Security Requirements for Cryptographic Modules

Published: January 11, 1994


Lisa J. Carnahan, Miles E. Smid


[Superseded by FIPS 140-2 (May 25, 2001):] The selective application of technological and related procedural safeguards is an important responsibility of every Federal organization in providing adequate security in its computer and telecommunication systems. This publication provides a standard to be used by Federal organizations when these organizations specify that cryptographic-based security systems are to be used to provide protection for sensitive or valuable data. Protection of a cryptographic module within a security system is necessary to maintain the confidentiality and integrity of the information protected by the module. This standard specifies the security requirements that are to be satisfied by a cryptographic module. The standard provides four increasing, qualitative levels of security intended to cover a wide range of potential applications and environments. The security requirements cover areas related to the secure design and implementation of a cryptographic module. These areas include basic design and documentation, module interfaces, authorized roles and services, physical security, software security, operating system security, key management, cryptographic algorithms, electromagnetic interference/electromagnetic compatibility (EMI/EMC), and self-testing. [Supersedes FIPS 140 (April 14, 1982):]
Citation: Federal Inf. Process. Stds. (NIST FIPS) - 140-1
Report Number:
Pub Type: NIST Pubs


Superseded by

Download Paper


computer security, telecommunication security, cryptography, cryptographic modules, Federal Information Processing Standard (FIPS)
Created January 11, 1994, Updated February 19, 2017