Security Management, Legislation, Authentication
Audit, security management, risk management, threat countermeasures. Security evaluation, evaluation criteria and processes. Standards in IT security and cryptography, legislation related to cryptology. Digital signature – constructions, legislation, public key management, certification authorities and public-key infrastructures. Authentication of users in computer systems – secret information, tokens, biometrics. Identification systems and identity management. (PA018)
Other Sources
Standards
ISO/IEC 27000 series - ISMS
ANSI X9.23
- FINANCIAL INSTITUTION ENCRYPTION OF WHOLESALE FINANCIAL MESSAGES
- padding for CBC with random bytes, the last byte is set to the number of bytes added
ANSI X9.31
- Digital Signatures Using Reversible Public Key Cryptography for the Financial Services Industry (rDSA)
ANSI X9.62
- Public Key Cryptography for the Financial Services Industry : The Elliptic Curve Digital Signature Algorithm (ECDSA)
ANSI X9.82
- random number generation
FIPS 140-2 (NIST)
- Security Requirements for Cryptographic Modules
FIPS 140-3
- Security Requirements for Cryptographic Modules
FIPS 186-5 (NIST)
- Digital Signature Standard (DSS)
- digital signatures; RSA, ECDSA, EdDSA
- in the latest version, DSA was removed as approved for digital signature generation and EdDSA was added
PKCS (RSA Security)
ISO/IEC 11770 - key management
- Information security: Key management
X.509 (ITU)
- The Directory: Public-key and attribute certificate frameworks
RFC (IETF)
ETSI EN 319 142-1 - Electronic Signatures and Infrastructures
- used in European Union (digital signatures in Czech Republic follow these)
ETSI TS 119 312 - Electronic Signatures and Infrastructures (ESI); Cryptographic Suites
- SHA2/SHA3, DSA/RSA/ECDSA/EC-SDSA