标准编号:ISO 13491-2:2016
中文名称:银行业 安全加密装置(零售) 第2部分:概念、要求和评定方法
英文名称:Financial services — Secure cryptographic devices (retail) — Part 2: Security compliance checklists for devices used in financial transactions
发布日期:2016-03
标准范围
This part of ISO 13491 specifies checklists to be used to evaluate secure cryptographic devices (SCDs)incorporating cryptographic processes as specified in H.5, ISO 9564-2, ISO 16609, ISO 11568-1,ISO 11568-2, and ISO 11568-4 in the financial services environment. IC payment cards are subject tothe requirements identified in this part of ISO 13491 up until the time of issue after which they are tobe regarded as a “personal” device and outside of the scope of this part of ISO 13491.This part of ISO 13491 does not address issues arising from the denial of service of an SCD.In the checklists given in Annexes A to H, the term “not feasible” is intended to convey the notion thatalthough a particular attack might be technically possible, it would not be economically viable sincecarrying out the attack would cost more than any benefits obtained from a successful attack. In additionto attacks for purely economic gain, malicious attacks directed toward loss of reputation need to beconsidered.
立即下载标准文件