...

SC2年次総会 ベルリン

by user

on
Category: Documents
15

views

Report

Comments

Transcript

SC2年次総会 ベルリン
20 ᐕ 10 ᦬ 16 ᣣ
ᣣ ᧄ ㌁ ⴕ
㊄Ⲣ⎇ⓥᚲ
࿖㓙ᮡḰൻᯏ᭴࡮㊄Ⲣኾ㐷ᆔຬળ࠮ࠠࡘ࡝࠹ࠖಽ⑼ᆔຬળ
ISO/TC68/SC2 ᐕᰴ✚ળߩᮨ᭽
࿖㓙ᮡḰൻᯏ᭴㧔ISO㧕㊄Ⲣኾ㐷ᆔຬળ㧔TC68㧕ߪ‫ޔ‬㊄Ⲣᬺ⇇ߢ೑↪ߐࠇࠆ
ᖱႎㅢାᛛⴚߦ㑐ߔࠆ࿖㓙ᮡḰࠍ╷ቯߔࠆᆔຬળߢ޽ࠅ‫ߩߘޔ‬㈩ਅߦߪ 3 ߟߩ
ಽ⑼ᆔຬળ1ߣ‫ޔ‬ISO 20022 RMG‫߇ޔ‬ሽ࿷ߔࠆ‫ޕ‬SC2 ߪ࠮ࠠࡘ࡝࠹ࠖಽ㊁ࠍᜂ
ᒰߔࠆಽ⑼ᆔຬળߢ޽ࠆ‫ޕ‬
ᧄᐕ 9 ᦬ 10‫ޔ‬11 ᣣߩਔᣣ‫࡮࠷ࠗ࠼ޔ‬Berlin ߩ࠼ࠗ࠷㌁ⴕදળ
㧔Bundesverband
deutscher Banken㧕ᧄㇱߦ߅޿ߡ SC2 ᐕᰴ✚ળ㧔╙ 27 ࿁㧕߇ⴕࠊࠇ‫ᧄޔ‬㇌߆
ࠄߪᣣᧄ㌁ⴕ㊄Ⲣ⎇ⓥᚲߩጊ↰߇ෳടߒߚ‫ޕ‬એਅ‫ޔ‬ળ⼏ߩࡐࠗࡦ࠻╬ࠍ◲නߦ
⚫੺ߔࠆ㧔ࠕࠫࠚࡦ࠳ߪ೎ᷝ㧝‫ޔ‬᳿⼏ߪ೎ᷝ㧞ࠍߘࠇߙࠇෳᾖ㧕
‫ޕ‬
ᧄႎ๔ࠍⷐ⚂ߔࠆߣએਅߩ 2 ὐߣߥࠆ‫ޕ‬
Ԙ TC68 ߣ࡝ࠛ࠱ࡦ㑐ଥߦ޽ࠆ ISO/IEC JTC1/SC27㧔એਅ‫ޔ‬SC27㧕ߢߪ‫ޔ‬㊄Ⲣ
߿ක≮ߥߤߩ․ቯᬺ⇇ߩᖱႎࠪࠬ࠹ࡓࠍ critical infrastructure ߣ૏⟎ઃߌ‫ޔ‬᳢
ᬺ⇇⊛ߥ౒ㅢ㗔ၞߩ਄ߦ‫ޔ‬ᬺ⇇࿕᦭ߩ࠮ࠠࡘ࡝࠹ࠖⷐઙࠍ “add-on”ߒࠃ߁ߣ
ߔࠆേ߈߇⴫㕙ൻߒߡ޿ࠆ‫ߦࠇߎޕ‬ኻߒߡߪ‫ߢ߹ࠇߎޔ‬㊄Ⲣᬺ⇇ߩᖱႎ࠮ࠠ
ࡘ࡝࠹ࠖߩᮡḰൻ૞ᬺࠍᜂߞߡ߈ߚ TC68/SC2 ஥߇෻⊒‫੹ޔ‬࿁ߩળวߢߪ
TC68/SC2 ߣ SC27 ߩ૞ᬺಽᜂࠍౣ⏕⹺ߔࠆᣦߩ᳿⼏߇ណᛯߐࠇߚ‫ޕ‬
ԙ ⋡ਅ‫ޔ‬TC68 ⋥ਅߩ RMG ߩ▤ℂਅߢᮡḰൻ૞ᬺ߇ㅴ߼ࠄࠇߡ޿ࠆ ISO20022
ߦ߅޿ߡ‫੹ޔ‬ᓟ‫ⷐࠖ࠹࡝ࡘࠠ࠮ޔ‬ઙߦߟ޿ߡ߽ขࠅ਄ߍࠄࠇߡ޿ߊ⷗ㅢߒߦ
޽ࠆߎߣ߆ࠄ‫ޔ‬RMG ߦኻߒߡ‫̌߫߃଀ޔ‬security SEG̍ߥߤࠍᣂ⸳ߩ߁߃ SC2
ߣߩㅪ៤ࠍᒝൻߔࠆࠃ߁௛߈߆ߌߡ޿ߊᣦߩ᳿⼏߇ណᛯߐࠇߚ‫ޕ‬
1
2
3
࠮ࠠࡘ࡝࠹ࠖಽ⑼ᆔຬળ㧔SC2㧕‫⸽ޔ‬೛߅ࠃ߮㑐ㅪ㊄Ⲣ໡ຠߦ㑐ߔࠆಽ⑼ᆔຬળ㧔SC4㧕‫ޔ‬
ࠦࠕ࡮ࡃࡦࠠࡦࠣಽ⑼ᆔຬળ㧔SC7㧕㧔એਅ‫ ࠇߙࠇߘޔ‬SC2‫ޔ‬SC4‫ޔ‬SC7 ߣ⇛⸥‫ޕ‬㧕‫ޕ‬
ISO 20022 ߣߪ‫ޔ‬㌁ⴕᬺോ࡮⸽೛ᬺോਔಽ㊁ߢ೑↪ߐࠇࠆㅢାࡔ࠶࠮࡯ࠫߦ㑐ߔࠆᣂߒ޿
