INDUSTRY STANDARDS
Standards are crucial in ensuring the safety, quality and reliability of digital products and services. That’s why our experts work closely with other bodies to deliver future-proofed, compliant solutions.
What is a standard?
The International Standards Organization (ISO) describes standards as:
Simply
A formula that describes the best way of doing something.
Specifically
A document that provides requirements, specifications, guidelines or characteristics that can be used consistently to ensure that materials, products, processes and services are fit for their purpose.
Built with unrivalled technical knowledge gained over decades of experience, our solutions, help governments, banks and businesses understand their vulnerabilities and take action to keep regulators happy and digital assets safe.
CEN, the European Committee for Standardization, is an association that brings together the NationalStandardization Bodies of 33 European countries. CEN provides a platform for the development of European Standards and other technical documents in relation to various kinds of products, materials, services and processes. CEN supports standardization activities in relation to a wide range of fields and sectors including: air and space, chemicals, construction, consumer products, defense and security, energy, the environment, food and feed, health and safety, healthcare, ICT, machinery, materials, pressure equipment, srvices, smart living, transport and packaging
www.cen.eu
EMVCo manages, maintains and enhances the EMV® Integrated Circuit Card Specifications for chip-based payment cards and acceptance devices, including point of sale (POS) terminals and ATMs. EMVCo also establishes and administers testing and approval processes to evaluate compliance with the EMV Specifications. A primary goal of EMVCo and the EMV Specifications is to help facilitate global interoperability and compatibility of chip-based payment cards and acceptance devices. This objective extends to new types of payment devices as well, including contactless payment and mobile payment.
www.emvco.com
ETSI, the European Telecommunications Standards Institute, produces globally-applicable standards for Information and Communications Technologies (ICT), including fixed, mobile, radio, converged, broadcast and Internet technologies. ETSI standards enable the technologies on which business and society rely.For example, the standards for GSM™, DECT™, Smart Cards and electronic signatures have helped to revolutionize modern life all over the world. www.ETSI.ORG
www.ETSI.ORG
GlobalPlatform is an independent, not-for-profit organization driven by over 50 cross-industry member organizations. GlobalPlatform is the leading international association focused on establishing and maintaining interoperable specifications for single and multi-application smart cards, acceptance devices and systems infrastructure that deliver benefits to issuers, service providers and technology suppliers
www.GLOBALPLATFORM.ORG
The Microsoft Partner Network is designed to equip organizations that deliver products and services based on the Microsoft platform with the training, resources and support they need to provide their customers a superior experience and outcomes.
Cryptomathic has achieved a Gold Independent Software Vendor (ISV) / Software Competency in the Microsoft Partner Network, demonstrating its ability to meet Microsoft customers' evolving needs in today's dynamic business environment.
The Microsoft Gold Competency signifies to the market that a company has demonstrated the highest level of skill and achievement within a given technology specialism. Each competency has a unique set of requirements and benefits, formulated to accurately represent the specific skills and services that partners bring to the industry
PARTNER.MICROSOFT.COM
NIST (The National Institute of Standards and Technology) is a non-regulatory federal agency within the U.S. Department of Commerce which is heavily involved in standardization of cryptographic solutions. NIST's mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.
The NIST Federal Information Processing Standard - FIPS - is one of many NIST initiatives relevant to secure solutions.
For the use of HSMs (Hardware Security Modules) FIPS 140 has prevailed as the predominantstandard for security evaluation.
Cryptomathic uses HSMs which are accredited to the FIPS 140-2 Level 3 or 4, as these HSMs comply with many major industry standards, such as those set out by card payments schemes, for example, Visa, as well as governments and military.
www.itl.nist.gov/fipspubs
OATH is an industry-wide collaboration to develop an open reference architecture by leveraging existing open standards for the universal adoption of strong authentication.
OATH is comprised of industry leaders working with other standards groups toward the propagation of ubiquitous strong authentication, enabling eBusiness and giving customers the confidence to conduct secure commerce and communication online.
An OATH ecosystem consists of devices, chip sets, platforms, applications, integrators, and customers, all working together in a strongly authenticated, highly secure environment.
www.OATH.COM
OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit consortium that drives the development, convergence and adoption of open standards for the global information society.
OASIS promotes industry consensus and produces worldwide standards for security, Cloud computing, SOA, Web services, the Smart Grid, electronic publishing, emergency management, and other areas.
OASIS open standards offer the potential to lower cost, stimulate innovation, grow global markets, and protect the right of free choice of technology.
www.OAsis-open.COM
The PCI Security Standards Council offers robust and comprehensive standards and supporting materials to enhance payment card data security. These materials include a framework of specifications, tools, measurements and support resources to help organizations ensure the safe handling of cardholder information at every step. The keystone is the PCI Data Security Standard (PCI DSS), which provides an actionable framework for developing a robust payment card data security process -- including prevention, detection and appropriate reaction to security incidents.
www.pcisecuritystandards.org
PKCS, which stands for Public Key Cryptography Standard, is one of the most important standard frameworks in modern cryptography.
Since work on the standard was started in the 1980s there have been many standards published under the framework.
The most notable PCKS standard that Cryptomathic works with is PKCS#11 -- used for integration software applications with Hardware Security Modules (HSMs).
Cryptomathic solutions support and adhere to many of the other PKCS standards as well.
en.wikipedia.org/wiki/PKCS
The Smart Card Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption, use and widespread application of smart card technology.
The Alliance invests heavily in education on the appropriate uses of technology for identification, payment and other applications and strongly advocates the use of smart card technology in a way that protects privacy and enhances data security and integrity.
Through specific projects such as education programs, market research, advocacy, industry relations and open forums, the Alliance keeps its members connected to industry leaders and innovative thought.
The Alliance is the single industry voice for smart card technology, leading industry discussion on the impact and value of smart cards in the U.S. and Latin America
www.smartcardalliance.org
The Trusted Computing Group (TCG) is a not-for-profit organization formed to develop, define, and promote open standards for hardware-enabled trusted computing and security technologies, including hardware building blocks and software interfaces, across multiple platforms, peripherals, and devices.
TCG specifications will enable more secure computing environments without compromising functional integrity, privacy, or individual rights.
The primary goal is to help users protect their information assets (data, passwords, keys, etc.) from compromise due to external software attack and physical theft