{"id":346811,"date":"2024-10-20T00:22:58","date_gmt":"2024-10-20T00:22:58","guid":{"rendered":"https:\/\/pdfstandards.shop\/product\/uncategorized\/bs-iso-13491-12016\/"},"modified":"2024-10-25T23:50:55","modified_gmt":"2024-10-25T23:50:55","slug":"bs-iso-13491-12016","status":"publish","type":"product","link":"https:\/\/pdfstandards.shop\/product\/publishers\/bsi\/bs-iso-13491-12016\/","title":{"rendered":"BS ISO 13491-1:2016"},"content":{"rendered":"<p>This part of <span class=\"std\"> <span class=\"std-ref\">ISO&nbsp;13491<\/span> <\/span> specifies the security characteristics for secure cryptographic devices (SCDs) based on the cryptographic processes defined in <span class=\"std\"> <span class=\"std-ref\">ISO&nbsp;9564<\/span> <\/span>, <span class=\"std\"> <span class=\"std-ref\">ISO&nbsp;16609<\/span> <\/span>, and <span class=\"std\"> <span class=\"std-ref\">ISO&nbsp;11568<\/span> <\/span>.<\/p>\n<p>This part of <span class=\"std\"> <span class=\"std-ref\">ISO&nbsp;13491<\/span> <\/span> has two primary purposes:<\/p>\n<ul>\n<li>\n<p>to state the security characteristics concerning both the operational characteristics of SCDs and the management of such devices throughout all stages of their life cycle;<\/p>\n<\/li>\n<li>\n<p>to provide guidance for methodologies to verify compliance with those requirements. This information is contained in <span class=\"xref\">Annex&nbsp;A<\/span>.<\/p>\n<\/li>\n<\/ul>\n<p><span class=\"std\"> <span class=\"std-ref\">ISO&nbsp;13491\u20112<\/span> <\/span> specifies checklists to be used to evaluate secure cryptographic devices (SCDs) incorporating cryptographic processes as specified in <span class=\"std\"> <span class=\"std-ref\">ISO&nbsp;9564\u20111<\/span> <\/span>, <span class=\"std\"> <span class=\"std-ref\">ISO&nbsp;9564\u20112<\/span> <\/span>, <span class=\"std\"> <span class=\"std-ref\">ISO&nbsp;16609<\/span> <\/span>, <span class=\"std\"> <span class=\"std-ref\">ISO&nbsp;11568\u20111<\/span> <\/span>, <span class=\"std\"> <span class=\"std-ref\">ISO&nbsp;11568\u20112<\/span> <\/span>, <span class=\"std\"> <span class=\"std-ref\">ISO&nbsp;11568\u20113<\/span> <\/span>, <span class=\"std\"> <span class=\"std-ref\">ISO&nbsp;11568\u20114<\/span> <\/span>, <span class=\"std\"> <span class=\"std-ref\">ISO&nbsp;11568\u20115<\/span> <\/span>, and <span class=\"std\"> <span class=\"std-ref\">ISO&nbsp;11568\u20116<\/span> <\/span> in the financial services environment.<\/p>\n<p><span class=\"xref\">Annex&nbsp;A<\/span> provides an informative illustration of the concepts of security levels described in this part of <span class=\"std\"> <span class=\"std-ref\">ISO&nbsp;13491<\/span> <\/span> as being applicable to SCDs.<\/p>\n<p>This part of <span class=\"std\"> <span class=\"std-ref\">ISO&nbsp;13491<\/span> <\/span> does not address issues arising from the denial of service of an SCD.<\/p>\n<p>Specific requirements for the security characteristics and management of specific types of SCD functionality used in the retail financial services environment are contained in <span class=\"std\"> <span class=\"std-ref\">ISO&nbsp;13491\u20112<\/span> <\/span>.<\/p>\n<h4>PDF Catalog<\/h4>\n<table border=\"1px\" class=\"des-table\">\n<tr>\n<th>PDF Pages<\/th>\n<th>PDF Title<\/th>\n<\/tr>\n<tr>\n<td><b>7<b><\/td>\n<td>Foreword  <\/td>\n<\/tr>\n<tr>\n<td><b>8<b><\/td>\n<td>Introduction  <\/td>\n<\/tr>\n<tr>\n<td><b>9<b><\/td>\n<td>1 Scope <br \/> 2 Normative references <br \/> 3 Terms and definitions  <\/td>\n<\/tr>\n<tr>\n<td><b>13<b><\/td>\n<td>4 Abbreviated terms <br \/> 5 Secure cryptographic device concepts <br \/> 5.1 General  <\/td>\n<\/tr>\n<tr>\n<td><b>14<b><\/td>\n<td>5.2 Attack scenarios <br \/> 5.2.1 General <br \/> 5.2.2 Penetration <br \/> 5.2.3 Monitoring <br \/> 5.2.4 Manipulation <br \/> 5.2.5 Modification <br \/> 5.2.6 Substitution  <\/td>\n<\/tr>\n<tr>\n<td><b>15<b><\/td>\n<td>5.3 Defence measures <br \/> 5.3.1 General <br \/> 5.3.2 Device characteristics  <\/td>\n<\/tr>\n<tr>\n<td><b>16<b><\/td>\n<td>5.3.3 Device management <br \/> 5.3.4 Environment <br \/> 6 Requirements for device security characteristics <br \/> 6.1 General  <\/td>\n<\/tr>\n<tr>\n<td><b>17<b><\/td>\n<td>6.2 Physical security requirements for SCDs <br \/> 6.2.1 General <br \/> 6.3 Tamper evident requirements <br \/> 6.3.1 General  <\/td>\n<\/tr>\n<tr>\n<td><b>18<b><\/td>\n<td>6.4 Tamper resistant requirements <br \/> 6.4.1 General <br \/> 6.5 Tamper responsive requirements <br \/> 6.5.1 General  <\/td>\n<\/tr>\n<tr>\n<td><b>19<b><\/td>\n<td>6.6 Logical security requirements for SCDs <br \/> 6.6.1 Dual control <br \/> 6.6.2 Unique key per device <br \/> 6.6.3 Assurance of genuine device <br \/> 6.6.4 Design of functions  <\/td>\n<\/tr>\n<tr>\n<td><b>20<b><\/td>\n<td>6.6.5 Use of cryptographic keys <br \/> 6.6.6 Sensitive device states <br \/> 6.6.7 Multiple cryptographic relationships <br \/> 6.6.8 SCD software authentication <br \/> 7 Requirements for device management <br \/> 7.1 General  <\/td>\n<\/tr>\n<tr>\n<td><b>21<b><\/td>\n<td>7.2 Life cycle phases  <\/td>\n<\/tr>\n<tr>\n<td><b>22<b><\/td>\n<td>7.3 Life cycle protection requirements <br \/> 7.3.1 General <br \/> 7.3.2 Manufacturing phase  <\/td>\n<\/tr>\n<tr>\n<td><b>23<b><\/td>\n<td>7.3.3 Post-manufacturing phase <br \/> 7.3.4 Commissioning (initial financial key loading) phase <br \/> 7.3.5 Inactive operational phase  <\/td>\n<\/tr>\n<tr>\n<td><b>24<b><\/td>\n<td>7.3.6 Active operational phase (use) <br \/> 7.3.7 Decommissioning (post-use) phase <br \/> 7.3.8 Repair phase  <\/td>\n<\/tr>\n<tr>\n<td><b>25<b><\/td>\n<td>7.3.9 Destruction phase <br \/> 7.4 Life cycle protection methods <br \/> 7.4.1 Manufacturing <br \/> 7.4.2 Post manufacturing phase <br \/> 7.4.3 Commissioning (initial financial key loading) phase  <\/td>\n<\/tr>\n<tr>\n<td><b>26<b><\/td>\n<td>7.4.4 Inactive Operational Phase <br \/> 7.4.5 Active operational (use) phase <br \/> 7.4.6 Decommissioning phase  <\/td>\n<\/tr>\n<tr>\n<td><b>27<b><\/td>\n<td>7.4.7 Repair <br \/> 7.4.8 Destruction <br \/> 7.5 Accountability  <\/td>\n<\/tr>\n<tr>\n<td><b>28<b><\/td>\n<td>7.6 Device management principles of audit and control  <\/td>\n<\/tr>\n<tr>\n<td><b>31<b><\/td>\n<td>Annex\u00a0A (informative)  Evaluation methods  <\/td>\n<\/tr>\n<tr>\n<td><b>41<b><\/td>\n<td>Bibliography  <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p><b>Financial services. Secure cryptographic devices (retail) &#8211; Concepts, requirements and evaluation methods<\/b><\/p>\n<table class=\"shortdes-table\" style=\"width: 100%\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td>Published By<\/td>\n<td>Publication Date<\/td>\n<td>Number of Pages<\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/pdfstandards.shop\/product-category\/publishers\/bsi\/\"><b>BSI<\/b><\/a><\/td>\n<td>2016<\/td>\n<td>44<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"featured_media":346818,"template":"","meta":{"rank_math_lock_modified_date":false,"ep_exclude_from_search":false},"product_cat":[696,2641],"product_tag":[],"class_list":{"0":"post-346811","1":"product","2":"type-product","3":"status-publish","4":"has-post-thumbnail","6":"product_cat-35-240-40","7":"product_cat-bsi","9":"first","10":"instock","11":"sold-individually","12":"shipping-taxable","13":"purchasable","14":"product-type-simple"},"_links":{"self":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product\/346811","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product"}],"about":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/types\/product"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media\/346818"}],"wp:attachment":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media?parent=346811"}],"wp:term":[{"taxonomy":"product_cat","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_cat?post=346811"},{"taxonomy":"product_tag","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_tag?post=346811"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}