࿖㓙ᮡḰ‫ޕ‬೎ฬ UNIFI㧔Universal Financial Industry Message Scheme‫ࠗࠔࡈ࠾࡙ޔ‬㧕ߣ߽๭
߫ࠇࠆ‫ޕ‬
RMG ߣߪ⊓㍳▤ℂࠣ࡞࡯ࡊ㧔Registration Management Group㧕ߩ⇛‫ޕ‬ISO 20022 ో૕ߦ㑐
ߔࠆᗧᕁ᳿ቯᯏ㑐ߣ޿ߞߚᕈᩰࠍ߽ߟߣߣ߽ߦ‫ޔ‬஺ਅߩᮡḰൻ⹏ଔࠣ࡞࡯ࡊ㧔Standards
Evaluation Groups‫ޔ‬SEGs㧕ߩછ๮࡮ᚲ᝿▸࿐ߩ⏕ቯ‫⊓ޔ‬㍳ᯏ㑐㧔Registration Authority‫ޔ‬RA㧕
߅ࠃ߮ฦ SEGs ߩᵴേߩ⋙ⷞ╬‫⊓ޔ‬㍳ᚻ⛯ో⥸ࠍ▤ℂߔࠆᓎഀࠍᜂ߁⚵❱ߢ޽ࠆ㧔એਅ‫ޔ‬
RMG ߣ⇛⸥‫ޕ‬㧕‫ޕ‬
2
㧝㧚ෳട⠪࡮ෳട࿖
੹࿁ߩળวߢߪ‫଀߷߶ޔ‬ᐕਗߺߣߥࠆ 2 ࡔࡦࡃ࡯ ߆࿖‫ޔ‬ว⸘ ฬ㧔࡝ࠛ࠱
ࡦࠍ฽߻㧕߇ෳടߒߚ㧔ਅ⴫ෳᾖ㧕‫ޕ‬
P-MEMBER COUNTRY
NAME
ENTITY
FRANCE
Jean-Louis Barbut
GSIT
GERMANY
Waldemar Grudzien Bundesverband deutscher Banken
JAPAN
Takahito Yamada
Bank of Japan
Lucy Jkonya
Kenya Bureau of Standards
KENYA
James Nduati
Kenya Accountants and
Secretaries National Examinations
NETHERLANDS
Joop Zomer
ABN amro
UNITED KINGDOM
Gerry Granger
RBS
USA
Richard Sweeney
VISA
LIAISON MEMBERS
MasterCard
Michael Ward
MasterCard
SWIFT
Frank Vandamme
SWIFT
PERSONNEL
Cindy Fuller
ASC X9
TC68 Secretariat
Janet Busch
ASC X9
SC2 Chair
Mark Lundin
KPMG
WG13 Chair
John Sheets
VWS
WG14 Chair
Ed Scheidt
TECSEC
ISO Central Secretariat Atsuko Saruhashi
ISO Central Secretariat
㧞㧚ᣣᧄ߆ࠄߩႎ๔
ࡔࡦࡃ࡯߆ࠄߩႎ๔࠮࠶࡚ࠪࡦߢߪ‫ޔ‬ฦ࿖ߦ߅ߌࠆᖱႎ࠮ࠠࡘ࡝࠹ࠖ㑐ㅪߩ
ᮡḰൻᵴേ╬ߩㄭᴫߦߟ޿ߡ‫ޔ‬ႎ๔߇ⴕࠊࠇߚ‫ޕ‬ᣣᧄ߆ࠄߪ‫ޔ‬೎ᷝ 3 ߩ National
Report ߦၮߠ߈‫ޔ‬એਅߩ 2 ὐࠍ⺑᣿ߒߚ‫ޕ‬
㩷
