drafter:Wang Pingwa, Lu Shuchun, Li Shuguang, Yang Qian, Tian Jie, etc.
Drafting unit:China Financial Electronics Corporation, People's Bank of China, Industrial and Commercial Bank of China, China Construction Bank, Bank of Communications, China CITIC Bank, Beijing UnionPay Gold Card Technology Co., Ltd.
Focal point unit:National Financial Standardization Technical Committee (SAC/TC 180)
Proposing unit:People's Bank of China
Publishing department:General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China Standardization Administration of China
GB/T 27911-2011 Banking security and other financial services Security framework for financial systems
GB/T27911-2011
Standard compression package decompression password: www.bzxz.net
This standard provides a standard framework for security aspects necessary for the financial industry.
This standard summarizes some key security issues that have emerged in the financial industry, as well as relevant existing standards for each issue.
This standard is a standard reference for financial institutions when implementing security strategies. class="f14" style="padding-top:10px; padding-left:12px; padding-bottom:10px;">
This standard was drafted in accordance with the rules given in GB/T1.1-2009.
This standard uses the redrafting method to modify and adopt ISO/TR17944:2002 "Banking security and other financial services security framework for financial systems".
Taking into account China's national conditions and some new international information security standards related to finance that have been issued since 2002, the following modifications were made when adopting ISO/TR17944:2002:
———In Table 1 of Article 2.2, some international standards newly issued in recent years were added to "biometric identification technology";
———In Table 2 of Article 2.3, ISO/IEC19772:2009 was added to "message authentication";
———In Table 5 of Article 2.6, ISO/IEC24762:2008 was added to "disaster recovery";
———In Table 6 of Article 2.7, ISO/IEC18045:2008, ISO/IECTR19791:2006, ISO/IEC21827:2008 were added to "evaluation criteria";
———In Table 8 of Article 2.9, add ISO21188 in “Certificate Management”;
———In Table 8 of Article 2.9, add ISO/IECTR18044, ISO/IEC27001, ISO/IEC27002, ISO/IEC18043:2006, ISO/IEC27000:2009, ISO/IEC27005:2008, ISO/IEC27006:2007, ISO/IEC27011:2008 in “Security Management”;
———In Table 9 of Section 2.10, ISO/IEC18031:2005, ISO/IEC18032:2005, ISO/IEC18033-1:2005, ISO/IEC18033-2:2006, ISO/IEC18033-3:2005, ISO/IEC18033-4:2005, ISO/IEC19790:2006 were added to “General”;
———In Table 9 of Section 2.10, ISO19038 was added to “Symmetric”;
———In Table 10 of Chapter 3, the two rows of biometrics and disaster recovery were deleted because the ISO standards in these two areas were added to the main text, and three more rows were added: “Privacy and confidentiality”, “Business entity identity identifier”, and “Token”;
——In each table, the referenced standard with a date number shall be replaced with the latest date number standard if there is an updated version;
——In each table, the abolished international standards shall be deleted.
For ease of use, this standard has also made the following editorial changes:
——Delete the ISO foreword and introduction;
——For the standards that have been published, delete the table note "to be published" in the original text.
This standard is proposed by the People's Bank of China.
This standard is under the jurisdiction of the National Financial Standardization Technical Committee (SAC/TC180).
The responsible drafting unit of this standard is China Financial Electronicization Company.
Participating drafting units of this standard are: People's Bank of China, Industrial and Commercial Bank of China, China Construction Bank, Bank of Communications, China CITIC Bank, and Beijing UnionPay Gold Card Technology Co., Ltd.
The main drafters of this standard.
