HOME   Cart(0)   Quotation   About-Us Tax PDFs Standard-List Powered by Google www.ChineseStandard.net Database: 189759 (1 Dec 2024)

GA 1280-2015 PDF in English


GA 1280-2015 (GA1280-2015) PDF English
Standard IDContents [version]USDSTEP2[PDF] delivered inName of Chinese StandardStatus
GA 1280-2015English150 Add to Cart 0-9 seconds. Auto-delivery. Security requirements for automatic teller machines Valid
Standards related to (historical): GA 1280-2015
PDF Preview

GA 1280-2015: PDF in English

GA 1280-2015 GA PUBLIC SECURITY INDUSTRY STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA Security requirements for automatic teller machines ISSUED ON. OCTOBER 28, 2015 IMPLEMENTED ON. JANUARY 01, 2016 Issued by. Ministry of Public Security of PRC Table of contents Foreword ... 3  1 Scope ... 4  2 Normative references ... 4  3 Terms, definitions and abbreviations ... 5  4 General requirements ... 7  5 Hardware module security requirements ... 8  6 Network access security requirements ... 10  7 Operating system security requirements ... 11  8 Application system security requirements ... 13  9 Data security requirements ... 14  10 Test methods ... 15  11 Inspection rules ... 24  Foreword Chapter 1 to Chapter 3 of this Standard, 4.4, 4.5, 4.10, 5.1.3, 5.2.6, 5.4.3, 5.5.3, 7.1.7, and Chapter 10 are recommended, AND the remainder are mandatory. This standard was drafted in accordance with the rules given in GB/T 1.1-2009. This standard was proposed by the Public Security Administration Bureau of the Ministry of Public Security. This standard shall be under the jurisdiction of the National Security Alarm System Standardization Technical Committee (SAC/TC 100). The drafting organizations of this standard. Public Security Administration Bureau of the Ministry of Public Security, the CBRC Security Bureau, GRG Banking Financial Electronics Co., Ltd., Beijing Telesound Electronics Co., Ltd., Eastern Communications Co., Ltd., Security and Police Electronic Product Quality Detection Center of the Ministry of Public Security, Industrial and Commercial Bank of China, Agricultural Bank of China, Bank of China, China Construction Bank. The drafters of this standard are. Liu Wei, Yuan He, Yang Jianhua, Ren Ji, Xie Huachun, Bian Sanping, Wang Jianli, Liu Xu, Xing Weidong, Bao Shilong, Qiu Rixiang, Zhang Hongbin, Luo Panfeng, Xu Jun, Nie Rong, Ji Jinglin, Ye Zaiben. Security requirements for automatic teller machines 1 Scope This standard specifies the general requirements, the hardware modules, network access, operating systems, application systems and data security requirements, test methods and inspection rules of the automatic teller machine. This standard applies to the design, production, inspection and acceptance of automatic teller machine security. 2 Normative references The following documents are essential to the application of this document. For the dated documents, only the versions with the dates indicated are applicable to this document; for the undated documents, only the latest version (including all the amendments) are applicable to this Standard. GB10409 Burglary resistant safes GB/T 18789.1-2013 Information technology - General specification for automated teller machine - Part 1. Device GB/T 19584 Magnetic stripe data content and specification for bank card GA 745 Regulations of security and protection for bank self-service equipment and self-service bank JR/T 0002-2009 Specification on automatic teller machine (ATM) terminal for bank card JR/T 0025.3 China financial integrated circuit (IC) card specifications - Part 3. Debit/credit application independent ICC to terminal interface requirements JR/T 0025.11 China financial integrated circuit (IC) card specifications - Part 11. Contactless integrated circuit card communication specification 3 Terms, definitions and abbreviations 3.1 Terms and definitions The following terms and definitions apply to this document. 3.1.1 Automatic teller machine It refers to the self-service equipment, which integrates a variety of different financial business functions, through which customers can finish the bank counter services such as deposit, withdrawal, transfer, information inquiry and other agency business, including automatic teller machine AND cash recycling system. 3.1.2 Automatic teller machine control software It refers to the control system software running at the automatic teller machine terminal equipment at the bottom of the terminal trading channel, through which the ATM components can be controlled. It is mainly used to provide customers and ATM equipment administrator with a variety of transaction and management interface, AND realizes certain functions together with the ATM front-end processing system through message exchange. 