ᣣᧄߩ㌁ⴕᬺ⇇ߢߪ‫ ߿࠼࡯ࠞࡘࠪ࠶ࡖࠠޔ‬#6/‫ࡘࠠ࠮ߩࠣࡦࠠࡦࡃ࡮࠻࠶ࡀ࡯࠲ࡦࠗޔ‬
࡝࠹ࠖߩ㜞ᐲൻ߇ఝవ⺖㗴ߣߒߡ૏⟎ઃߌࠄࠇߡ޿ࠆ‫ޕ‬㊄Ⲣᐡ߇ᧄᐕ ᦬ߦታᣉߒߚࠕࡦ
ࠤ࡯࠻⺞ᩏߦࠃࠆߣ‫ ߩ࠼࡯ࠞࡘࠪ࠶ࡖࠠޔ‬+% ࠞ࡯࠼ൻ߿‫ޔ‬#6/ ߢߩ↢૕⹺⸽ߥߤߩታⵝ
߇᜛߇ࠅࠍ⷗ߖߡ߅ࠅ‫ో߷߶ޔ߽ߡ޿ߟߦࠣࡦࠠࡦࡃ࡮࠻࠶ࡀ࡯࠲ࡦࠗޔ‬వ߇ ࡈࠔࠢ࠲
࡯⹺⸽ߩዉ౉ࠍᷣ߹ߖࠆਛ‫৻ޔ‬ㇱߢࡄࠬࡢ࡯࠼↢ᚑ࠻࡯ࠢࡦߦࠃࠆࡢࡦ࠲ࠗࡓ࡮ࡄࠬࡢ࡯
࠼ߩታⵝ߇᥉෸ߒߟߟ޽ࠆ‫ޕ‬
4
5
P ࡔࡦࡃ࡯ߣߪ‫ޔ‬ᛩ␿ᮭࠍ᦭ߔࠆෳട࿖㧔Participating Member Country㧕ࠍᜰߒ‫⃻ޔ‬
࿷ 15 ߆࿖ሽ࿷ߔࠆ‫ࠇߘޕ‬એᄖߦ‫ޔ‬࿖㓙⊛ߥ⚵❱߇ᛩ␿ᮭߩߥ޿࡝ࠛ࠱ࡦ㧔Liaison
Member㧕ߣߒߡෳടߒߡ޿ࠆ‫ࡃ࡯ࠩࡉࠝޔߚ߹ޕ‬ෳട⾗ᩰߩߺ߇⹺߼ࠄࠇߚ O ࡔࡦࡃ࡯
㧔Observer Member Country㧕߽ 20 ߆࿖ሽ࿷ߔࠆ‫ޕ‬
ߎߩ߶߆‫ ߩࡦ࠺࡯ࠚ࠙ࠬޔ‬Bjoerkander ᅚผ㧔SIS㧕ߪ∛ᰳߒߚ߇‫ޔ‬National Report ߪᦠ㕙
ߢឭ಴‫ޔߚ߹ޕ‬JTC1/SC27 ߆ࠄ de Soete ೽⼏㐳߶߆ 2 ฬ߇ 2 ᣣ⋡ߩߺ࡝ࠛ࠱ࡦෳട‫ޕ‬
3
వߦႎ๔ߩ޽ߞߚ࠼ࠗ࠷㧔ᓟㅀ㧕ߥߤߣ⇣ߥࠅ‫ߩࠄࠇߎޔ‬ዉ౉ߦߟ޿ߡߪ‫ޔ‬୘೎ⴕߩ⚻
༡್ᢿߦᆔߨࠄࠇߡ߅ࠅ‫ߪࠬࡦ࠲ࠬߩߘޔ‬඙‫ޕࠆ޽ߢޘ‬ᐘ޿‫ޔ‬னㅧࠞ࡯࠼߿ RJKUJKPI ߦ
ࠃࠆ‽⟋ߩ⊒↢₸߇‫ࠆ޽ߟߟ߈⌕ߜ⪭ޔ⸵⿷ޔ‬ਛ‫ޔ‬+&VJGHV ߥߤߩ໧㗴᰷߽☨߶ߤᷓೞ
ൻߒߡ޿ߥ޿ߎߣ߽޽ߞߡ‫ߚߒ߁ߎޔ‬ታⵝ߇੹ᓟ‫ޔ‬ᕆㅦߦ᥉෸ߒߡ޿ߊߎߣߪߥ޿߽ߩߩ‫ޔ‬
ਛ㨪ਅ૏ᬺᘒ߳ߣ⌕ታߦ⵿㊁ࠍᐢߍߡ޿ߊ߽ߩߣᕁࠊࠇࠆ‫ޕ‬
ᧄᐕ ᦬ߦᖱႎ࠮ࠠࡘ࡝࠹ࠖ᡽╷ળ⼏߆ࠄ౏⴫ߐࠇߚᥧภࠕ࡞ࠧ࡝࠭ࡓߩ⒖ⴕᜰ㊎ߦ
ࠃࠅ‫ޔ‬᡽ᐭㇱ㐷ߦ߅ߌࠆᥧภࠕ࡞ࠧ࡝࠭ࡓߩᦝᣂ㧔2-+㧦5*#45#ψ5*#45#
╬㧕ߦะߌߚᦼ㒢㧔 ᐕ ᦬ᧃ㧕߇࠮࠶࠻ߐࠇߚ⚿ᨐ‫੹ޔ‬ᓟ‫ޔ‬ᐢߊ᳃㑆ㇱ㐷ߦ߽ᓇ㗀
ࠍਈ߃ߡ޿ߊ߽ߩߣ⠨߃ࠄࠇࠆ‫ᧄޔ߅ߥޕ‬⒖ⴕᜰ㊎ߦ߅޿ߡ‫ᦝޔ৻ਁޔ‬ᣂ߇㑆ߦวࠊߕ‫ޔ‬
⃻ⴕታⵝߦࠃࠆ቟ోᕈૐਅߩᓇ㗀߇㗼⃻ൻߒߚ႐วߦ஻߃ߡ‫ޔ‬$%2 ⊛ߥភ⟎߽ᗐቯߐࠇߡ
޿ࠆὐ߇‫ߩ࡯ࡃࡦࡔޔ‬㑐ᔃࠍ㓸߼ߚ‫ޕ‬
㧟㧚ઁߩࡔࡦࡃ࡯࿖߆ࠄߩႎ๔
ઁߩࡔࡦࡃ࡯߆ࠄߩႎ๔ߦ߅ߌࠆࡐࠗࡦ࠻ࠍ⚫੺ߔࠆߣએਅߩߣ߅ࠅ‫ޕ‬
☨࿖
1. ੹⥸‫⹊࠼࡯ࠞޔ‬᱂߿ࡂ࠶ࠠࡦࠣߥߤࠍኻ⽎ߣߔࠆࠞ࡯࠼ᬺ⇇ะߌߩ࠺࡯࠲࠮ࠠࡘ࡝࠹ࠖ
ᮡḰ㧔PCI-DSS㧕7߇ᦝᣂߐࠇߚ‫ޔ߽ߣߞ߽ޕ‬ౝኈ⊛ߦߪ‫ࠬ࡟ࡗࠗࡢޔ‬ㅢାߩᮡḰ઀᭽߆ࠄ