Foreword III
1 Scope1
2 Areas of standardization1
2.1 Overview1
2.2 Identification and authentication1
2.3 Data integrity3
2.4 Privacy and confidentiality4
2.5 Non-repudiation4
2.6 Service availability5
2.7 Traceability and auditing6
2.8 Interoperability7
2.9 Security management7
2.10 Cryptographic algorithms9
3 ISO gaps in standardization10
Annex A (Informative) Supplementary information11
References12
Some standard content:
ICs 03.060 National Standard of the People's Republic of China GB/T 27911--2011 Banking Security and other financial services Framework for security in financial systems Banking Security and other financial services - Framework for security in financial systemsISO/TR 17944:2002.M0D) Issued on 30 December 2011 General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China Administration of Standardization of the People's Republic of China 1 February 2012Implementation 2 Areas of standardization 2.1 Overview Identification and authentication 2.3 Data integrity Privacy and confidentiality Non-repudiation Availability of services 2.7 Traceability and audit 2.8 Interoperability 2.9 Security management 2.10 Cryptographic algorithms ISO standardization areas Appendix A (informative) Supplementary information References TTT KONKACA GB/T 27911-2011 This standard was drafted in accordance with the rules given in GB/T 1.1-2009. GB/T 27911-2011 This standard adopts ISG/TR17944:2002 "Banking security and other financial services - Security framework for financial systems" by redrafting method. Taking into account my country's national conditions and some new financial-related information security standards issued internationally since 2002, the following modifications were made when adopting ISO/TR17944:2002: -2.2 In Table 1 of the series, the newly released -2.2 in recent years was added to "Biometric identification technology\ - Some international standards, - In Table 2 of Article 2.3, ISO/IEC19772:2009 is added to "Message Authentication"; - In Table 5 of Article 2.6, IS0/1EC21762:2008 is added to Disaster Recovery; - In Table 6 of Article 2.7, TSO/IEC 18045 2008 and IS0/IFC TR19791:2006.ISO/IEC21827:2008 are added to "Evaluation Standards"; In Table 8 of Article 2.9, IS0 21188 is added to Certificate Management; - In Table 8 of Article 2.9, IS0/IECTR18044, ISO/IEC27001, ISO/IEC27002, ISO/IEC 18043: 2006.IS0/IEC 27000 are added to "Security Management"; 2009.ISO/IEC 27005:2008,ISO/IEC 27006:2007.ISO/IEC 27011:2008-2.10, in Table 9, added ISO/IEC18031:2005,ISO/IEC18032:2005,ISO/IEC 18033-1:2005,ISO/IEC 18033-2:2006,ISO/IEC 18033-3:2005,ISO/IEC 18033-4:2005ISO/IEC 19790:2006-2.10, in Table 9, added ISO 19038-3:2005 in "symmetric" The two lines of biometrics and disaster recovery are deleted from the text, because the ISO standards in these two fields are added to the main text. In addition, three lines of "privacy and confidentiality", "business entity identity identifiers" and "tokens" are added. In the tables, the referenced referenced standards with chronological numbers are replaced with the latest chronological numbers if there is an updated version. In the tables, the obsolete international standards are deleted. For ease of use, the following editorial changes are made to this standard: In addition to the ISO foreword and introduction; For standards that have been published, the note "to be published" in the source text is removed. This standard is proposed by the People's Bank of China. This standard is under the jurisdiction of the National Financial Standardization Technical Committee (SAC/TC180). The responsible drafting unit of this standard is China Financial Electronicization Corporation. The participating drafting units of this standard are the People's Bank of China, Industrial and Commercial Bank of China, China Construction Bank, Bank of Communications, China CITIC Bank, and Beijing UnionPay Gold Card Technology Co., Ltd. The main drafters of this standard: Wang Pingwa, Lu Shuchun, Li Shunguang, Yang Qingtianjie, Liu Yun, Zhao Zhilan, Shao Guanjun, Li Yan, Yang Baohui, Jia Jing, Li Mengyan, Liu Zhigang, Zhihui, Jia Shuhui, Jing Yun, Zhang, Ma Xiaoqiong. TTTKAONATKACA 1 Scope Banking security and other financial services Security framework of financial systems This standard provides a standard framework for security aspects necessary for the financial industry. GB/T 27911--2011 This standard summarizes some key security issues that have emerged in the financial industry, as well as relevant existing standards for each issue. This standard is applicable to financial institutions as a standard reference when implementing security strategies. 