20/30382311 DC - BS ISO 23195. Security objectives of information systems of third-party payment services

20/30382311 DC

BS ISO 23195. Security objectives of information systems of third-party payment services

Status : Current, Draft for public comment   Published : April 2020

Format
PDF

Format
HARDCOPY



This standard defines terms used in the context of discussing payments by using a third-party payment (TPP), establishes a logical structural model in which assets to be protected are clarified, specifies security objectives where the logical structure model is the basis of analysis and the information security objectives are derived by analysing the interaction on the assets affected by threats, organizational security policies and assumptions. These security objectives are set out to counter the threats resulting from the TPP intermediation compared with simpler payment models where the payer and the beneficiary (payee) directly interact with their respective account servicing banks.

NOTE In the standard, some security objectives required by an information system designed to provide TPP payment services are deemed assumptions according to the methodology specified in ISO/IEC 15408 because those matters are able to be considered as the precondition of the application system. At the same time, some security objectives for the communication channels to be created between the entities participating in a TPP-intermediated transaction (e.g., to be established between the TPP-BIS and bank accounting systems) are deemed assumptions according to the methodology specified in ISO/IEC 15408 because the bank accounting systems are out of the TOE.




Standard Number20/30382311 DC
TitleBS ISO 23195. Security objectives of information systems of third-party payment services
StatusCurrent, Draft for public comment
Publication Date28 April 2020
Normative References(Required to achieve compliance to this standard)ISO/IEC 27000:2016, ISO/IEC 2382:2015, ISO/TR 21941, ISO/IEC 15408-1:2009
Informative References(Provided for Information)ISO 22300:2018, ISO 12812-1:2017, ISO/TS 24533:2012, ISO/IEC 29100:2011
International RelationshipsISO/DIS 23195
Draft Expiry Date21 June 2020
DescriptorsConformity, Financial institutions, Machine-readable materials, Magnetic cards, Personal identification numbers, Retailing, Verification, Performance, Data storage protection, Data processing, Banks, Cryptography, Finance, Information exchange, Data security, Identity cards, Magnetic stripes
ICS03.060
35.240.40
Title in FrenchTitre manque
CommitteeIST/12
PublisherBSI
FormatA4
DeliveryYes
Pages51
File Size6.025 MB
NotesWarning: this draft is not current beyond its expiry date for comments.
Price£20.00


 Your basket
Your basket is empty

Multi-user access to over 3,500 medical device standards, regulations, expert commentaries and other documents


Worldwide Standards
We can source any standard from anywhere in the world


Develop a PAS

Develop a fast-track standardization document in 9-12 months


BSOL

The faster, easier way to work with standards