WEP ࠍ೥㒰ߔࠆߥߤߩシᓸߥࡔࡦ࠹ߦᱛ߹ߞߚ‫ޔߚ߹ޕ‬ᒁ⛯߈ PCI-DSS ߪ࿖㓙ࠞ࡯࠼ࡉ
࡜ࡦ࠼ౝㇱߩᮡḰߣ޿߁૏⟎ઃߌߦᱛ߹ࠅ‫ޔ‬ANSI㧔☨࿖ౝᮡḰ㧕߿ ISO ᮡḰ߳ߣ᣹⪇ߐ
ߖߡ޿ߊേ߈ߦߪߥ޿‫ޕ‬
2. ৻ᣇ‫ޔ‬X9 ߢߪ‫ޔ‬POS ߿ ATM ߣ޿ߞߚ㊄Ⲣᬺะߌߩࠕࠗ࠹ࡓߛߌߢߥߊ‫ࠬ࡟ࡗࠗࡢޔ‬ㅢ
ାߩ࠮ࠠࡘ࡝࠹ࠖߥߤ᳢ᬺ⇇⊛ߦ↪޿ࠄࠇࠆታⵝߦߟ޿ߡ߽‫ޔ‬㊄Ⲣᬺ߳ߩㆡ↪ߩዪ㕙ࠍᔨ
㗡ߦ߅߈ߟߟ‫ޔ‬ᮡḰൻ૞ᬺࠍㅴ߼ߡ޿ࠆ‫ޕ‬
3. ↢૕⹺⸽ߩ࠮ࠠࡘ࡝࠹ࠖߦ㑐ߔࠆࡈ࡟࡯ࡓࡢ࡯ࠢߢ޽ࠆ ISO19092-1 ߪ‫ޔ‬ర᧪‫☨ޔ‬࿖ߩ࿖
ౝၮḰ㧔ANS X9.84㧕ߩ࿖㓙ᮡḰൻࠍ↹╷ߒߚ߽ߩߩ‫ޔ‬2 ࡄ࡯࠻ߩ৻ᣇ߇ਇᚑ┙ߣߥߞߚ
ߎߣ߆ࠄ‫☨ޔ‬࿖ߣߒߡߪ࿖ౝߢߪਇណᛯࠍ᳿ቯߒߚ߽ߩߢ޽ࠆ‫⃻ޕ‬࿷‫ޔ‬ISO ߳ߩౣឭ಴
㧔resubmit㧕ࠍ߽ዷᦸߒߟߟ‫ޔ‬ANS X9.84 ߩᦝᣂ࡮ᡷቯ૞ᬺߦ⌕ᚻਛ‫ᧄޕ‬૞ᬺߢߪ‫ޔ‬ขࠅ
➙߼ࠍⴕ߁ Wells Fargo ߆ࠄߩឭ᩺ࠍ〯߹߃ߡ‫ޔ‬ISO19092-1 ߢߪᔅߕߒ߽චಽߦ✂⟜ߐࠇ
ߡ޿ߥ޿ᦨᣂߩ↢૕⹺⸽ߩᚻᴺࠍ⚵ߺㄟ߻ᣇ㊎ߢ޽ࠆ‫ޕ‬
6
7
ᧄᐕ 4 ᦬ 22 ᣣઃᖱႎ࠮ࠠࡘ࡝࠹ࠖ᡽╷ળ⼏᳿ቯ‫ޟ‬᡽ᐭᯏ㑐ߩᖱႎࠪࠬ࠹ࡓߦ߅޿ߡ૶↪
ߐࠇߡ޿ࠆᥧภࠕ࡞ࠧ࡝࠭ࡓ SHA-1 ෸߮ RSA1024 ߦଥࠆ⒖ⴕᜰ㊎‫ޕޠ‬
Payment Card Industry Data Security Standards‫ޕ‬ട⋖ᐫ‫ޔ‬᳿ᷣઍⴕ੐ᬺ⠪ߩขࠅᛒ߁
ࠞ࡯࠼ળຬߩࠢ࡟ࠫ࠶࠻ࠞ࡯࠼ᖱႎ‫ޔ‬ขᒁᖱႎࠍ቟ోߦ቞ࠆߚ߼ߦ‫ޔ‬࿖㓙ࠞ࡯࠼ࡉ࡜ࡦ࠼
5 ␠㧔Amex‫ޔ‬Discover‫ޔ‬JCB‫ޔ‬MasterCard‫ޔ‬VISA㧕߇౒หߢ╷ቯߒߚࠢ࡟ࠫ࠶࠻ᬺ⇇
ߦ߅ߌࠆࠣࡠ࡯ࡃ࡞ߥ࠮ࠠࡘ࡝࠹ࠖၮḰࠍᜰߔ‫ޕ‬
4
⧷࿖
1. ࠗࡦ࠲࡯ࡀ࠶࠻߿៤Ꮺ㔚⹤ࠍ↪޿ߚහᤨߩㅍ㊄ߥߤ߇น⢻ߣߥࠆ࡝࠹࡯࡞ะߌ㔚ሶ᳿ᷣ
ࡊ࡜࠶࠻ࡈࠜ࡯ࡓ̌Faster Payments̍߇ᧄᐕ 5 ᦬ߦⒿ௛㐿ᆎߒߚ‫੹ޕ‬ᓟ‫ޔ‬ડᬺㇱ㐷ߩ࠳ࠗ
࡟ࠢ࠻࡮ࠕࠢ࠮ࠬࠍน⢻ߣߔࠆࡈࠚ࡯࠭ 2 ߩ㐿⊒߽ㅴࠎߢ߅ࠅ‫⋡ޔ‬ਅ‫࠻ࠬ࠹ޔ‬Ꮏ⒟ߦ޽ࠆ‫ޕ‬
2. EU ၞౝߦߪ‫࠼࡯ࠞޔ‬ะߌ࠮ࠠࡘ࡝࠹ࠖⷐઙ߿ขᛒ੐ᬺ⠪ߩ⹺ቯ೙ᐲࠍᮡḰൻߒߚᨒ⚵ߺ
㧔Common Approval Scheme‫ޔ‬CAS㧕߇޽ࠆ‫⧷ޕ‬࿖ߢߪ‫ޔ‬᳃㑆᳿ᷣࠪࠬ࠹ࡓࠍㆇ༡ߔࠆ APACS
߇ߎߩᨒ⚵ߺߩታᣉਥ૕ߣߥࠅ‫ޔ‬POS ↪ߩࠞ࡯࠼࡝࡯࠳࡯߿ PIN ౉ജࡄ࠶࠼ߩ࠮ࠠࡘ࡝
