ANSI/X9 X9.97-2-2009

This part of ISO 13491 specifies checklists to be used to evaluate secure cryptographic devices (SCDs) incorporating cryptographic processes, as specified in parts 1 and 2 of ISO 9564, ISO 16609 and parts 1 to 6 of ISO 11568, in the financial services environment. IC payment cards are subject to the requirements identified in this part of ISO 13491 up until the time of issue, after which they are to be regarded as a personal device and outside of the scope of this document.

This product references:ISO 9564-1:2002 - Banking - Personal Identification Number (PIN) management and security - Part 1: Basic principles and requirements for online PIN handling in ATM and POS systems
ISO 9564-2:2005 - Banking - Personal Identification Number management and security - Part 2: Approved algorithms for PIN encipherment
ISO 11568-4:2007 - Banking - Key management (retail) - Part 4: Asymmetric cryptosystems - Key management and life cycle
ISO 11568-2:2005 - Banking - Key management (retail) - Part 2: Symmetric ciphers, their key management and life cycle
ISO 11568-1:2005 - Banking - Key management (retail) - Part 1: Principles
ISO 11568-5:1998 - Banking - Key management (retail) - Part 5: Key life cycle for public key cryptosystems
ISO 11568-3:1994 - Banking - Key management (retail) - Part 3: Key life cycle for symmetric ciphers
ISO 16609:2004 - Banking - Requirements for message authentication using symmetric techniques
ISO/IEC 18031:2005 - Information technology - Security techniques - Random bit generation
This product is related to: ANSI/X9 X9.97-1-2009 - Financial services - Secure Cryptographic Devices (Retail) - Part 1: Concepts, Requirements and Evaluation Methods