|
US$459.00 · In stock
Delivery: <= 4 days. True-PDF full-copy in English will be manually translated and delivered via email.
GA/T 1280-2024: Security specifications for self-service bank devices
Status: Valid GA/T 1280: Evolution and historical versions
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GA/T 1280-2024 | English | 459 |
Add to Cart
|
4 days [Need to translate]
|
Security specifications for self-service bank devices
| Valid |
GA/T 1280-2024
|
| GA 1280-2015 | English | 150 |
Add to Cart
|
0--9 seconds. Auto-delivery
|
Security requirements for automatic teller machines
| Obsolete |
GA 1280-2015
|
Basic data | Standard ID | GA/T 1280-2024 (GA/T1280-2024) | | Description (Translated English) | Security specifications for self-service bank devices | | Sector / Industry | Public Security (Police) Industry Standard (Recommended) | | Classification of Chinese Standard | A91 | | Classification of International Standard | 13.310 | | Word Count Estimation | 22,220 | | Date of Issue | 2024-05-04 | | Date of Implementation | 2024-10-01 | | Older Standard (superseded by this standard) | GA 1280-2015 | | Issuing agency(ies) | Ministry of Public Security | | Summary | This standard specifies the classification of bank self-service equipment, structural safety requirements, module safety requirements, network access safety requirements, operating system safety requirements, application system safety requirements and data security requirements, describes the test methods, and establishes inspection rules. This standard applies to the design, manufacture and inspection of bank self-service equipment. | GA/T 1280-2024: Security specifications for self-service bank devices---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Public Security Industry Standard of the People's Republic of China
ICS 13.310CCS A 91
Security Specifications for Bank Self-Service Equipment
Security specifications for self-service bank devices
2024-05-04 Release
2024-10-01 Implementation
The Ministry of Public Security of the People's Republic of China issued
Replaces GA 1280-2015
Table of contents
Preface Ⅲ
1 Scope...1
2 Normative references 1
3 Terms, definitions and abbreviations 1
4 Equipment Classification...3
5 Structural safety requirements ...3
6 Module Security Requirements ...3
7 Network access security requirements ...4
8 Operating System Security Requirements ...5
9 Application System Security Requirements 6
10 Data security requirements 7
11 Test methods 7
12 Inspection Rules...13
Appendix A (Normative) Technical requirements and test methods for electronic dynamic password locks ...16
Foreword
This document is in accordance with the provisions of GB/T 1.1-2020 "Guidelines for standardization work Part 1.Structure and drafting rules for standardization documents"
Drafting is required.
This document replaces GA 1280-2015 "Automated Teller Machine Security Requirements". Compared with GA 1280-2015, in addition to structural adjustments and
In addition to logical changes, the main technical changes are as follows.
-- Changed the name of the standard from "Automatic Teller Machine Security Requirements" to "Bank Self-Service Equipment Security Specification";
--Added some terms (see 3.1.1, 3.1.11), changed some terms (see 3.1.2, 3.1.3 of the.2015 edition), deleted some
Terminology (see 3.1.1, 3.1.2, 3.1.8 of the.2015 edition);
--Added the classification of bank self-service equipment (see Chapter 4);
--Changed the anti-peeping requirements for encryption keyboards (see 5.1, 4.2 of the.2015 edition);
--Changed the hole position requirements (see 5.2, 4.5 of the.2015 edition);
--Changed the anti-peeping requirements for customer-operated display screens (see 5.4, 4.3 of the.2015 edition);
--Changed the shell strength requirements (see 5.5, 4.9 of the.2015 edition);
--Changed the requirements for display screen protection steel plate (see 5.6, 4.4 of the.2015 edition);
-- Changed the lock configuration requirements for cash bank equipment cabinet doors (see 5.7, 4.6 of the.2015 edition);
--Changed camera requirements (see 5.8, 4.7 of the.2015 edition);
-- Changed the requirements for alarm detection devices (see 5.9, 4.12 of the.2015 edition);