2 Areas of Standardization 2.1 Overview In the financial industry, the need for IT security is reflected in standard application areas such as tokens, devices, encryption technology, key management, application program interfaces (APIs) and protocols. These different areas can be grouped according to the basic business needs of the following basic areas. Most areas already have a variety of standards available, while in other areas, standards are either being developed or there is a need for (new) standards. Chapter 2 mentions the main areas of standardization of information security in financial institutions, where Tables 1 to 9 contain the available (sometimes required) standards in these areas. The international standards not listed in the table are from the International Organization for Standardization, and the relevant standards following them are from other standardization organizations1. Based on the missing standards in these tables, Chapter 3 summarizes the standardization areas that ISO has left blank. Note: For more detailed information on the mentioned standards, please contact the relevant standardization organizations (see Annex A). 2.2 Identification and Authentication The identity of all entities involved in financial transactions should be determined. Authentication ensures that the identity of an entity is what it claims to be. Financial institutions should ensure that only authorized users can access their IT systems. The mechanisms used for identification and authentication are based on the use of identifiers, tokens, passphrases, personal identification numbers (PINs), biometrics, digital signatures and certificates. See Table 1 for relevant standards.9798-1 ISO/IEC 9798-2 ISO/TEC 9798-3 ISO/IEC 9798-4 ISO/IEC 9798-5 ISO/IEC 9594-8 Title/Description Information Technology Security Technology Part 1 Part; Overview Entity authentication Information technology security techniques Entity identification Mechanisms for cryptographic algorithms Credentials Entity identification Authentication Information technology security techniques Entity authentication Authentication mechanisms Information technology security techniques Entity authentication Authentication mechanisms Information technology security techniques Entity authentication Authentication mechanisms Information technology, Open Systems Interconnection Certificate frameworks Part 2: Use of symmetric certificates Part 3: Use of digital signatures Part 4: Use of cryptographic verification Part 5: Use of knowledge Part 8: Publication and attributes 1 References to non-ISO standards in this standard are for informational purposes only. 1 They should be based on a consensus and should be published or generally accepted for use. The use of non-ISO standards does not imply endorsement by ISO of these non-ISO standards1 TTKNTKACA GB/T 27911—2011 Business Entity Identifier Password Personal Identification Number Biometric Identification Technology Applicable Standards EBS111-1995 ISO9564-1 ISO 9564-2 ISO 9564·3 ISO/TR 9564-1 EBS105-1998 JSO 19092:2008 ISO/IEC 19784-1:2006 ISO/IEC 19784-2:2007 IS0/IEC19785-1:2006 IS0/IEC197852:2006 S0/IEC 19785-3;2007 IS0O/TEC 19794-1.2606 ISO/IEC 19794- 2,2005 ISO/IEC19794-3,2006 IS0/IEC 19794-4:2005 ISO/IEC19794-5:20C5 1S0/IEC 19794-6:2005 Table 1 (continued) Title/narration European banking standard: Management and security of personal identification numbers for banking for interoperable financial electronic wallets Part 1: Basic principles and requirements for online PIN processing in ATM and POS systems Management and security of personal identification numbers for banking Part 2: Core PIN encryption algorithms Management and security of personal identification numbers for banking Part 3: Requirements for PIN protection in offline PIN processing in ATM and POS systems Management and security of personal identification numbers for banking: Part 4: Best practices for PIN2 processing in open networks PIN-based POS systems with online PIN verification - minimum security and evaluation criteria - Part 2: POS systems with online PIN verification - minimum security and evaluation criteria - Part 3: POS systems with offline PLN verification - minimum security and evaluation criteria Financial services biometric identification security framework Information technology biometric application interface Part 1: BioAFI specification Information technology biometric application interface Part 2: Biometric document function provider interface Information technology common biometric exchange