ISO 11568:2023

Financial services — Key management (retail)

Publication date: Feb 17, 2023

General information

Current stage: 60.60 Effective date: Feb 17, 2023

Originator: ISO

Owner: ISO/TC 68/SC 2

Type: International Standard

ICS: 35.240.40

Languages: English

Buying

Status: Published

PDF

Paper

PDF and Paper

Language

Language in which you want to receive the document.

Scope

This document describes the management of symmetric and asymmetric cryptographic keys that can be used to protect sensitive information in financial services related to retail payments. The document covers all aspects of retail financial services, including connections between a card-accepting device and an Acquirer, between an Acquirer and a card Issuer, and between an ICC and a card-accepting device. It covers all phases of the key life cycle, including the generation, distribution, utilization, archiving, replacement and destruction of the keying material. This document covers manual and automated management of keying material, and any combination thereof, used for retail financial services. It includes guidance and requirements related to key separation, substitution prevention, identification, synchronization, integrity, confidentiality and compromise, as well as logging and auditing of key management events.
Requirements associated with hardware used to manage keys have also been included in this document.

Life cycle

PREVIOUSLY

WITHDRAWN
ISO 11568-1:2005

WITHDRAWN
ISO 11568-4:2007

WITHDRAWN
ISO 11568-2:2012

NOW

PUBLISHED
ISO 11568:2023
60.60 Standard published
Feb 17, 2023