ANSI/X9 X9.112-1-2009

In todays world, both private and public sectors depend upon information technology systems to perform essential and mission-critical functions. In the current environment of increasingly open and interconnected systems and networks, network and data security are essential for the effective use of information technology. Privacy and regulatory requirements highlight this need. For example, systems that perform electronic commerce must protect against unauthorized access to confidential records and unauthorized modification of data.

Wireless technologies are rapidly emerging as significant components of these networks. As such, data classification and risk assessments should be performed to determine the sensitivity of, and risk to, data transmitted over wireless networks. Various methods and controls should be considered for data that is sensitive, has a high value, or represents a high value if it is vulnerable to unauthorized disclosure or undetected modification during transmission over wireless networks. These methods and controls support communications security, for example by encrypting the communication prior to transmission and decrypting it at receipt.

Note that data classification and risk assessments, regardless of whether data transmission is over wired or wireless environments, should be part of an organizations general security policy and best practices. Refer to Annex A Wireless Validation Control Objectives for further details.

Part 1 of this Standard provides an overview of wireless radio frequency (RF) technologies and general requirements applicable to all wireless implementations for the financial services industry. Subsequent parts of this Standard will address specific applications to wireless technology and associated risks, as well as technologies, methods and controls that mitigate those risks.

This product references:ANSI/X9 X9.24-1-2004 - Retail Financial Services Symmetric Key Management Part 1: Using Symmetric Techniques
ANSI/X9 X9.24-2-2006 - Retail Financial Services Symmetric Key Management Part 2: Using Asymmetric Techniques for the Distribution of Symmetric Keys
ANSI/X9 X9.30-1-1997 - Public Key Cryptography Using Irreversible Algorithms - Part 1: The Digital Signature Algorithm (DSA)
ANSI/X9 X9.30-2-1997 - Public Key Cryptography Using Irreversible Algorithms - Part 2: The Secure Hash Algorithm (SHA-1)
X9 X9.31-1998 - Digital Signatures Using Reversible Public Key Cryptography for the Financial Services Industry (rDSA)
ANSI/X9 X9.62-2005 - Public Key Cryptography for the Financial Services Industry, The Elliptic Curve Digital Signature Algorithm (ECDSA)
ANSI/X9 X9.95-2005 - Trusted Time Stamp Management and Security
ANSI/X9 X9.52-1998 - Triple Data Encryption Algorithm Modes of Operation
ANSI/X9 X9.57-1997 - Public Key Cryptography for the Financial Services Industry: Certificate Management
ANSI/X9 X9.69-2006 - Framework for Key Management Extensions
ANSI/X9 X9.8-1-2003 - Banking - Personal Identification Number Management and Security - Part 1: PIN protection principles and techniques for online PIN verification in ATM POS systems
ANSI/X9 X9.84-2003 - Biometric Information Management and Security for the Financial Services Industry
ISO 16609:2004 - Banking - Requirements for message authentication using symmetric techniques
ISO/IEC 27002:2005 - Information technology - Security techniques - Code of practice for information security management b(Redesignation of ISO/IEC 17799:2005)/b
ISO 11568-1:2005 - Banking - Key management (retail) - Part 1: Principles
ISO 11568-2:2005 - Banking - Key management (retail) - Part 2: Symmetric ciphers, their key management and life cycle
ISO 11568-4:2007 - Banking - Key management (retail) - Part 4: Asymmetric cryptosystems - Key management and life cycle