format framework Part 1: Data element specifications Information technology common biometric exchange format framework Part 2: Biometric registration authority operating procedures Information technology common biometric exchange format framework Part 3: Client format specifications Information technology biometric data interface format Part I: Framework Information technology biometric data interface format Part 2: Finger minutiae data Information technology biometric data interface format Part 3: 2.3 Data integrity Available standards IS0/IEC19794-7:2007 ISO/IEC 19794-8:2006 ISO/IEC 10794-9:2007 IS0/IEC 19794-10:2007 IS0/IEC 19794-15:2005 ISO/IEC 19795-1:2006 ISO/IEC 19795-2:2007 Table 1 [continued] Title/Description GB/T 27911—2011 Information technology biometric data interface format Part 7: Signature/symbol time series data Information technology biometric data interface format Part 8: Finger pattern rotation data Information technology biometric data interface format Part 9: Vascular image data Information technology biometric data interface format Part 10: Hand shape rotation data Information technology biometric performance testing and reporting Part 1: Principles and framework Information technology biometric performance testing and reporting Part 2: Test methods for technical and scenario evaluation ISO/IEC TR 19795-3 :2007 ISO/IEC19795-4-2008 IS0/IEC24708.2008 ISO/IEC 24709-1:2007 150/1EC 24709-2:2007 ISO/IEC 24713-1.2008| ||ISO/IEC24713-2:2008 IS0/1EC TR 24714-1:2008 IS0/IEC TR 24722,2007 ISO/IEC TR 24741.2007 ANSI X9. 84-2003 Information technology biometric performance testing and reporting Part 3: Testing of specific characteristics Information technology biometric performance testing and reporting Part 4: Interoperability performance testing Information technology biometric recognition Bio API Interoperability Protocol Information technology Biometric Application Programming Interface (BiaAPI) Conformance testing Part 1 Part: Methods and procedures Information technology Biometric Application Programming Interface (HioAPI) conformance testing Part 2: Biometric service provider test statement Information technology Interoperability and data interface of biometrics Part 1: Overview of biometric systems and biometrics Information technology Interoperability and data interface of biometrics Part 2 Part: Airport personnel physical access control Information technology Legal and social considerations for commercial applications of biometrics Part 1: A guideline Information technology Biometrics Multi-modality and other multi-biometric fusion Information technology Biometrics Guidelines Biometrics for financial services industry Information security and safety Data integrity refers to the property that data cannot be altered or destroyed in an unauthorized manner. For the financial industry, data integrity is essential. The mechanism to ensure data integrity is mainly based on message authentication, hash functions and digital signatures. The relevant standards are shown in Table 2. 3 TTTKANTKACA GB/T 27911—2011 Available standards IS()/IEC9797-1 :ISO/IEC 9797-2 Message Authentication ISO16609 ISO/IEC19772:2009 ANSI X9, 71-2000 IS0/IEC 10118-1 IS0/IFC 10118-2 Hash Western Digital ISO/IEC1G1183 1S0/IEC 10118-4 2. 4 Privacy and Confidentiality Table 2 Data integrity Information technology Title/description Part 1: Message authentication using a dimensional cipher Security techniques Information technology security techniquesMessage authentication Part 2: Mechanisms using specific hash functions Message authentication requirements for banking using symmetric techniquesInformation technology security techniquesAuthentication and verification Message authentication with mitron Information technology security techniquesHash functions Part 1: OverviewInformation technology security techniquesHash functions Part 2: Message authentication using an n-bit block cipher Information technology security techniquesHash functions Part 3: Special hash functionsInformation technology Security techniquesHash functions Part 4: Hash functions using modular arithmetic Privacy is the right of an individual to keep his or her personal information confidential. Confidentiality is the property of information that it cannot be obtained or disclosed by unauthorized individuals, entities, or programs. Privacy and confidentiality are of increasing concern to the financial industry. Encryption is a mechanism used to ensure privacy and confidentiality. For relevant standards, see Table 3. 