ISO/TR 13569:1997/Amd 1:1998
(Amendment)Banking and related financial services — Information security guidelines — Amendment 1
Banking and related financial services — Information security guidelines — Amendment 1
Banque et services financiers liés aux opérations bancaires — Lignes directrices pour la sécurité de l'information — Amendement 1
General Information
Relations
Standards Content (Sample)
TECHNICAL ISO/TR
REPORT 13569
Second edition
1997-10-01
AMENDMENT 1
1998-12-15
Banking and related financial services —
Information security guidelines
AMENDMENT 1:
Banque et services financiers liés aux opérations bancaires —
Lignes directrices pour la sécurité de l'information
AMENDEMENT 1
A
Reference number
ISO/TR 13569:1997/Amd.1:1998(E)
---------------------- Page: 1 ----------------------
ISO/TR 13569:1997/Amd.1:1998(E)
Contents
1 Reference.1
2 Definition .1
3 Access Control.1
3.1 Internal or External users.1
3.1.1 Use of Certificates .1
3.2 Biometrics .2
3.3 Web Services.2
4 Cryptography .2
4.1 Key length recommendations .2
5 Miscellaneous .3
5.1 Y2k.3
5.2 Introduction of the Euro.3
6 Errata.3
© ISO 1998
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic
or mechanical, including photocopying and microfilm, without permission in writing from the publisher.
International Organization for Standardization
Case postale 56 • CH-1211 Genève 20 • Switzerland
Internet iso@iso.ch
Printed in Switzerland
ii
---------------------- Page: 2 ----------------------
©
ISO
ISO/TR 13569:1997/Amd.1:1998(E)
Foreword
ISO (the International organization for Standardization) is a worldwide federation of national standards bodies (ISO
member bodies). The work of preparing International Standards is normally carried out through ISO technical
committees. Each member body interested in a subject for which a technical committee has been established has
the right to be represented on that committee. International organizations, governmental and non-governmental, in
liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical
Commission (IEC) on all matters of electrotechnical standardization.
The main task of ISO technical committees is to prepare International Standards. In exceptional circumstances a
technical committee may propose the publication of a Technical Report of one of the following types:
type 1, when the necessary support cannot be obtained for the publication of an International Standard, despite
repeated efforts;
type 2, when the subject is still under technical development or where for any other reason there is the future
but not immediate possibility of an agreement on an International Standard;
type 3, when a technical committee has collected data of a different kind from that which is normally published
as an International Standard (“state of the art”, for example).
Technical Reports of types 1 and 2 are subject to review within three years of publication, to decide whether they
can be transformed into International Standards. Technical Reports of type 3 do not necessarily have to be
reviewed until the data they provide are considered to be no longer valid or useful.
Amendment 1 to ISO/TR 13569:1997, which is a Technical Report of type 3, was prepared by Technical Committee
ISO/TC 68, Banking, securities and other financial services, Subcommittee SC 2, Security management and
general banking operations.
iii
---------------------- Page: 3 ----------------------
©
ISO
ISO/TR 13569:1997/Amd.1:1998(E)
Introduction
ISO/TR 13569 was last published in 1997. In the intervening months, technologies have advanced which present
new risks or opportunities. This Amendment is intended to bring up-to-date information to readers of
ISO/TR 13569:1997. A review of ISO/TR 13569:1997 did not yield any controls that are no longer appropriate;
therefore an Amendment, rather than a new version, was proposed.
iv
---------------------- Page: 4 ----------------------
©
ISO
ISO/TR 13569:1997/Amd.1:1998(E)
Banking and related financial services — Information security
guidelines
AMENDMENT 1
1 Reference
ISO/TR 13569:1997, Banking and related financial services — Information security guidelines.
2 Definition
2.1 Y2k
The year 2000; also taken to mean the problem in information processing systems in recognizing a “00” as meaning
the year 2000 and not the year 1900.
3 Access Control
The original editions of ISO/TR 13569, particularly subclause 7.2, focused on access control issues within the
organization at a time when technology for certificates was not fully mature. The number of external connections to
financial institutions’ computers continues to grow and International Standards on composition and use of digital
certificates now give institutions a choice of access control technology.
