Security Criteria

The BITS Product Certification Program criteria are developed collaboratively by experts at financial institutions, technology providers and regulatory and government agencies. The criteria represent the minimum baseline security features and functionality of various types of commercial software products. Criteria are developed for certain classifications of products based on function and application (see below).

While the criteria were created for testing purposes, many BITS member organizations use the criteria for technology procurement, as well as in proposals and internal development projects.

Master Security Criteria
Master Security Criteria provide detailed product security requirements for a set of security features, including: identification, non-repudiation, authorization, confidentiality, data and system integrity, data disposal, audit, authentication, security administration, guidance documentation, security functionality and scalability. These overall security requirements and functions are expected in all classes of products.


  • Download MSC Version 3.0
  • Download MSC Version 1.1

Product Profiles 
Product profiles contain criteria that apply to a class and/or sub-classification of products. The criteria in these profiles contain many, if not all, of the master-level criteria as well as more specific criteria that apply exclusively to products in that specific product class.