Call for Experts for 3 New X9 Initiatives:
Blockchain Report Audit Framework, “Secret Sharing” Standard, and Data Protection and Breach Notification Standard
The Accredited Standards Committee X9 Inc. (X9) today announced three new projects for which it seeks expert participants: an effort to develop a framework of blockchain audit guidelines, development of a new standard addressing the practice of “secret sharing,” and creation of a new standard for processes to protect data and report breaches. Potential contributors are invited to get in touch with X9.
Blockchain Report Audit Framework
Enterprise interest in exploring and implementing private blockchain networks both globally and in the U.S. appears to be strengthening. In financial services, audits and assessments are basic and necessary functions, but there are no guidelines that apply to blockchain reports. X9’s Blockchain Auditing workgroup seeks professionals who have experience in blockchain, security or auditing to create a framework of audit guidelines for financial firms using private blockchain solutions, which will be delivered as Technical Report 54. The group’s first meeting will be held Wednesday, July 24, 12-1 p.m. Eastern time; interested parties may write to firstname.lastname@example.org for meeting information. More details are available on the X9 website.
Secret Sharing Standard
Secret sharing schemes include cryptographic methods for distributing a secret – such as a symmetric key or asymmetric private key — among a group of participants, such that no one person has access to the entire secret. Due to the lack of standards, there are misconceptions and misinformation about secret sharing methods and how to use them. This new standard, designated X9.135, will provide valuable information to product manufacturers, service providers (including cloud services) and end users attempting to secure their cryptographic systems. Individuals with relevant expertise are sought by X9’s Data and Information Security Subcommittee. More detail is online.
Breach Notification and Protection Governance Standard
This new standard, designated X9.141, will define requirements for data protection and breach notification for the financial services industry. This standard will apply to all organizations that handle sensitive payment information, and it will provide a consistent breach notification process to protect consumers and other stakeholders nationwide. X9’s Cybersecurity and Cryptographic Solutions workgroup is looking for individuals with technical knowledge in areas including encryption, identity management, data privacy and data security to assist in drafting the standard. Details can be found on the X9 website.
“These three new projects demonstrate the energy and range of ideas that have surged from X9 members this spring, in a remarkable level of activity and inspiration,” said X9 Executive Director Steve Stevens. “All three initiatives will deliver valuable tools and guidance to the financial services industry, and I urge all interested parties to learn more and join the work.”
About the Accredited Standards Committee X9 Inc.
The Accredited Standards Committee X9 Inc. is a non-profit organization accredited by the American National Standards Institute (ANSI) to develop both national and international standards for the financial services industry. X9 has over 100 member companies and over 400 company representatives that work to develop and maintain approximately 100 domestic standards and 58 international standards.
The subjects of X9’s standards include: retail and mobile payments; printing and processing of checks; corporate treasury functions; block chain technology; processing of legal orders issued to financial institutions; tracking of financial transactions and instruments; tokenization of data at rest; quantum computing risk; data breach; electronic contracts; and remittance data in business payments. X9 performs the secretariat function, acts as the U.S. Technical Advisory Group, and provides the committee chair for ISO TC68, which produces international standards for the global financial services industry. X9 also acts as the U.S. Technical Advisory Group for ISO TC322. For more information about X9 and its work, visit www.x9.org.
ASC X9 TR 48-2018 Card-Not-Present (CNP) Fraud Mitigation in the United States
ANSI X9.124-2-2018 Financial Services – Symmetric Key Cryptography for the Financial Services Industry – Format
Preserving Encryption- Part 2: Key Stream with Counter Mode
ANSI X9.129-2017 (Version 01) Legal Order Exchange
ANSI X9.69-2017 Framework for Key Management Extensions