Resolution SB 2021 2126

Resolution SB 2021 2126

logo

Summary

The Ecuadorian Resolution SB-2021-2126 of December 2, 2021, is published in the Official Registry 604 of December 23, 2021. This regulation applies to multiple and specialized banks, financial services entities and auxiliary services entities of the financial system.

Definitions

Definition Requirements
Art_15_3_c. Operative Risk Management - Information Technology Factor 155. Application free of malicious code
161. Define secure default options
Art_26_11_b. Information Security 181. Transmit data using secure protocols
185. Encrypt sensitive information
Art_26_11_c. Information Security 183. Delete sensitive data securely
Art_26_11_d. Information Security 095. Define users with privileges
176. Restrict system objects
265. Restrict access to critical processes
Art_26_11_e. Information Security 095. Define users with privileges
Art_26_11_g. Information Security 079. Record exact occurrence time of events
080. Prevent log modification
377. Store logs based on valid regulation
378. Use of log management system
Art_26_11_h. Information Security 145. Protect system cryptographic keys
224. Use secure cryptographic mechanisms
361. Replace cryptographic keys
Art_26_11_i. Information Security 185. Encrypt sensitive information
Art_26_11_l. Information Security 259. Segment the organization network
Art_26_11_o. Information Security 377. Store logs based on valid regulation
Art_27_3. Security in Electronic Channels 181. Transmit data using secure protocols
Art_27_5. Security in Electronic Channels 185. Encrypt sensitive information
300. Mask sensitive data
Art_27_6. Security in Electronic Channels 181. Transmit data using secure protocols
185. Encrypt sensitive information
300. Mask sensitive data
Art_27_8. Security in Electronic Channels 145. Protect system cryptographic keys
224. Use secure cryptographic mechanisms
Art_27_11. Security in Electronic Channels 264. Request authentication
319. Make authentication options equally secure
Art_27_13. Security in Electronic Channels 361. Replace cryptographic keys
Art_27_16. Security in Electronic Channels 363. Synchronize system clocks
Art_27_17. Security in Electronic Channels 079. Record exact occurrence time of events
377. Store logs based on valid regulation
378. Use of log management system
Art_27_18. Security in Electronic Channels 075. Record exceptional events in logs
095. Define users with privileges
186. Use the principle of least privilege
377. Store logs based on valid regulation
378. Use of log management system
Art_27_25. Security in Electronic Channels 300. Mask sensitive data
Art_28_1. Security in Electronic Channels - ATMs 185. Encrypt sensitive information
224. Use secure cryptographic mechanisms
300. Mask sensitive data
360. Remove unnecessary sensitive information
Art_28_2. Security in Electronic Channels - ATMs 264. Request authentication
Art_28_5. Security in Electronic Channels - ATMs 228. Authenticate using standard protocols
231. Implement a biometric verification component
264. Request authentication
319. Make authentication options equally secure
328. Request MFA for critical systems
Art_29_1. Security in Electronic Channels - Points of Sale (POS and PIN Pad) 264. Request authentication
Art_29_2. Security in Electronic Channels - Points of Sale (POS and PIN Pad) 181. Transmit data using secure protocols
Art_30_1. Security in Electronic Channels - Digital Banking 088. Request client certificates
090. Use valid certificates
093. Use consistent certificates
181. Transmit data using secure protocols
Art_30_4. Security in Electronic Channels - Digital Banking 236. Establish authentication time
Art_30_6. Security in Electronic Channels - Digital Banking 356. Verify sub-domain names
Art_30_7. Security in Electronic Channels - Digital Banking 133. Passwords with at least 20 characters
Art_30_8. Security in Electronic Channels - Digital Banking 140. Define OTP lifespan
231. Implement a biometric verification component
319. Make authentication options equally secure
328. Request MFA for critical systems
347. Invalidate previous OTPs
362. Assign MFA mechanisms to a single account
Free trial message
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.