3.1.3 Automatic teller machine front-end processing system It refers to, in case of dealing with online transactions, the processing system that is responsible for the communication between the ATM terminal and the ATM management center, which can receive, process and forward the transaction request information from the ATM terminal and the transaction result information from the management center. 3.1.4 Message It refers to the data unit used for exchanging and transmission in the network. 3.1.5 4.6 Different ATM cabinet doors shall not use the same key, AND the different cabinet doors of the same ATM shall not use the same key. 4.7 ATM cabinet inside shall reserve the installation openings for the face surveillance camera and the cash deposit and withdrawal surveillance camera. 4.8 The surveillance cameras installed in ATM shall comply with the relevant requirements of GA 745. 4.9 ATM cabinet enclosure shall be made of steel plate of thickness greater than or equal to 1 mm. 4.10 ATM should support the national commercial password series algorithm. 4.11 ATM shall have the function of outputting the status information such as working normal and fault. 4.12 ATM with a cabinet door shall be installed with alarm detection device, to detect and alarm the abnormal door opening and closing. When the safe lock is opened, the ATM shall not enter service mode. 4.13 The card mouth shall have the function of preventing from illegal installation of reading device, detecting the illegal installation of reading device, AND issuing alarm. 5 Hardware module security requirements 5.1 Card reader module 5.1.1 The card reader module shall have the function of returning card in case of power failure. 5.1.2 Contact card reader module shall have the card retention function, during which it shall produce a fault signal. 5.1.3 Contact card reader module should have the jitter card feeding function. 5.1.4 Contact IC card reader module shall comply with the relevant provisions of JR/T 0025.3, the contactless IC card reader module shall comply with the relevant provisions of JR/T 0025.11, AND the magnetic stripe card reader module shall comply with the relevant provisions of GB/T 19584. 5.2 Cash dispense module 5.2.1 It shall have the function of rejecting unauthorized instructions. 5.5.1 The anti-destructive capacity of the safe shall comply with the requirements of C.3 in Appendix C of GB/T 18789.1-2013. The safe door shall have safety locking device, AND the number of such safety locking devices and the safety locking directions shall be not less than 2. The other requirements of the safe shall comply with the relevant provisions of GB 10409. 5.5.2 The safe shall have a device and fittings fixed to the ground, AND the fixation and connection devices shall be not less than 4, with the diameter of the fittings greater than or equal to 12 mm. 5.5.3 The safe should be added with dynamic electronic password lock. 5.5.4 The inside of the safe door shall be installed with temperature sensor, to conduct detection and alarming for the conditions when the temperature is greater than or equal to 70 °C. 5.6 Encrypting PIN pad module Encrypting PIN pad module shall simultaneously comply with the PCI-EPP requirements AND the China UnionPay card acceptance terminal PIN input device safety assessment requirements. 6 Network access security requirements 6.1 Access control 6.1.1 When ATMC registers for the first time, it shall provide identity validity verification information to ATMP. 6.1.2 ATM shall have a network access control mechanism, AND conduct identity validity verification of the terminal devices accessing the ATM through network. 6.2 Intrusion prevention ATM shall have intrusion prevention mechanism. In case of detecting the network attack, it shall record the attack address, time, type and other information, AND take the initiative to prevent transactions and other means of protection. 6.3 Transmission security The communication data transmission security from ATMC to ATMP shall comply with the following requirements. 7.3.2 Remote login control It shall turn off the operating system remote login service. 7.3.3 Password policy 7.3.3.1 It shall set a unique initial password for each user, AND prompt the user to change it after first use. It shall authenticate the user identity before performing a password reset. 7.3.3.2 It shall have a policy mechanism for the maximum service life of the set password. 7.3.3.3 It shall have a policy mechanism for the controlling of password complexity requirements, includin... ......
Source: Above contents are excerpted from the PDF -- translated/reviewed by: www.chinesestandard.net / Wayne Zheng et al.