functionality used in the retail financial services environment are contained in ANS X9.97-2.

Available for Subscriptions

Content Provider
Accredited Standards Committee, Inc. - Financial Industry Standards [ascx9]

Others Also Bought

X9.97-2:2009 (Identical to ISO 13491-2:2005)
Banking - Secure cryptographic devices(retail) -Part 2: Security compliance checklists for devices used in financial ...
Add to cart
ANSI X9.8-1:2003
Banking - Personal Identification Number Management and Security - Part 1: PIN protection principles and techniques ...
Add to cart
ANSI X9.24-1:2009
Retail Financial Services Symmetric Key Management Part 1: Using Symmetric Techniques
Add to cart
Document History
Revised By:
Included in Packages
This standard is not included in any packages.
Amendments & Corrections
We have no amendments or corrections for this standard.
ANSI Logo

As the voice of the U.S. standards and conformity assessment system, the American National Standards Institute (ANSI) empowers its members and constituents to strengthen the U.S. marketplace position in the global economy while helping to assure the safety and health of consumers and the protection of the environment.

Useful Links
CUSTOMER SERVICE
NEW YORK OFFICE
ANSI HEADQUARTERS
2024 © American National Standards Institute (ANSI) All Rights Reserved.