-- Changed the requirement for anti-theft reading/skimming design for the card slot of cash-type banking equipment (see 5.10, 4.13 of the.2015 edition);
-- Changed the requirements for the cash dispensing module (see 6.2.1, 6.2.5, 5.2.2, 5.2.6 of the.2015 version), and deleted some requirements (see
Version 5.1.1);
-- Changed the deposit module requirements (see 6.3.1, 6.3.2, 6.3.5, 5.3.1, 5.3.2, 5.3.5 of the.2015 version), added the cancellation of deposits
Request for return of original transaction notes (see 6.3.6);
-- Changed the requirements for the integrated cash dispensing and depositing module (see 6.4.1, 6.4.3, 5.4.1, 5.4.3 of the.2015 edition);
-- Changed the installation requirements for safes (see 6.6.1, 6.6.2, 5.5.1, 5.5.2 of the.2015 edition);
-- Changed the requirements for electronic dynamic password locks for safes of cash banking equipment (see 6.6.3 and Appendix A,.2015 Edition)
5.5.3);
--Changed the encryption keyboard module requirements (see 6.5, 5.6 of the.2015 edition);
-- Changed network access requirements (see 7.1.1, 7.1.3, 6.1.1, 6.1.2 of the.2015 version), and added some requirements (see
7.1.2, 7.1.4);
-- Changed the transmission security requirements [see 7.3 a), 6.3 a) of the.2015 edition];
--Deleted some requirements for operating system security configuration (see 7.1.1 and 7.1.5 of the.2015 version);
--Changed the Guest account access control requirements (see 8.3.1, 7.3.1 of the.2015 version);
--Changed the operating system's policy mechanism for controlling password complexity requirements (see 8.3.3.3, 7.3.3.3 of the.2015 edition);
-- Changed the operating system password file/file directory protection requirements (see 8.3.4, 7.3.4 of the.2015 edition);
-- Changed the operating system registry protection requirements (see 8.3.5, 7.3.5 of the.2015 version);
--Changed the time synchronization and timing processing requirements for application system protection (see 9.2, 8.2 of the.2015 edition);
--Changed the data confidentiality requirements (see 10.1, 9.1 of the.2015 edition);
--Changed the account information security requirements (see 10.2.1, 9.2.1 of the.2015 version);
--Changed the requirements for anti-peeping inspection of customer-operated display screens (see 11.2.4, 10.3.2.1 of the.2015 edition);
--Changed the test method for anti-skimming/skimming design (see 11.2.10, 10.2.13 of the.2015 version);
--Deleted some requirements for cash dispensing module inspection (see 7.1.1 and 7.1.5 of the.2015 edition);
--Added some requirements for deposit module inspection (see 11.3.3.6);
--Changed the inspection requirements for the cash dispensing and depositing integrated modules (see 11.3.4.3, 10.3.5.4 of the.2015 edition);
--Changed the requirements for encryption keyboard module inspection (see 11.3.5, 10.3.6 of the.2015 edition);
--Changed some requirements for safe inspection (see 11.3.6.1, 11.3.6.2, 10.3.5.1, 10.3.5.2 of the.2015 edition);
-- Changed the access control verification requirements (see 11.4.1, 10.4.1 of the.2015 edition);
--Deleted the operating system security configuration verification requirements (see 10.5.1.1, 10.5.1.5 of the.2015 version);
--Changed the Guest account access control verification requirements (see 11.5.3.1, 10.5.3.1 of the.2015 version);
--Changed the registry protection inspection requirements (see 11.5.3.5, 10.5.3.5 of the.2015 version);
--Added failure strategy inspection requirements (see 11.6.1.2.2~11.6.1.2.4);
--Changed the time synchronization and timing processing verification requirements (see 11.6.2, 10.6.2 of the.2015 edition);
--Changed the data confidentiality verification requirements (see 11.7.1, 10.7.1 of the.2015 edition);
--Added account information security verification requirements (see 11.7.2.1.3);
--Added technical requirements and test methods for electronic dynamic password locks (see Appendix A).
Please note that some of the contents of this document may involve patents. The issuing organization of this document does not assume the responsibility for identifying these patents.
This document was submitted by the Public Security Bureau of the Ministry of Public Security.
This document is under the jurisdiction of the National Security Alarm System Standardization Technical Committee (SAC/TC 100).
