Select Page

X9 Releases New Cloud Services Management and Security Standard

ANNAPOLIS, Md. –November 13, 2024

The Accredited Standards Committee X9 Inc. (X9) today announced that it has published a Cloud Management and Security standard. The new standard, X9.125, specifies the minimum management and security requirements for the effective use of cloud computing in a financial services environment. The standard is now available from ANSI for download.

The main purpose of this standard is to assist a financial cloud service customer in establishing and following an orderly cloud management lifecycle. This includes transition to, maintenance of and exit from systems and applications that utilize cloud computing. The standard also informs the providers and developers of cloud services as they design and implement systems and products that meet the needs of financial clients: services that will be marketable as secure, auditable and compliant with industry regulations. Finally, auditors and other security professionals can use this standard as a set of evaluation criteria when performing security assessments of cloud services.

This standard focuses on the specific dos and don’ts that a customer, once having chosen a cloud path, needs to observe. Some of the obligations and recommendations contained in this standard are solely the customer’s responsibility, while others should be discussed ahead of time between customers and providers of cloud services, and then reflected in the contractual agreement between the parties

Background

The financial industry has been a strong adopter of cloud services, particularly in the United States, with applications having grown to include business-critical systems such as credit scoring, trade data management and risk modeling. Accordingly, bankers and providers of financial services need to understand these technologies, establish an approach for identifying key risks and controls, and adhere to cloud management and security requirements – needs that X9.125 fills.

“For the better part of a decade, as cloud computing has ramped up and business workloads have moved to the cloud, the challenges of the technology environment, along with operational and business risks, have become more complicated for the financial industry,” said Jeff Stapleton, chair of the X9 working group that developed X9.125. “The new standard addresses these issues and creates a roadmap to enhanced management and security. We are grateful to the many X9 member company representatives who contributed their expertise to the creation of X9.125, with special recognition to the Object Management Group for its generous support and expertise in the development of this standard.”

About the Accredited Standards Committee X9 Inc.

The Accredited Standards Committee X9 Inc. is a non-profit organization accredited by the American National Standards Institute (ANSI) to develop and maintain national and – through ISO — international standards for the financial services industry. The subjects of X9’s standards include: retail, mobile and business payments; corporate treasury functions; block chain technology; processing of electronic legal orders issued to financial institutions; tracking of financial transactions and instruments; financial transaction messaging (ISO 8583 and 20022); quantum computing; AI, PKI; checks; cloud; data breach notification and more.

X9 acts as the U.S. Technical Advisory Group (TAG) for ISO TC68 (Financial) and TC321 (E-Commerce) and performs the secretariat functions for ISO TC68. Please visit our website (www.x9.org) for more information.

X9 Media Contact

Judith Vanderkay
jvanderkay@gmail.com
+1 (781) 883-3793

Archives