The Association of Electrical Equipment and Medical Imaging Manufacturers
 Limit to NEMA Publications
 Search entire IHS Markit database
 
Store Home  |   My Account  |   Help & Support  |   About IHS Markit  |   Contact Us  |   Sign In  |  
Look Inside

ANSI INCITS 504-3

2016 Edition, October 12, 2016

Complete Document

Information Technology – Generic Identity Command – Part 3: GICS Platform Testing Requirements



Detail Summary

Active, Most Current

EN
Format
Details
Price (USD)
PDF
Single User
$60.00
Print
In Stock
$75.00
Add to Cart

Product Details:

  • Revision: 2016 Edition, October 12, 2016
  • Published Date: October 12, 2016
  • Status: Active, Most Current
  • Document Language: English
  • Published By: American National Standards Institute (ANSI)
  • Page Count: 66
  • ANSI Approved: No
  • DoD Adopted: No

Description / Abstract:

Purpose and Scope

This part of the multi-part standard defined by INCITS 504 addresses the testing of assertions made in parts 1 and 2 of the standard. Part 3 of this multi-part standard will define conformity assessment to include the use of relevant existing conformity assessments.

• Identity credential storage (Namespace standardization)

• Authentication protocols

• Biometric verification1

• Confidentiality protocols

• Digital signatures

• Card management

• Application management

• Key management

• Related administrative management functions

• Card lifecycle model

• Card enablement

Test requirement definition for GICS Part 1 – Command Application Command Set and Part 2 – Card Administrative Command Set is defined with sufficient detail to satisfy GICS requirements. Testing of card application profile specifications for GICS application (Part 4) is out of scope for Part 3.

The scope for Part 3 is limited to definition for what testing is required and does not provide technical guidelines on the methodology to be used during the testing and validation of applicable components. Part 3 focuses on platform conformance testing of Part 1 and Part 2, and focuses on what needs to be tested to enforce full functionality and interoperability. In particular, instances of brute force, exhaustive, or openended negative testing are not specified in the requirements in this standard. There are no test requirements for negative testing to determine abnormal behavior with the exception of interrogating access control rules and elicitation of error codes where possible and appropriate. It is expected that test methods, procedures and environments will be developed by commercial and/or government entities to be available for developers producing GICS compliant products.

FIPS 140-2 validation is out of scope for the GICS platform conformance testing. Product developers could use existing validation program to get their GICS Platform FIPS 140-2 validated.

1 Note that the document does not completely specify biometric verification but only includes hooks for biometric data for future use.