This document was drafted by. Public Security Administration Bureau of the Ministry of Public Security, First Research Institute of the Ministry of Public Security, and Quality Inspection Center for Security and Police Electronic Products of the Ministry of Public Security
Xin, China Broadcasting Network Communication Group Co., Ltd., Beijing Shengxun Electronics Co., Ltd., Eastern Communications Co., Ltd., Zhuhai Huijin Technology
Co., Ltd., Shenzhen Yihua Computer Co., Ltd., Hengyin Financial Technology Co., Ltd., Great Wall Information Co., Ltd.,
Shenzhen Electric Financial Equipment System Co., Ltd., Industrial and Commercial Bank of China, Agricultural Bank of China Co., Ltd., Bank of China, China Construction Bank
Bank, China Post Group Corporation, Hua Xia Bank.
The main drafters of this document are. Yuan He, Qiu Rixiang, Wen Yi, Zhou Xin, Li Haitao, Li Yedong, Nie Rong, Zhang Xiaolong, Gao Weibin, Zhang Wusong,
Jiang Haoran, Huang Yi, Huang Fuping, Ren Ji, Han Tao, Song Jinlei, Wang Jianli, Liu Cheng, Jiang Shenwei.
The previous versions of this document and the documents it replaces are as follows.
--First released in.2015 as GA 1280-2015;
--This is the first revision.
Security Specifications for Bank Self-Service Equipment
1 Scope
This document specifies the classification, structural security requirements, module security requirements, network access security requirements, operation requirements, etc. of bank self-service equipment.
System security requirements, application system security requirements and data security requirements describe the test methods and establish inspection rules.
This document applies to the design, manufacture and inspection of bank self-service equipment.
2 Normative references
The contents of the following documents constitute the essential clauses of this document through normative references in this document.
For referenced documents without a date, only the version corresponding to that date applies to this document; for referenced documents without a date, the latest version (including all amendments) applies to
This document.
GB 10409 Anti-theft safe (box)
GB/T 18789.1-2013 Information Technology General Specification for Automatic Teller Machines Part 1.Equipment
GB/T 18789.2-2016 Information Technology General Specification for Automatic Teller Machines Part 2.Security
GB/T 19584 Bank card magnetic stripe information format and usage specifications
GB 40560 Technical Specification for RMB Cash Machine Authentication Capability
GA 38-2021 Bank Security Requirements
GA 374-2019 Electronic anti-theft locks
GM/T 0028 Technical requirements for cryptographic module security
JR/T 0002-2016 Technical Specification for Bank Card Automated Teller Machine (ATM) Terminals
JR/T 0025.3 China Financial Integrated Circuit (IC) Card Specification Part 3.Application-independent IC Card and Terminal Interface Specification
JR/T 0025.8 China Financial Integrated Circuit (IC) Card Specification Part 8.Application-independent Contactless Specification
JR/T 0120.5-2016 Bank Card Acceptance Terminal Security Specification Part 5.PIN Entry Device
JR/T 0187-2020 Technical Specification for Bank Non-cash Self-service Terminal Equipment
3 Terms, definitions and abbreviations
3.1 Terms and Definitions
The terms and definitions defined in GB/T 18789.1-2013, GB/T 18789.2-2016, GA 38-2021 and the following terms and definitions apply to this standard.
document.
3.1.1
Self-service bank device
The bank provides customers with a platform to complete one or more financial services such as deposit, withdrawal, transfer, payment, account opening, appointment, information inquiry, etc.
Special equipment.
[Source. GA 38-2021, 3.3, with modifications]
3.1.2
Front-end processing system
The bank's self-service equipment establishes a communication connection with the management center, which can receive, process or forward the transaction request information of the equipment and send it to the equipment.
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GA/T 1280-2024_English be delivered?Answer: Upon your order, we will start to translate GA/T 1280-2024_English as soon as possible, and keep you informed of the progress. The lead time is typically 2 ~ 4 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of GA/T 1280-2024_English with my colleagues?Answer: Yes. The purchased PDF of GA/T 1280-2024_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. Question 5: Should I purchase the latest version GA/T 1280-2024?Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GA/T 1280-2024 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically.
|