࠹ࠖߦ߆߆ࠆᮡḰൻ㧔PCI POS PED 2.0 Ḱ᜚㧕߿‫ޔ‬PIN ᖱႎࠍ቟ోߦ૞ᚑ࡮ㅍઃߔࠆߚ߼
ߩⷙ⚂߅ࠃ߮ขᛒ੐ᬺ⠪ߩ⹺ቯᚻ⛯ߩ╷ቯߥߤࠍㅴ߼ߡ޿ࠆ‫ޕ‬
3. ㄭᐕ‫ࠢ࡜ࠗޔ‬໧㗴ߥߤߦ㑐ߔࠆ᡽ᐭ߆ࠄߩᯏኒᢥᦠߩṳᵨ੐ઙ߇⋧ᰴߋਛ‫ޔ‬᡿ᗧ߹ߚߪ
㊀ㆊᄬߦࠃࠆᖱႎṳᵨⴕὑߘߩ߽ߩࠍ⟏ߔࠆߚ߼ߩೃ੐┙ᴺߦะߌߚേ߈߽಴ᆎ߼ߡ޿
ࠆ‫ޕ‬㊄Ⲣᬺ⇇߽ᖱႎṳᵨ࡝ࠬࠢߦߪᢅᗵߦߥߞߡ߅ࠅ‫ޔ‬ᣂߚߥ࡞࡯࡞߿ᚻ⛯ߩዉ౉ࠍᬌ⸛
ߒߟߟ޽ࠆ‫ޕ‬
࠼ࠗ࠷
1. ࠼ࠗ࠷ߢߪ‫ޔ‬ㅪ㇌ IT ࠮ࠠࡘ࡝࠹ࠖᐡ㧔Bundesamt für Sicherheit in der Informationstechnik㧕
߇‫ޔ‬ᥧภࠕ࡞ࠧ࡝࠭ࡓߩ࿖ౝᮡḰߦߟ޿ߡ‫౒ޔ‬ㅢ㎛ࠍ㧔2key㧕3-DES ߆ࠄ AES ߳‫౏ޔ‬㐿
㎛ࠍ SHA-1/RSA1280 ߆ࠄ SHA-256/RSA1976 ߳ߣ⒖ⴕߔࠆߎߣࠍ᳿ቯᷣߺ‫ޔߒߛߚޕ‬⒖ⴕ
ᦼ㒢ߦߟ޿ߡߪ⋡ਅ⺞ᢛਛߢ‫ޔ‬㊄Ⲣᬺ⇇ߣߒߡߪ 2009 ᐕᄩ޽ߚࠅߦߪ࿕߼ߚ޿ߣߩࠬ࠲
ࡦࠬߦ޽ࠆ‫ޕ‬
2. ࠗࡦ࠲࡯ࡀ࠶࠻࡮ࡃࡦࠠࡦࠣߦ↪޿ࠆࡢࡦ࠲ࠗࡓ࡮ࡄࠬࡢ࡯࠼ߩᩴᢙࠍჇ߿ߔߴߊ‫ޔ‬㌁
ⴕදળࠍਛᔃߦ‫ޔ‬ᣂࠪࠬ࠹ࡓߩዉ౉ߦߟ޿ߡᬌ⸛ਛ‫↢࠼࡯ࡢࠬࡄޔߪࠇߎޕ‬ᚑᯏߦ߅ߌࠆ
ࠕ࡞ࠧ࡝࠭ࡓߩࠕ࠶ࡊࠣ࡟࡯࠼ߦะߌߚ‫ޔ‬਄ㅀㅪ㇌ IT ࠮ࠠࡘ࡝࠹ࠖᐡ߆ࠄߩⷐ⺧ࠍ〯߹
߃ߚ߽ߩߢ߽޽ࠆ‫ޕ‬
3. ߎߩࠃ߁ߦ‫ޔߪߢ࠷ࠗ࠼ޔ‬ㅪ㇌ IT ࠮ࠠࡘ࡝࠹ࠖᐡ߇‫࡯࠲ࠢ࠮⊛౏ޔ‬㧔ㅪ㇌/Ꮊ᡽ᐭ‫ޔ‬Ꮢ
↸᧛㧕ߛߌߢߥߊ‫ޔ‬᳃㑆ㇱ㐷㧔ડᬺ‫ޔ‬ኅ⸘㧕ߩ↪޿ࠆ IT ߦ߆߆ࠆ࠮ࠠࡘ࡝࠹ࠖߩ࿖ౝᮡ
Ḱൻ߽ᜂߞߡ޿ࠆ‫ޕ‬ㅪ㇌ IT ࠮ࠠࡘ࡝࠹ࠖᐡߢߪ‫ޔ‬
ㅪ㇌ౝോ⋭㧔Bundesministerium des Innern㧕
ߣ⺞ᢛߩ߁߃‫ߢࡦ࠙࠳ࡊ࠶࠻ޔ‬ᮡḰൻࠍ᳿ቯߒ‫ޔ‬᳢↥ᬺ⊛ߦዷ㐿ߐࠇࠆߎߣ߆ࠄ‫ઁޔ‬࿖ߣ
Ყߴࠆߣ implementation ߇ㄦㅦߢ޽ࠆ৻ᣇ‫ߩઁޔ‬࿖㓙ᮡḰߣߩᐔ੶ࠍߣࠆߚ߼ߩ⺞ᢛ⽶ᜂ
߿ࠦࠬ࠻㕙ߢߩ⺖㗴߽ᄙ޿‫ޕ‬ታ㓙‫࠷ࠗ࠼ޔ‬㌁ⴕදળߢߪ‫ࠖ࠹࡝ࡘࠠ࠮ߩࠄࠇߎޔ‬ᮡḰߩታ
ᣉߦᒰߚࠅ‫ޔ‬
㧔㧝㧕CAS8ߩᨒ⚵ߺߦ߅޿ߡᮡḰൻߐࠇߚ EU ၞౝߦ߅ߌࠆࠞ࡯࠼ะߌ࠮ࠠ
ࡘ࡝࠹ࠖⷐઙߣߩᐔ੶ࠍߣࠅߥ߇ࠄ‫ޔ‬㧔㧞㧕᳃㑆㌁ⴕฦⴕߘߩઁฦ♽⛔ᯏ㑐㧔දห⚵❱㊄
Ⲣᯏ㑐‫⫾⾂ޔ‬㌁ⴕ㧕ߩ IT ᛩ⾗ࠨࠗࠢ࡞ߣߩหᦼൻࠍ࿑ࠅ‫ޔ‬ኻᔕࠦࠬ࠻߇ㆊᄢߣߥࠄߥ޿
ࠃ߁ߦ⺞ᢛߒߡ߅ࠅ‫ޔ‬ਛᄩ㌁ⴕߢ޽ࠆ Bundesbank9ߣߩㅪ៤ߩ㊀ⷐᕈ߇㜞߹ߞߡ޿ࠆ‫ޕ‬
8
9
೨ㅀ⧷࿖߆ࠄߩႎ๔ਛ‫ޔ‬1.ࠍෳᾖ‫ޕ‬
