Security Requirements for Cryptographic Modules

Published: January 11, 1994

Author(s)

Lisa J. Carnahan, Miles E. Smid

Abstract

[Superseded by FIPS 140-2 (May 25, 2001): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=902003] The selective application of technological and related procedural safeguards is an important responsibility of every Federal organization in providing adequate security in its computer and telecommunication systems. This publication provides a standard to be used by Federal organizations when these organizations specify that cryptographic-based security systems are to be used to provide protection for sensitive or valuable data. Protection of a cryptographic module within a security system is necessary to maintain the confidentiality and integrity of the information protected by the module. This standard specifies the security requirements that are to be satisfied by a cryptographic module. The standard provides four increasing, qualitative levels of security intended to cover a wide range of potential applications and environments. The security requirements cover areas related to the secure design and implementation of a cryptographic module. These areas include basic design and documentation, module interfaces, authorized roles and services, physical security, software security, operating system security, key management, cryptographic algorithms, electromagnetic interference/electromagnetic compatibility (EMI/EMC), and self-testing. [Supersedes FIPS 140 (April 14, 1982): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=917971]
Citation: Federal Inf. Process. Stds. (NIST FIPS) - 140-1
Report Number:
140-1
Pub Type: NIST Pubs

Supersedes

Superseded by

Download Paper

Keywords

computer security, telecommunication security, cryptography, cryptographic modules, Federal Information Processing Standard (FIPS)
Created January 11, 1994, Updated February 19, 2017