ISO/TS 9546
(Main)Guidelines for security framework of information systems of third-party payment services
Guidelines for security framework of information systems of third-party payment services
The security framework addresses the implementation of security mechanisms to achieve the security objectives as defined in ISO 23195. The security framework is concerned with defining the means of providing protection for systems and objects within the TPP system environment, and for the interactions between such systems. This document describes a generic security framework that can apply to the provision of any TPP service, including: - the TPP logical structural model, - the definition of the security framework, - the design principles, responsibilities, and functional requirements to support the security mechanism, - guidelines for applying security framework defined in this document, for TPP services.
Lignes directrices relatives au cadre de sécurité des systèmes d'information des prestataires de services de paiement
General Information
Buy Standard
Standards Content (Sample)
FINAL
TECHNICAL ISO/DTS
DRAFT
SPECIFICATION 9546
ISO/TC 68/SC 2
Guidelines for security framework of
Secretariat: BSI
information systems of third-party
Voting begins on:
2023-12-14 payment services
Voting terminates on:
2024-02-08
RECIPIENTS OF THIS DRAFT ARE INVITED TO
SUBMIT, WITH THEIR COMMENTS, NOTIFICATION
OF ANY RELEVANT PATENT RIGHTS OF WHICH
THEY ARE AWARE AND TO PROVIDE SUPPOR TING
DOCUMENTATION.
IN ADDITION TO THEIR EVALUATION AS
Reference number
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO-
ISO/DTS 9546:2023(E)
LOGICAL, COMMERCIAL AND USER PURPOSES,
DRAFT INTERNATIONAL STANDARDS MAY ON
OCCASION HAVE TO BE CONSIDERED IN THE
LIGHT OF THEIR POTENTIAL TO BECOME STAN-
DARDS TO WHICH REFERENCE MAY BE MADE IN
NATIONAL REGULATIONS. © ISO 2023
---------------------- Page: 1 ----------------------
ISO/DTS 9546:2023(E)
FINAL
TECHNICAL ISO/DTS
DRAFT
SPECIFICATION 9546
ISO/TC 68/SC 2
Guidelines for security framework of
Secretariat: BSI
information systems of third-party
Voting begins on:
payment services
Voting terminates on:
COPYRIGHT PROTECTED DOCUMENT
© ISO 2023
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
RECIPIENTS OF THIS DRAFT ARE INVITED TO
ISO copyright office
SUBMIT, WITH THEIR COMMENTS, NOTIFICATION
OF ANY RELEVANT PATENT RIGHTS OF WHICH
CP 401 • Ch. de Blandonnet 8
THEY ARE AWARE AND TO PROVIDE SUPPOR TING
CH-1214 Vernier, Geneva
DOCUMENTATION.
Phone: +41 22 749 01 11
IN ADDITION TO THEIR EVALUATION AS
Reference number
Email: copyright@iso.org
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO
ISO/DTS 9546:2023(E)
Website: www.iso.org
LOGICAL, COMMERCIAL AND USER PURPOSES,
DRAFT INTERNATIONAL STANDARDS MAY ON
Published in Switzerland
OCCASION HAVE TO BE CONSIDERED IN THE
LIGHT OF THEIR POTENTIAL TO BECOME STAN
DARDS TO WHICH REFERENCE MAY BE MADE IN
ii
© ISO 2023 – All rights reserved
NATIONAL REGULATIONS. © ISO 2023
---------------------- Page: 2 ----------------------
ISO/DTS 9546:2023(E)
Contents Page
Foreword .v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviated terms . 4
5 TPP logical structural models .4
5.1 General introduction . 4
5.2 TPP logical structural model without the TPPAIS . 4
5.3 TPP logical structural model with the TPPAIS . 5
6 TPP security functional recommendations . 6
6.1 General security functional recommendations. 6
6.1.1 General . 6
6.1.2 Identification and authentication .
...
ISO/DTS 9546
ISO/TC 68/SC 2
Secretariat: BSI
Date: 2023-11-30
Guidelines for Security Frameworksecurity framework of
Information Systemsinformation systems of Third Party Payment
Servicesthird-party payment services
© ISO 2023 – All rights reserved
---------------------- Page: 1 ----------------------
ISO/DTS 9546:(E)
© ISO 2023
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this
publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical,
including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can
be requested from either ISO at the address below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: + 41 22 749 01 11
E-mail: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2023 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/DTS 9546:(E)
Contents
Foreword . v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviated terms . 4
5 TPP logical structural models . 5
5.1 General introduction . 5
5.2 TPP logical structural model without the TPP-AIS . 5
5.3 TPP logical structural model with the TPP-AIS . 6
6 TPP security functional recommendations . 6
6.1 General security functional recommendations . 6
6.1.1 General . 6
6.1.2 Identification and authentication . 6
6.1.3 Authorization . 7
6.1.4 Audit logging . 8
6.1.5 Asset protection . 8
6.2 Security functional recommendations for TPPSP credentials carrier (C2) . 9
6.2.1 Encryption . 9
6.2.2 User authentication . 9
6.2.3 Access control . 9
6.3 Security functional recommendations for payment terminal (C3) . 9
6.3.1 Encryption .
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.