3.1 Internal or External users
Institutions should have access control policies in place that address access to their systems by employees, by
contractor, and by customers. In
...
TECHNICAL ISO/TR
REPORT
Second edition
1997-l O-01
AMENDMENT 1
1998-l 2-l 5
Banking and related financial services -
Information security guidelines
AMENDMENT 1:
Banque et services financiers Ii& aux opkrations bancaires -
Lignes directrices pour la &writ6 de I’information
AMENDEMENT I
Reference number
ISO/TR 13569: 1997/Amd. 1:1998(E)
---------------------- Page: 1 ----------------------
ISO/rR 13569:1997/Amd.l :1998(E)
Contents
.................................................................................................................................................................. 1
1 Reference
.................................................................................................................................................................. 1
2 Definition
......................................................................................................................................................... 1
3 Access Control
..................................................................................................................................... 1
3.1 Internal or External users
............................................................................................................................................. 1
3.1.1 Use of Certificates
2
3.2 Biometrics .
2
3.3 Web Services .
2
4 Cryptography .
2
4.1 Key length recommendations .
3
5 Miscellaneous .
3
5.1 Y2k .
3
5.2 Introduction of the Euro .
3
6 Errata . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .*.
0 IS0 1998
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic
or mechanical, including photocopying and microfilm, without permission in writing from the publisher.
International Organization for Standardization
Case postale 56 l W-121 1 Geneve 20 l Switzerland
iso @ iso.ch
Internet
Printed in Switzerland
ii
---------------------- Page: 2 ----------------------
lSO/rR 13569: 1997/Amd.l: 1998(E)
Foreword
IS0 (the international organization for Standardization) is a worldwide federation of national standards bodies (IS0
member bodies). The work of preparing international Standards is normally carried out through IS0 technical
committees. Each member body interested in a subject for which a technical committee has been established has
the right to be represented on that committee. International organizations, governmental and non-governmental, in
liaison with ISO, also take part in the work. IS0 collaborates closely with the International Electrotechnical
Commission (IEC) on all matters of electrotechnical standardization.
The main task of IS0 technical committees is to p repare inte rnationa I Standards. In except ional circumstances a
tech nical committee may propos a Technica I Report of one of the fo llowing types:
Ie the publication of
- type 1, when the necessary support cannot be obtained for the publication of an International Standard, despite
repeated efforts;
when t he subject is still under technical development or where ,for any other reason there is the future
- type 2,
but not imme Id iate possi b lity of an agreement on an Internationa Standard
data of a different kind from that which is normally published
- type 3, when a technical committee has collected
as an International Stand ard (“state of the art”, for exampl
e)-
Technical Reports of types 1 and 2 are subject to review within three years of publication, to decide whether they
can be transformed into International Standards. Technical Reports of type 3 do not necessarily have to be
reviewed until the data they provide are considered to be no longer valid or useful.
Amendment 1 to ISOmR 13569:1997, which is a Technical Report of type 3, was prepared by Technical Committee
ISO/TC 68, Banking, securities and other financial services, Subcommittee SC 2, Security management and
general banking operations.
---------------------- Page: 3 ----------------------
!lSOBhl? 1 X569:1 997IAm
Introduction
ISO/TR 13569 was last published in 1997. In the intervening months, technologies have advanced which present
new risks or opportunities. This Amendment is intended to bring up-to-date information to readers of
ISOTTR 13569:1997. A review of ISOKR 13569:1997 did not yield any controls that are no longer appropriate;
therefore an Amendment, rather than a new version, was proposed.
IV
---------------------- Page: 4 ----------------------
anki anciai services -- I
and relate
guidelines
AMENDMENT 1
I Reference
Information security guidelines.
lSOrPR 13569:1997, Banking and related financial services --
2 Definition
2.1 Y2k
The year 2000; also taken to mean the problem in information processing systems in recognizing a “00” as meaning
the year 2000 and not the year 1900.
Access Control
3
The original editions of ISO/TR 13569, particularly subclause 7.2, focused on access control issues within the
organization at a time when technology for certificates was not fully mature. The number of external connections to
financial institutions’ computers continues to grow and International Standards on composition and use of digital
certificates now give institutions a choice of access control technology.
31 . Internal or External users
Institutions should have access control policies in place that address access to their systems by emplo
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.