3 Privacy and confidentiality 2.5 Non-repudiation Available standards Non-repudiation refers to preventing repudiation (denial of behavior) in financial transactions. Title/Description The mechanism for preventing repudiation is based on time, digital signature, certificate and public key infrastructure (PKI) technology. For relevant standards, see Table 4 Table 4 Non-repudiation Non-repudiation Available standards ISO/IEC 13888-1 ISO/IEC 13888-2 ISO/IEC 13888-3 Title/Description Information technology security techniques Non-repudiation of claims Part 1: Overview of information technology security techniques Mechanisms of information technology security techniques Technical mechanisms TTTKNTKACA Part 2: Symmetric techniques Non-repudiation of claims Part 3: Asymmetric techniques Digital signatures Public Key Infrastructure (PKI) 2. 6 Availability of services Available standards 1 IS0/IFC 18014 ETSI TS101861-2001 ISO/ICE9796 IS0/IEC 14888 ANSI X9,31 ETSI TS 101 733 ANSI X9.55-1997 ANSI X9. 68; 2-200I ETS1 TS 101 862-2000 ANSI X9.77 ANSI X9. 79-2001 ETSI TS 101 456 Table 4 (continued) Title/Description Information technology security technical time-coagulation services -Part 1: Cabinet -Part 2, Mechanism for generating independent current cards GB/T 27911—2011 Part 3: Mechanisms for generating concatenated tokens Time-consuming overview Information technology security techniques Digital signature schemes with message recovery Part 1: Mechanisms using redundancy Part 2: Mechanisms based on integer factorization Part 3: Mechanisms based on high-scattered logarithms Information technology security techniques Digital signatures with appendices Part 1: Overview Part 2: Identity-based mechanisms Part 3: Certificate-based mechanisms Convenient authentication in the financial services industry Digital signature format using reversible public key encryption technology Public key encryption technology for the financial services industry: extensions to public key certificates and certificate cross-lists Digital certificates for mobile/wireless and large transaction financial systems: Part 2: Domain certificate syntax Qualified certificate introduction Public key infrastructure protocols Public key infrastructure (PKI) implementation and policy framework for issuing qualified certificates to the certificate authority according to policy requirements Availability refers to the property of being accessible and usable at all times according to the needs of authorized entities. For financial institutions, the availability of services is important in terms of business continuity and the overall image of the financial industry. The mechanisms used to ensure availability are based on redundancy, backup, off-site storage, backup sites and disaster recovery plans. The relevant standards are shown in Table 5. Table 5 Availability of services Disaster recovery Available standards ISO/IEC 24762:2008 NIST 800-34·2002 Title/Description Information technology security techniques Guide to information and communications technology disaster recovery services Designated publication, Guide to information technology system incident planning National Institute of Standards and Technology Name (Draft) TTTKNTKACA GB/T 27911--2011 2.7 Traceability and auditing Traceability is the property that ensures that the activities of an entity can be uniquely traced back to that entity. It should be obvious that financial institutions should be able to prove the validity of transactions to their customers and third parties. Different security methods, procedures and products should have a reasonable level of security. A system or organization should establish a minimum set of security measures. Traceability and audit mechanisms are based on audit trails, objectives, functional classification, protection profiles, assessment criteria, etc. The relevant standards are shown in Table 6. 6 Traceability and Audit Functional Classification Protection Rounds Evaluation Criteria Available Standards ISO1018 ANSIX9,15-1999 ISO/IEC TR 154±6 ISQ/IFC 15292 ANS1 X9. 79 ISO 13491-1 ISO 13491-2 ISO/IEC 15408-1 IS0/IEC15408-2 ISO/IEC 15408-3 IS0/TEC 18045-2008 IS0/IECTR 19791:2006 IS0/IEC21827:2008 ANSI X9. 