ISO 21188:2006
Public key infrastructure for financial services - Practices and policy framework

Standard No.

ISO 21188:2006

Release Date

2006

Published By

International Organization for Standardization (ISO)

Status

Withdraw

Replace By

ISO 21188:2018

Latest

ISO 21188:2018

Scope

This International Standard sets out a framework of requirements to manage a PKI through certificate policies and certification practice statements and to enable the use of public key certificates in the financial services industry. It also defines control objectives and supporting procedures to manage risks. This International Standard draws a distinction between PKI systems used in open, closed and contractual environments. It further defines the operational practices relative to financial services industry accepted information systems control objectives. This International Standard is intended to help implementers to define PKI practices that can support multiple certificate policies that include the use of digital signature, remote authentication and data encryption. This International Standard facilitates the implementation of operational, baseline PKI control practices that satisfy the requirements for the financial services industry in a contractual environment. While the focus of this International Standard is on the contractual environment, application of this document to other environments is not specifically precluded. For the purposes of this document, the term “certificate” refers to public key certificates. Attribute certificates are outside the scope of this International Standard. This International Standard is targeted for several audiences having dissimilar needs and therefore the use of this document will have a different focus for each. Business Managers and Analysts are those who require information regarding using PKI technology in their evolving businesses (e.g., electronic commerce) and should focus on Clauses 1 to 6. Technical Designers and Implementers are those who are writing their certificate policy(ies) and certification practice statement(s) and should focus on Clauses 6 to 8 and Annexes A to F. Operational Management and Auditors are those who are responsible for day-to-day operations of the PKI and validating compliance to this document and should focus on Clauses 6 to 8.

ISO 21188:2006 Referenced Document

• ISO 10202 Financial transaction cards - Security architecture of financial transaction systems using integrated circuit cards - Part 8: General principles and overview
• ISO 15782-1:2003 Certificate management for financial services - Part 1: Public key certificates
• ISO 15782-2 Banking - Certificate management - Part 2: Certificate extensions
• ISO/IEC 10646-1 Information technology — Universal Multiple-Octet Coded Character Set (UCS) — Part 1: Architecture and Basic Multilingual Plane — Amendment 2: Limbu, Tai Le, Yijing and other characters
• ISO/IEC 15408 Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Part 5: Pre-defined packages of security requirements*， 2022-08-09 Update
• ISO/IEC 17799 Corrigendum 1 - Information technology - Security techniques - Code of good practice for information security management
• ISO/IEC 18032 Information security -- Prime number generation*， 2020-12-02 Update
• ISO/IEC 7810 Identification cards — Physical characteristics — Amendment 1: Additional requirements for integrated circuit cards with contacts*， 2023-08-01 Update
• ISO/IEC 7811 Identification cards - Recording technique - Part 9: Tactile identifier mark*， 2015-12-01 Update
• ISO/IEC 7813 Information technology - Identification cards - Financial transaction cards*， 2006-07-01 Update
• ISO/IEC 7816 Identification cards — Integrated circuit cards — Part 9: Commands for card management — Amendment 1: Quantum safe cryptography*， 2023-10-01 Update
• ISO/IEC 9594-8:1995 Information technology — Open Systems Interconnection — The Directory: Authentication framework
• ISO/IEC 9834-1:1993 Information technology; Open Systems Interconnection; procedures for the operation of OSI registration authorities: general procedures

ISO 21188:2006 history

• 2018 ISO 21188:2018 Public key infrastructure for financial services — Practices and policy framework
• 2006 ISO 21188:2006 Public key infrastructure for financial services - Practices and policy framework