ASC X9 Revises the Registry of Approved Cryptographic Resources for Financial Services Industry Standards
The Accredited Standards Committee X9 (X9) has recently revised the Registry of Approved Cryptographic Resources for Financial Services Industry. In addition to developing cryptographic techniques within its own standards, X9 relies upon standards and techniques from other standards-developing organizations as resources when developing its own standards. Appropriate cryptographic techniques may be found in standards produced by such organizations as the National Institute of Standards and Technology (NIST), the Institute of Electrical and Electronics Engineers (IEEE), and the Internet Engineering Task Force (IETF). In this document the term “resource” is defined to be a cryptographic standard, a National Institute of Standards and Technology (NIST) Special Publication, or a cryptographic technique specified in a standard or NIST Special Publication that is used to support X9 standards.
Many X9 standards rely upon the symmetric block ciphers, Triple Data Encryption Algorithm (TDEA) and the Advanced Encryption Standard (AES). Although fully specified in external documents, these algorithms, along with the modes of operation specified in the NIST Special Publication (SP) 800-38 series are important tools that provide confidentiality or integrity protection for financial data. In addition, X9 also relies upon hashing and message authentication algorithms from external resources that support X9 digital signature and key establishment standards.
Rather than re-write, replicate or repeat algorithms or other general cryptographic techniques within the contents of its Financial Services Industry American National Standards, ASC X9 has developed a Registry of approved resources. Since new resources are continually being developed (by a variety of general technical standards producers), the Registry is a living document that provides for the addition and deletion of resources, when X9 approves it.
ASC X9 TR 48-2018 Card-Not-Present (CNP) Fraud Mitigation in the United States
ANSI X9.124-2-2018 Financial Services – Symmetric Key Cryptography for the Financial Services Industry – Format
Preserving Encryption- Part 2: Key Stream with Counter Mode
ANSI X9.129-2017 (Version 01) Legal Order Exchange
ANSI X9.69-2017 Framework for Key Management Extensions