66 ANSI X9, 74 Title/Description Information technology security framework for interconnected systems:---Part 1: Overview -Part 2: Authentication framework -Part 3: Access control framework -Part 4: Repudiation framework -Part 5: Confidentiality framework Enhanced management control using digital signatures and attribute certificatesGuidelines for the generation of information technology security technical protection profiles and security objectivesInformation technology security technical protection profile registration proceduresPart 2: Protection procedures for certificate issuance and management systems (draft)Secure cryptographic equipment for banking (quarterly report)Part 1: Concepts, requirements and evaluation methods Secure cryptographic equipment for banking (retail)Part 2: Financial transactions Equipment security compliance inspection checklist Information security technology Information technology security assessment criteria Part 1 : Introduction and general model Information technology security technology Information technology security assessment criteria Part 2 Security functional requirements Information technology security technology Information technology security assessment criteria Part 3: Security assurance requirements Information security technology IT security assessment methods Information technology security technology Security assessment of operational systems Information technology security technology System security engineering capability model (SSE-CMM Security of cryptographic devices Conformance testing of certification path processing TTTKANTKACA 2.8 Interoperability GB/T 27911—2011 For the financial industry, whether in the wholesale environment or in the retail environment, interoperability is becoming an important issue. Interoperability mechanisms are based on data elements, protocols and interface standards. However, it should be pointed out that interoperability is a more significant issue than the existing standards alone. See Table 7 for relevant standards. Table 7 Interoperability Interoperability Data elements 2.9 Security management Available standards EMV2000 ISO 13616 1S07064 ISO8583 ISO9992 [SO15668 1S07813 Title/Description Specification for integrated circuit cards for payment systems Volume 1: Requirements for terminal interfaces for the use of stand-alone IC cards Volume 2: Security and key management Volume 3: Application specifications Volume 1. Interface requirements for holders, counters and acquiring banks Secure electronic transaction specifications Volume 1: Transaction description Volume 2: Operator guidelines Volume 3. Formal protocol definitions Banking Financial services and related financial services International Bank Account Number (IBAN) Information technology security techniques Data processing Check code system generated messages Financial card exchange message specifications Part 1: Message data elements and preferred code values Part 2: Application and registration procedures for institution identification code (IC) Part 3: Maintenance procedures for messages, data elements and code values Financial card circuitry Messages between card and card acceptance device - Part I: Concepts and structure Part 2: Functions, authorizations (commands and responses) data elements and structure Banking business secure file transfer (retail) Information technology identification card Financial transaction card The security measures used by financial institutions should be managed. In the field of key management and certificate management, some common standards are needed to ensure a basic minimum security level. The relevant standards are shown in Table 8. TTTKONKACA GB/T 27911—2011 Safety management Key management Available standards Table 8 Security management ISO/IEC 13335-1:1996 IS0/IECTR 18044 IS0/IEC27001 IS0/TEC 27002 ISO/TR13569 [ISO/IEC 15-143 IS0/IEC15816 ISO15947 IS0/IEC 18043,2006 IS0/FC27000,2009 ISO/IEC27005:2008 ISO/IEC 27006:2007 IS0/IEC 27011.2008 ANSI X9. 11 BS 7799 ECBS TR 406 ISO 11568 ISO/TEC 11770 150 13492.1998 ANSI X9, 42-2001 ANSI X9. 44-2000 Title/Description Information Technology Information Technology Security Management Measures No. 1 Part; Information technology security concepts and models Information technology security technology Guide to information security incident management Information technology security technology Information security management system requirements Information technology security technology Information security management rules of practice Guide to information security for banking and related financial services Information technology security techniques Information technology security evidence framework Information technology security objectives for access control Information technology security technology Information technology path detection framework Information technology security technology Selection, deployment and operation of intrusion detection systems Information technology security technology Information technology security management