ISO 23195:2021
p
ISO 23195:2021
74853
Indisponible en français

État actuel : Publiée

fr
Format Langue
std 1 173 PDF + ePub
std 2 173 Papier
  • CHF173
Convertir les francs suisses (CHF) dans une autre devise

Résumé

This document defines a common terminology to be used in the context of third-party payment (TPP). Next, it establishes two logical structural models in which the assets to be protected are clarified. Finally, it specifies security objectives based on the analysis of the logical structural models and the interaction of the assets affected by threats, organizational security policies and assumptions. These security objectives are set out in order to counter the threats resulting from the intermediary nature of TPPSPs offering payment services compared with simpler payment models where the payer and the payee directly interact with their respective account servicing payment service provider (ASPSP).

This document assumes that TPP-centric payments rely on the use of TPPSP credentials and the corresponding certified processes for issuance, distribution and renewal purposes. However, security objectives for such processes are out of the scope of this document.

NOTE       This document is based on the methodology specified in the ISO/IEC 15408 series. Therefore, the security matters that do not belong to the TOE are dealt with as assumptions, such as the security required by an information system that provides TPP services and the security of communication channels between the entities participating in a TPP business.

Prévisualiser 

Prévisualiser cette norme sur notre Plateforme de consultation en ligne (OBP)

Informations générales

  •  : Publiée
     : 2021-06
    : Norme internationale publiée [60.60]
  •  : 1
  • ISO/TC 68/SC 2
    03.060  35.240.40 
  • RSS mises à jour

Vous avez une question?

Consulter notre FAQ

Service à la clientèle
+41 22 749 08 88

Horaires d’ouverture:
De lundi à vendredi - 09:00-12:00, 14:00-17:00 (UTC+1)