BS ISO 21188:2018 sets out a framework of requirements to manage a PKI through certificate policies and certification practice statements and to enable the use of public key certificates in the financial services industry. It also defines control objectives and supporting procedures to manage risks. While this document addresses the generation of public key certificates that might be used for digital signatures or key establishment, it does not address authentication methods, non-repudiation requirements or key management protocols.

This document draws a distinction between PKI systems used in closed, open and contractual environments. It further defines the operational practices relative to financial-services-industryaccepted information systems control objectives. This document is intended to help implementers to define PKI practices that can support multiple certificate policies that include the use of digital signature, remote authentication, key exchange and data encryption.

This document facilitates the implementation of operational, baseline PKI control practices that satisfy the requirements for the financial services industry in a contractual environment. While the focus of this document is on the contractual environment, application of this document to other environments is not specifically precluded. For the purposes of this document, the term "certificate" refers to public key certificates. Attribute certificates are outside the scope of this document.


Cross References:
ISO/IEC 18033-4
ISO/IEC 18032
ISO 13491-1
ISO/IEC 9594-8
ISO/IEC 18033-1
ISO/IEC 18033-2
ISO/IEC 18033-3
ISO/IEC 19790
ISO/IEC 7813
CWA 14170
CWA 14168
ETSI TS 102 042
ETSI TS 101 456
ISO/TR 13569
ISO/IEC 8824
ISO/IEC 15945
ISO/IEC 15408
ISO 18014-2
CWA 14169
ISO/IEC 10646-1
ISO/IEC 7816
ISO 18014-3
ISO/IEC 10118-3
ISO/IEC 7810
ISO/IEC 27002:2013
ISO/IEC 9834-1:2012


All current amendments available at time of purchase are included with the purchase of this document.