Bundesbank ߪ‫ޔ‬ㅪ㇌ IT ࠮ࠠࡘ࡝࠹ࠖᐡ߆ࠄߩᛛⴚᡰេࠍฃߌߡ‫ޔ‬㊄Ⲣᬺ⇇ߦ߅ߌࠆ࠮ࠠ
5
㧠㧚TC68/SC2 ߣ ISO/IEC JTC1/SC27 ߩ㑐ଥࠍᎼࠆ⼏⺰
ߎࠇ߹ߢ TC68/SC2 ߢߪ‫ޔ‬㊄Ⲣᬺ⇇ߩ┙႐߆ࠄᔅⷐߣߐࠇࠆᖱႎ࠮ࠠࡘ࡝࠹
ࠖᛛⴚߦߟ޿ߡ‫ޔ‬࿖㓙ᮡḰࠍ╷ቯߒߡ߈ߚ‫ߩߘޕ‬ㆊ⒟ߢ‫ޔ‬᳢ᬺ⇇⊛ߥᖱႎ࠮ࠠ
ࡘ࡝࠹ࠖᮡḰࠍ╷ቯߔࠆ SC27 ߣߪ‫ޔ‬㗫❥ߦ⺞ᢛળวࠍ㐿௅ߔࠆߥߤද⺞㑐ଥߦ
޽ߞߚ‫ޕ‬ᓥ᧪ߪ‫⋧ޔ‬੕ߦ⍦⋫ߩߥ޿▸࿐ౝߢ‫ޔ‬TC68/SC2 ߇㊄Ⲣታോ਄ᔅⷐߣߐ
ࠇߡ޿ࠆౕ૕⊛ߥᖱႎ࠮ࠠࡘ࡝࠹ࠖᮡḰࠍ╷ቯߔࠆ‫ߢ࡞ࠗ࠲ࠬ߁޿ߣޔ‬ᮡḰൻ
߇ㅴ߼ࠄࠇߡ߈ߚ߇‫ޔ‬TC68/SC2 ߩਛߢߪ‫ޔ‬SC27 ߣߩ૞ᬺߩಽᜂࠍᎼߞߡᗧ⷗
ߩ㆑޿߇޽ࠅ‫⺞ࠍࠇߎޔ‬ᢛߔߴߊ‫ޔ‬TC68/SC2 ౝߦ‫ߩߘޔ‬ขᛒ߁ߴ߈ᖱႎ࠮ࠠࡘ
࡝࠹ࠖᮡḰߦ㑐ߔࠆ Study Group ߇⚵ᚑߐࠇ‫ߩߘޔ‬ႎ๔10߇ᤓᐕߩ SC2 ࡛ࡂࡀࠬ
ࡉ࡞ࠣળวߢᛚ⹺ߐࠇߡ޿ࠆ11‫ޕ‬
੹࿁ߩળวߢߪ‫ ߚߒ߁ߎޔ‬TC68/SC2 ౝߩᗧ⷗ߩ㆑޿ߦട߃‫ޔ‬TC68/SC2 ߣ
SC27 ߣߩᗧ⷗ߩ㆑޿߇㞲᣿ߦߥߞߚ‫ޔߕ߹ޕ‬Lundin SC2 ⼏㐳߆ࠄ‫ᧄޟޔ‬ᐕ 4 ᦬
ߦ੩ㇺߢ㐿௅ߐࠇߚ SC27 ળวߦ࡝ࠛ࠱ࡦෳടߒߚߣߎࠈ‫ޔ‬ᓐࠄߪ critical
infrastructure㧔CI㧕ะߌߩᖱႎ࠮ࠠࡘ࡝࠹ࠖⷐઙࠍ୘೎ߦᮡḰൻߔࠆߎߣࠍᮡ᭙
ߒߡ޿ࠆ‫ޕ‬ISO/IEC 27000 ࡈࠔࡒ࡝࡯ߢ╷ቯߐࠇࠆ ISMS12ߩ࠮ࠠࡘ࡝࠹ࠖⷐઙߦ
ߟ޿ߡ‫ޔ‬᳢ᬺ⇇⊛ߥ౒ㅢ㗔ၞߩ਄ߦ‫ޔ‬ㅢା߿ක≮‫⥄ޔ‬േゞߦਗࠎߢ‫ޔ‬㊄Ⲣᬺ⇇
ࠍኻ⽎ߣߒߚ̌add-on̍ࠍ᭴߃ࠃ߁ߣߒߡ޿ࠆ‫ߩߣޠ‬ႎ๔߇޽ߞߚ‫ࠍࠇߎޕ‬ฃߌ
ߡ‫☨ޔ‬࿖߆ࠄ‫ޔ‬
‫ᦨޟ‬ㄭߩ SC27 ஥ߦ߅ߌࠆ‫ޔ‬TC68㧔㊄Ⲣ㧕‫ޔ‬TC215㧔ක≮㧕ߣ޿ߞ
ߚ․ቯߩ TC ࠍ⁓޿᠄ߜߔࠆ߆ߩࠃ߁ߦ࠮ࠠࡘ࡝࠹ࠖⷐઙࠍ╷ቯߒࠃ߁ߣߔࠆ
േ߈ߪ‫ޔ‬ᅤ૗ߥ߽ߩ߆‫ޔߣޠ‬TC68/SC2 ߣ SC27 ߣߩ㑆ߩ૞ᬺಽᜂࠍᎼࠅ໧㗴ឭ
⿠߇ⴕࠊࠇߚ‫ޕ‬
ߎࠇߦኻߒߡ‫ޔ‬TC68/SC2 ߩෳട⠪‫ޔ‬SC27 ߆ࠄߩ࡝ࠛ࠱ࡦෳട⠪ߣ߽‫ޔ‬
‫ޟ‬SC2
ࡘ࡝࠹ࠖᮡḰߦ߆߆ࠆേะࠍࡕ࠾࠲࡯ߒߡ޿ࠆ߇‫ޔ‬หᤨߦ‫࠷ࠗ࠼ޔ‬࿖ౝߩ㊄Ⲣᯏ㑐ߦ߅ߌ
ࠆ CAS ߩታᣉ⁁ᴫߩࡕ࠾࠲࡯ߦ߽ᒰߚߞߡ޿ࠆ‫ޔ߼ߚߩߎޕ‬ㅪ㇌ IT ࠮ࠠࡘ࡝࠹ࠖᐡ஥߆
ࠄታᣉߐࠇࠆ࠼ࠗ࠷࿖ౝၮḰߣ‫ޔ‬CAS ߩᨒ⚵ߺߩਛߢ᳢᰷Ꮊ⊛ߦ⺞ᢛߐࠇߚ࠮ࠠࡘ࡝࠹
ࠖᮡḰߣߩᢛวᕈߩ⏕଻ߩߚ߼ߩ⺞ᢛ߽‫ޔ‬Bundesbank ߇ᜂߞߡ޿ࠆᒻ‫ޕ‬
