- a generic model for the design of the security policy,
- a minimum set of security requirements,
- recommended cryptographic protocols and mechanisms for mobile device authentication, financial message secure exchange and external authentication, including the following:
- interoperability issues for the secure certification of MFS,
- recommendations for the protection of sensitive data,
- guidelines for the implementation of national laws and regulations (e.g. anti-money laundering and combating the funding of terrorism (AML/CFT), and
- security management considerations.
In order to avoid the duplication of standardization work already performed by other organizations, this document will reference other International Standards as required. In this respect, users of this document are directed to materials developed and published by ISO/TC 68/SC 2 and ISO/IEC JTC 1/SC 27.