ISO 21188:2006 金融服务用公用密钥的基础-规范和政策构架

标准编号：ISO 21188:2006

中文名称：金融服务用公用密钥的基础-规范和政策构架

英文名称：Public key infrastructure for financial services — Practices and policy framework

发布日期：2006-05

标准范围

ISO 21188:2006规定了通过证书政策和认证实践声明管理PKI的要求框架，并允许在金融服务行业使用公钥证书。它还定义了控制目标和管理风险的支持程序。ISO 21188:2006对开放、封闭和合同环境中使用的PKI系统进行了区分。它进一步定义了与金融服务业公认的信息系统控制目标相关的操作实践。ISO 21188:2006旨在帮助实施者定义可支持多种证书策略的PKI实践，包括使用数字签名、远程身份验证和数据加密。ISO 21188:2006促进了运营、基准PKI控制实践的实施，以满足合同环境下金融服务行业的要求。虽然ISO 21188:2006的重点是合同环境，但并未明确禁止将本文件应用于其他环境。在本文件中，术语“证书”指公钥证书。属性证书不在ISO 21188:2006的范围内。

ISO 21188:2006 sets out a framework of requirements to manage a PKI through certificate policies and certification practice statements and to enable the use of public key certificates in the financial services industry. It also defines control objectives and supporting procedures to manage risks.ISO 21188:2006 draws a distinction between PKI systems used in open, closed and contractual environments. It further defines the operational practices relative to financial services industry accepted information systems control objectives. ISO 21188:2006 is intended to help implementers to define PKI practices that can support multiple certificate policies that include the use of digital signature, remote authentication and data encryption.ISO 21188:2006 facilitates the implementation of operational, baseline PKI control practices that satisfy the requirements for the financial services industry in a contractual environment. While the focus of ISO 21188:2006 is on the contractual environment, application of this document to other environments is not specifically precluded. For the purposes of this document, the term "certificate" refers to public key certificates. Attribute certificates are outside the scope of ISO 21188:2006.

标准预览图