10 September 26, 2007 (N1558) ”Study Group on Information Security Standardization
Report”‫৻ޕ‬ᤓᐕߩ SC2 ࡠ࡯ࡑળวߦ߅޿ߡ⧷࿖߆ࠄ಴ߐࠇߚ‫ޟ‬SC2 ߩᬌ⸛ኻ⽎ࠍ㊄Ⲣᬺ
ോߦ㑐ㅪߩᷓ޿ᛛⴚߦ⛉ࠆߴ߈‫ߩߣޠ‬ឭ᩺ࠍฃߌߡ‫ޔ‬ᣣ☨⧷੽ࠍࡔࡦࡃ࡯ߣߒߡ⚵ᚑߐࠇ
ߚ߽ߩ‫ޕ‬
11
⚿ዪ‫ޔ‬㑐ଥ࿖ߩᗧ⷗߇➙߹ࠄߕ‫ޔ‬ᣢሽߩ࿖㓙ᮡḰࠍᑄᱛ࡮⛔วߔࠆߎߣߦߟ޿ߡ⃻⁁⛽
ᜬߣߥߞߚ߶߆‫ޔ‬ᣂⷙᮡḰൻឭ᩺ߦኻߒߡ߽‫ޟ‬ෳട࿖߇㊄Ⲣಽ㊁ߣߩ㑐ㅪࠍᔨ㗡ߦ⟎޿ߡ
ᛩ␿ߔߴ߈‫ߩߣޠ‬ᒰࠅ㓚ࠅߩߥ޿ឭ⸒ౝኈߦᱛ߹ߞߚ‫ޕ‬
12
Information Security Management System ߩ⇛‫ޕ‬IT ߦ㑐ߔࠆ࠮ࠠࡘ࡝࠹ࠖࠍ▤ℂߔࠆߚ߼ߩ
઀⚵ߺ‫ޔߪߢߎߎޕ‬ᓥ᧪ SC2 ߢ▤ℂߒߡ߈ߚ ISO/TR13569㧔ᖱႎ࠮ࠠࡘ࡝࠹ࠖࠟࠗ࠼࡜ࠗ
ࡦ㧕ߩᡷቯౝኈ߇㊄Ⲣಽ㊁ะߌⷐ᳞੐㗄ߣߒߡ൮฽ߐࠇߡ޿ࠆ‫ޕ‬
6
ߪ㊄Ⲣታോ਄ᔅⷐߣߐࠇࠆౕ૕⊛ߥᖱႎ࠮ࠠࡘ࡝࠹ࠖߩᮡḰൻࠍ‫ޔ‬SC27 ߪ᳢ᬺ
⇇⊛ߥᖱႎ࠮ࠠࡘ࡝࠹ࠖⷐઙߩᮡḰൻࠍ‫ߩߢ߹ࠇߎޔ߁޿ߣޠ߁ⴕࠇߙࠇߘޔ‬
✢ᒁ߈⥄૕ߦߪ⇣⺰߇ߥ޿ߎߣ߇⏕⹺ߐࠇߚ‫ޔߢߎߘޕ‬Lundin SC2 ⼏㐳߆ࠄߪ
‫ޟ‬TC68/SC2 ஥ߦ‫ޔ‬SC27 ߩࠕ࠙࠻ࡊ࠶࠻ࠍขࠅㄟ߻ߴߊ‫ޔ‬TC68/SC2 ౝߦᣂߚߦ
࠴࡯ࡓߥ޿ߒࠣ࡞࡯ࡊࠍ⚵ᚑߒߡ‫ޔ⊛❱⚵ࠅࠃޔ‬૕♽⊛ߦᖱႎ෼㓸࡮ᢛℂߔࠆ
૕೙ࠍᢛ߃ߡߪߤ߁߆‫ߩߣޠ‬ឭ᩺߇޽ߞߚ‫ޕ‬
ߎߩឭ᩺ߦኻߒߡߪ‫⧷ޔ‬࿖߆ࠄ‫ޔ‬
‫ޟ‬ᣢᓔߩ࡝ࠛ࠱ࡦᣇᑼߩᨒ⚵ߺߩਛߢ‫ޔ‬ISMS
ߩ࠮ࠠࡘ࡝࠹ࠖⷐઙߣ TC68/SC2 ߩ࠮ࠠࡘ࡝࠹ࠖᮡḰߩ㊀ⶄ‫ޔ‬Ꮕಽࠍ߭ߣߟߕߟ
⚌⸃޿ߡ޿ߊߩߪ‫⤘ޔ‬ᄢߥᤨ㑆ߣ⽶ᜂࠍⷐߔࠆ‫ޕ‬ᚒ‫ߩޘ‬ਛߦᅤ૗ߦఝ⑲ߥࡊࡠ
ࠫࠚࠢ࠻࡮࠴࡯ࡓࠍ⚵ᚑߒߚߣߒߡ߽‫ޔ‬೔ᐩ feasible ߥ૞ᬺߣߪᕁࠊࠇߥ޿‫ߣޠ‬
ߩ⷗⸃߇⴫᣿ߐࠇߚ‫ޟޔߪ࠳ࡦ࡜ࠝޔߚ߹ޕ‬SC27 ߩ࿖ౝᆔຬળߪ‫ߩ࡯ࡃࡦࡔޔ‬
ㆊඨ߇㊄Ⲣᯏ㑐ߩ಴りߢ޽ࠆ‫ߚߒ߁ߘޕ‬ታᘒ߆ࠄߔࠆߣ‫ޔ‬ᖱႎ࠮ࠠࡘ࡝࠹ࠖߩ
޽ࠆߴ߈ᆫࠍᎼࠅ‫ޔ‬TC68/SC2 ߣ SC27 ߢ⠨߃ᣇ߿ࠬ࠲ࡦࠬߦᄢ߈ߥࠡࡖ࠶ࡊ߇
↢ߕࠆߎߣ߽ߥ޿ߩߢߪ‫ߣޠ‬ㅀߴ‫ޔ‬SC27 ஥ߢᬌ⸛߇ㅴࠎߢ޿ࠆታᖱߦℂ⸃ࠍ␜
ߒߚ‫ޔߚ߹ޕ‬ᣣᧄ߆ࠄ߽‫ޟ‬ᣣᧄߩ TC68/SC2 ࿖ౝᬌ⸛ᆔຬળߦߪ‫ޔ‬㊄Ⲣᯏ㑐ߛߌ
ߢߥߊ IT ࡌࡦ࠳࡯߆ࠄߩෳട߽ᄙߊ‫ޔ‬ISMS ߪ‫ޔ‬ᚒ‫ߦߢߔޔ߽ߡߞߣߦޘ‬りㄭ
