ISO IEC 7816-9-2017 PDF

Full title and description

Identification cards — Integrated circuit cards — Part 9: Commands for card management. This part of ISO/IEC 7816 specifies interindustry commands for card, file and other structure management used across the life cycle of an integrated circuit card (both contact and contactless environments).

Abstract

ISO/IEC 7816-9:2017 defines a set of standardized commands and related data objects for card and file management (including data and security objects). The commands cover operations used before issuance, during use, and after expiry of a card; an annex describes secure-loading (secure download) mechanisms and access-right verification for loading entities. The standard is not intended to constrain internal card implementations.

General information

• Status: Published (current; version confirmed during periodic review).
• Publication date: December 2017 (Edition 3 — published 2017‑12; bibliographic records show 7 December 2017).
• Publisher: ISO/IEC (International Organization for Standardization in cooperation with the International Electrotechnical Commission).
• ICS / categories: 35.240.15 — Identification cards; chip cards; biometrics.
• Edition / version: Edition 3 (2017).
• Number of pages: 21 pages (ISO edition).

Scope

Specifies interindustry commands for management of cards, files and related structures (data objects and security objects) used throughout the card life cycle. It addresses commands that may be required before issuance or after expiry, and provides guidance for secure loading of data (secure download) including verification of loading entity rights and protection of transmitted data. The standard applies to interindustry command definitions and is not a specification for internal card implementations.

Key topics and requirements

• Standardized APDU-style commands for card and file management (creation, deletion, update and access control of files and data objects).
• Definition and handling of data objects and security objects used by management commands.
• Life-cycle oriented operations — commands usable before issuance, during operational life, and after expiry.
• Secure download and protections for loading code/keys/applets, including access-rights verification and secure messaging guidance (annex material).
• Interoperability expectations with other parts of the 7816 series (notably ISO/IEC 7816-4 for command organization and security semantics).

Typical use and users

Used by smart-card and secure-element manufacturers, card operating system developers, application providers, system integrators, certification and conformity assessment bodies, and organizations issuing chip-enabled ID, payment or access cards. Implementers consult this part to ensure consistent card-management command behavior across products and ecosystems.

Related standards

Part of the ISO/IEC 7816 series covering smart / integrated circuit cards. Closely related parts include ISO/IEC 7816-1, -2, -3, -4, -6, -8, -10, -11, -12, -13 and -15 (physical characteristics, interfaces, APDU organization/commands, data elements, security mechanisms, application management, etc.). Implementers commonly use 7816-4 in conjunction with 7816-9.

Keywords

Identification cards, integrated circuit cards, smart cards, card management, commands, data objects, security objects, secure download, life cycle, APDU, ISO/IEC 7816.

FAQ

Q: What is this standard?

A: ISO/IEC 7816-9:2017 is the part of the ISO/IEC 7816 family that defines interindustry commands and related data/security object handling for card and file management on integrated circuit cards.

Q: What does it cover?

A: It covers command definitions for creating, deleting and managing files and objects on a card, lifecycle-related operations (including pre-issuance and post-expiry commands), and guidance for secure loading of data (secure download). It does not specify internal card implementations.

Q: Who typically uses it?

A: Card manufacturers, operating-system and applet developers, system integrators, card issuers (ID, payment, access control), and testing/certification laboratories use the standard to achieve interoperable card-management behavior.

Q: Is it current or superseded?

A: ISO/IEC 7816-9:2017 (Edition 3) is the current published edition (published December 2017) and the edition was confirmed during periodic review; an amendment addressing data objects for quantum‑safe cryptography key management operations has been prepared and is listed as under publication (amendment under publication in 2026).

Q: Is it part of a series?

A: Yes — it is one part of the ISO/IEC 7816 series for identification cards and integrated circuit cards; other parts cover physical characteristics, interfaces, command organization, security operations, application management and related topics.

Q: What are the key keywords?

A: Identification cards, smart cards, integrated circuit cards, card management, commands, data objects, security objects, secure download, lifecycle, APDU.