Skip to main content

Resolution SB 2021 2126

logo

Summary

The Ecuadorian Resolution SB-2021-2126 of December 2, 2021, is published in the Official Registry 604 of December 23, 2021. This regulation applies to multiple and specialized banks, financial services entities and auxiliary services entities of the financial system.

Definitions

DefinitionRequirements
Art_15_3_c. Operative Risk Management - Information Technology Factor
155. Application free of malicious code
161. Define secure default options
Art_26_11_b. Information Security
181. Transmit data using secure protocols
185. Encrypt sensitive information
Art_26_11_c. Information Security
183. Delete sensitive data securely
Art_26_11_d. Information Security
095. Define users with privileges
176. Restrict system objects
265. Restrict access to critical processes
Art_26_11_e. Information Security
095. Define users with privileges
Art_26_11_g. Information Security
079. Record exact occurrence time of events
080. Prevent log modification
377. Store logs based on valid regulation
378. Use of log management system
Art_26_11_h. Information Security
145. Protect system cryptographic keys
224. Use secure cryptographic mechanisms
361. Replace cryptographic keys
Art_26_11_i. Information Security
185. Encrypt sensitive information
Art_26_11_l. Information Security
259. Segment the organization network
Art_26_11_o. Information Security
377. Store logs based on valid regulation
Art_27_3. Security in Electronic Channels
181. Transmit data using secure protocols
Art_27_5. Security in Electronic Channels
185. Encrypt sensitive information
300. Mask sensitive data
Art_27_6. Security in Electronic Channels
181. Transmit data using secure protocols
185. Encrypt sensitive information
300. Mask sensitive data
Art_27_8. Security in Electronic Channels
145. Protect system cryptographic keys
224. Use secure cryptographic mechanisms
Art_27_11. Security in Electronic Channels
264. Request authentication
319. Make authentication options equally secure
Art_27_13. Security in Electronic Channels
361. Replace cryptographic keys
Art_27_16. Security in Electronic Channels
363. Synchronize system clocks
Art_27_17. Security in Electronic Channels
079. Record exact occurrence time of events
377. Store logs based on valid regulation
378. Use of log management system
Art_27_18. Security in Electronic Channels
075. Record exceptional events in logs
095. Define users with privileges
186. Use the principle of least privilege
377. Store logs based on valid regulation
378. Use of log management system
Art_27_25. Security in Electronic Channels
300. Mask sensitive data
Art_28_1. Security in Electronic Channels - ATMs
185. Encrypt sensitive information
224. Use secure cryptographic mechanisms
300. Mask sensitive data
360. Remove unnecessary sensitive information
Art_28_2. Security in Electronic Channels - ATMs
264. Request authentication
Art_28_5. Security in Electronic Channels - ATMs
228. Authenticate using standard protocols
231. Implement a biometric verification component
264. Request authentication
319. Make authentication options equally secure
328. Request MFA for critical systems
Art_29_1. Security in Electronic Channels - Points of Sale (POS and PIN Pad)
264. Request authentication
Art_29_2. Security in Electronic Channels - Points of Sale (POS and PIN Pad)
181. Transmit data using secure protocols
Art_30_1. Security in Electronic Channels - Digital Banking
088. Request client certificates
090. Use valid certificates
093. Use consistent certificates
181. Transmit data using secure protocols
Art_30_4. Security in Electronic Channels - Digital Banking
236. Establish authentication time
Art_30_6. Security in Electronic Channels - Digital Banking
356. Verify sub-domain names
Art_30_7. Security in Electronic Channels - Digital Banking
133. Passwords with at least 20 characters
Art_30_8. Security in Electronic Channels - Digital Banking
140. Define OTP lifespan
231. Implement a biometric verification component
319. Make authentication options equally secure
328. Request MFA for critical systems
347. Invalidate previous OTPs
362. Assign MFA mechanisms to a single account
free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.

Last updated on