ߥሽ࿷ߣߥߞߡ޿ࠆ‫ޡᦝ੹ޕ‬ขࠅㄟ߻‫߽ߩ߁޿ߣޢ‬㆑๺ᗵ߇޽ࠆ‫ߩߣޠ‬ᗧ⷗ࠍ
ㅀߴߚ‫ޕ‬
ߎ߁ߒߚਛ‫☨ޔ‬࿖߆ࠄ‫ߦߢߔޟ‬ਥⷐ࿖ߢ ISMS ߩ೑↪߇᜛߇ࠆਛ‫੹ޔ‬ᓟߎ߁
ߒߚേ߈߇ߥߒ፣ߒ⊛ߦ᜛߇ࠅ‫ޔ‬TC68/SC2 ߣ SC27 ߢ૞ᬺ߇౬㐳ൻߔࠆ੐ᘒߪ
ᤚ㕖ߣ߽ㆱߌߥߌࠇ߫ߥࠄߥ޿‫ࠇߎޕ‬એ਄‫ࠍ⺰⼏ޔ‬㊀ߨߡᓤࠄߦᤨ㑆ࠍ⾌߿ߒ
ߡ޿ߡ߽ᮡḰൻ૞ᬺߩ⃻႐߇ᷙੂߔࠆߛߌߢ޽ࠅ13‫ߪߕ߹ޔ‬૗ࠄ߆ߩࠕ࡚ࠢࠪࡦ
ࠍ⿠ߎߔߴ߈‫ߩߣޠ‬ឭ⸒߇಴ߐࠇߚ‫ޕ‬
⼏⺰߇ਗⴕ✢ࠍㄡࠆਛ‫ޔ‬Ꮕߒᒰߚࠅ‫ޟ‬SC27 ߦኻߒߡ‫ޔ‬SC2 ߣߩ⺞ᢛ߿ද௛ߥ
ߊߒߡߪ‫ޔ‬㊄Ⲣᬺ⇇ะߌߩᖱႎ࠮ࠠࡘ࡝࠹ࠖⷐઙࠍ╷ቯߒߥ޿ߎߣࠍ᳞߼ࠆ‫ޠ‬
ᣦߩ೎ᷝ 2 ߩ᳿⼏ 08/314 ࠍ‫ోޔ‬ળ৻⥌ߢណᛯߔࠆߎߣߣߥߞߚ‫ޕ‬
ߥ߅‫ޔ‬਄⸥᳿⼏ࠍ࠼࡜ࡈ࠻ߔࠆㆊ⒟ߢ‫ޔ‬SC27 ߆ࠄߩ࡝ࠛ࠱ࡦෳട⠪߇ᛕ್⊛
ߥᗧ⷗ࠍ⴫᣿ߔࠆߥߤ‫ޔ‬TC68/SC2 ߣ SC27 ߣߩḴ߇ᷓ߹ߞߚ߶߆‫ޔ‬TC68/SC2 ౝ
ㇱߦ߅޿ߡ߽‫ޔ‬SC2 ߇ขᛒ߁ߴ߈ᖱႎ࠮ࠠࡘ࡝࠹ࠖᮡḰߦ㑐ߔࠆᓥ᧪߆ࠄߩࡔ
ࡦࡃ࡯㑆ߩᗧ⷗ߩ⋧㆑ߪ‫੹ޔ‬࿁߽෼ᢢࠍߺࠆߎߣߪߥ߆ߞߚ‫ޕ‬
13
WG13࡮Sheets ਥᩏߪ‫ޔ‬
‫ޟ‬ᚒ‫߇ޘ‬૞ᬺߩኻ⽎ߣߒߡ޿ࠆ࡝࠹࡯࡞㊄Ⲣᬺ⇇ߢߪ‫ޔ‬୘೎ౕ૕
⊛ߥ࠮ࠠࡘ࡝࠹ࠖᮡḰࠍቯ⟵ߔࠆ㓙‫ᦨޔ‬ㄭߪ ISMS ࠍᒁ↪ߔࠆࠤ࡯߽ࠬჇ߃ߡ߅ࠅ‫ࠇߘޔ‬
ࠄߩᄙߊߪ TC68 ஥ߦขࠅㄟ߹ࠇߡ޿ߥ޿߽ߩߢ޽ࠆ‫ޕ࠻ࡦࡔࠦߣޠ‬
7
㧡㧚ISO 20022 RMG ߣߩ㑐ଥᒝൻ
⃻࿷‫ޔ‬TC68 ⋥ਅߩ RMG ߩ▤ℂਅߢᮡḰൻߦะߌߚ૞ᬺ߇ㅴࠎߢ޿ࠆ
ISO20022 ߦߟ޿ߡ‫ޔ‬
‫੹ޟ‬ᓟ‫ⷐࠖ࠹࡝ࡘࠠ࠮ޔ‬ઙ߇ᬌ⸛ߩ㆚਄ߦ਄ߞߡߊࠆ⷗ㄟߺ‫ޠ‬
ߣߩ࡝ࠛ࠱ࡦႎ๔߇‫ޔ‬ISO20022 ߩ⊓㍳ᯏ㑐㧔Registration Authority‫ޔ‬RA㧕ߢ߽޽
ࠆ SWIFT ߆ࠄ಴ߐࠇߚ‫ࠍࠇߎޕ‬ฃߌߡ‫ޟޔ‬RMG ߩਛߦ‫̌߫߃଀ޔ‬security SEG̍
߿̌security support group̍ߦ⋧ᒰߔࠆ߽ߩࠍ⚵ᚑߐߖߡ‫ⷐࠖ࠹࡝ࡘࠠ࠮ޔ‬ઙߦ
߆߆ࠆ SC2 ߣߩද௛ࠍᷓൻߐߖߡ޿ߊࠃ߁ SC2 ஥߆ࠄ RMG ߦ௛߈߆ߌߡߪߤ
߁߆‫ߩߣޠ‬ឭ᩺߇ SWIFT ߆ࠄ಴ߐࠇ‫ޔ‬೎ᷝ 2 ߩ᳿⼏ 08/319 ࠍណᛯߔࠆߎߣߣߥ
ߞߚ‫ޕ‬
㧢㧚੹ᓟߩળวᣣ⒟
ᰴ࿁ߩ SC2 ᐕᰴ✚ળߪ‫ޔ‬2009 ᐕ 9 ᦬ 9㨪10 ᣣߦ‫࡮ࠬ࡝ࠡࠗޔ‬London ߦ߅޿
ߡ㐿௅ߐࠇࠆߎߣߣߥߞߚ‫ޕ‬
એ ਄
8
Fly UP