Skip to main content
U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock ( ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Security Requirements for Cryptographic Modules

Published

Author(s)

Lisa J. Carnahan, Miles E. Smid

Abstract

[Superseded by FIPS 140-2 (May 25, 2001): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=902003] The selective application of technological and related procedural safeguards is an important responsibility of every Federal organization in providing adequate security in its computer and telecommunication systems. This publication provides a standard to be used by Federal organizations when these organizations specify that cryptographic-based security systems are to be used to provide protection for sensitive or valuable data. Protection of a cryptographic module within a security system is necessary to maintain the confidentiality and integrity of the information protected by the module. This standard specifies the security requirements that are to be satisfied by a cryptographic module. The standard provides four increasing, qualitative levels of security intended to cover a wide range of potential applications and environments. The security requirements cover areas related to the secure design and implementation of a cryptographic module. These areas include basic design and documentation, module interfaces, authorized roles and services, physical security, software security, operating system security, key management, cryptographic algorithms, electromagnetic interference/electromagnetic compatibility (EMI/EMC), and self-testing. [Supersedes FIPS 140 (April 14, 1982): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=917971]
Citation
Federal Inf. Process. Stds. (NIST FIPS) - 140-1
Report Number
140-1

Keywords

computer security, telecommunication security, cryptography, cryptographic modules, Federal Information Processing Standard (FIPS)
Created January 11, 1994, Updated February 19, 2017