FIPS 140-2: Difference between revisions
m (3 revisions imported: Initial Upload of old pages from IDESG Wiki) |
(No difference)
|
Latest revision as of 03:58, 28 June 2018
Title: SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES
Category: Security Requirements Standard
Date: 12/3/2002
Creator: NIST
URL: http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf
Description: A set of security requirements specifically pertaining to systems that implement cryptographic mechanisms
such as encryption, hashing, digital signatures, random number generation or message authentication. The
security requirements cover areas related to the design and implementation of a cryptographic module.
These areas include cryptographic module specification; module ports and interfaces; roles, services, and
authentication; finite state model; physical security; operational environment; cryptographic key
management; electromagnetic interference/electromagnetic compatibility (EMI/EMC); self-tests; and design
assurance. Security Levels 1 through 4 impose increasingly stringent requirements on the requirements,
with Level 1 not required to demonstrate any physical security requirements or authenticate users, whereas
Level 4 requires tamper response mechanisms, resistance to a range of environmental conditions and
identity based authentication of users. This document is the basis of the FIPS 140-2 cryptographic
certification scheme administered by NIST and Canada's CSE.
Privacy: No stipulations.
Security: The document is an information security standard. The document specifies security requirements on the
functionality and design assurance of cryptographic modules.
Interoperability: The document promotes interoperability by providing a baseline set of requirements for cryptographic
modules.
Terms: Approved, Approved Mode Of Operation,
Approved Security Function, Authentication Code,
Automated Key Transport, Compromise, Confidentiality,
Control Information,
Critical Security Parameter, Cryptographic Boundary, Cryptographic Key, Cryptographic Key Component,
Cryptographic Module, Cryptographic Module Security Policy,
Crypto Officer, Data Path,
Differential Power Analysis, Digital Signature,
Electromagnetic Compatibility, Electromagnetic Interference,
Electronic Key Entry, Encrypted Key, Environmental Failure Protection, Environmental Failure Testing, Error Detection Code, Finite State Model, Firmware, Hardware,
Hash-based Message Authentication Code, Initialization Vector,
Input Data, Integrity, Interface,
Key Encrypting Key, Key Establishment, Key Loader, Key Management, Key Transport, Manual Key Transport,
Manual Key Entry, Microcode, Operator, Output Data, Password, Personal Identification Number, Physical Protection, Plaintext Key, Port, Private Key, Protection Profile, Public Key,
Public Key Certificate, Public Key(asymmetric) Cryptographic Algorithm, Random Number Generator, Removable Cover, Secret Key,
Secret Key (symmetric) Cryptographic Algorithm, Seed Key,
Simple Power Analysis, Software, Split Knowledge,
Status Information, System Software, Tamper Detection,
Tamper Evidence, Tamper Response,
Target Of Evaluation, TEMPEST, TOE Security Functions,
TOE Security Policy, Trusted Path, User, Validation Authorities