system overview and vocabulary Information technology: security technology Information security risk management Information technology Security technology Requirements for entities providing audit and authentication of security management systems Information technology security technology Guide to information security management for telecommunications groups based on IS0/IEC 27002 Security service management for the financial services industry Information security management Guide to algorithm usage and key management Key management for banking (key management for cryptographic services) —Part 1: General principles —Part 2: Symmetric ciphers, their key management and life cycle—Part 4 Part: Asymmetric cryptographic systems and their key management and life cycle Information technology security technology Cryptographic management - Part 1: Framework - Part 2: Symmetric technology mechanism - Part 3: Asymmetric technology mechanism Banking business key management related data elements (zero supervision) Financial services industry public key technology: Symmetric key coordination using discrete number encryption technology Key construction based on factorization public key encryption technology in the financial services industry (Draft) Key management Certificate management Trusted third party management 2.10 Encryption algorithms Available standards ANSI X9.63-2001 ANSI X9.70 ECBS TR 405 ISO15782 ISO211BH:2006 ANSI X9. 57-1997 ANSI 6 ISO/IEC 15D45 Table 8 (continued) Title/Description GB/T 27911—2011 Public Key Cryptography for the Financial Services Industry: Key Management and Transport Using Curve Encryption Symmetric Key Management Using Public Key Algorithms Key Recovery for Financial Systems Banking Certificate Management Part 1: Public-Bank Certificateswww.bzxz.net Part 2: Certificate Extensions Public Key Infrastructure Implementation and Policy Framework for Financial Services Public Key Cryptography for the Financial Services Industry: Certificate Management Public Key Infrastructure Practice and Policy Framework Policy framework Digital certificate certification authority (version 2) Internet x.509 public key infrastructure certificate and certificate revocation list (CRL) framework Information technology security technology Trusted third-party service usage and management guidelines Information technology security technology TTP service specifications supporting digital signature applications Most of the security measures used by financial institutions are based on encryption technology. Due to interoperability and basic security levels, some common standards and related standards in the field of encryption technology are required. See Table 9. H-9 encryption algorithm Available standards ISO/IEC9979 IS/IEC 18031:2005 ISO/IEC 18032.2005 IS0/IEC 18033-1 :2005 ISO/1EC 18033-2:2006 ISO/IEC18033-3:2005 ISO/IEC18033-4:2005 IS0/IFC19790.2006 ANSIX9.B2 ANS1 X9. 8Q-2001 ANSITR9 Title/Description Registration Procedure for Cryptographic Algorithms Information Technology Security Technology Random Number Generation Initial Number Generation Initial Number Generation Initial Number Generation Part 1: Overview Information Technology Security Technology Cryptographic Algorithms Part 2: Asymmetric Ciphers Information Technology Security Technology Cryptographic Algorithms Part 3: Block Ciphers Information Technology Security Technology Cryptographic Algorithms Part 4: Stream Ciphers Information Technology Security Technology Security Requirements for Cryptographic Blocks Random Number Generation Prime Number Generation Abstract Syntax Notation and End Code Rules for Financial Industry Standards 98Q-2001 ANSITR9 Title/Description Registration Procedure for Cryptographic Algorithms Information Technology Security Technology Random Number Generation Initial Number Generation Initial Number Generation Initial Number Generation Part 1: Overview Information Technology Security Technology Cryptographic Algorithms Part 2: Asymmetric Ciphers Information Technology Security Technology Cryptographic Algorithms Part 3: Block Ciphers Information Technology Security Technology Cryptographic Algorithms Part 4: Stream Ciphers Information Technology Security Technology Security Requirements for Cryptographic Blocks Random Number Generation Prime Number Generation Abstract Syntax Notation and End Code Rules for Financial Industry Standards 9 Tip: This standard content only shows part of the intercepted content of the complete standard. If you need the complete standard, please go to the top to download the complete standard document for free.