Example: stock market

Implementation Guidance for FIPS 140-2

Implementation Guidance for FIPS 140-2 and the Cryptographic Module Validation Program National Institute of Standards and Technology Canadian Centre for Cyber Security Initial Release: March 28, 2003 Last Update: October 17, 2022 Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program National Institute of Standards and Technology CMVP 2 10/17/2022 Table of Contents OVERVIEW .. 6 GENERAL 7 REQUEST FOR Guidance FROM THE CMVP AND CAVP .. 7 COMPLETION OF A TEST REPORT: INFORMATION THAT MUST BE PROVIDED TO NIST AND CCCS .. 9 PARTIAL VALIDATIONS AND NOT APPLICABLE AREAS OF FIPS 140-2 .. 11 DESIGN AND TESTING OF CRYPTOGRAPHIC MODULES .. 12 MAINTAINING VALIDATION COMPLIANCE OF SOFTWARE OR FIRMWARE CRYPTOGRAPHIC MODULES .. 13 MODULES WITH BOTH A FIPS MODE AND A NON-FIPS MODE .. 15 RELATIONSHIPS AMONG VENDORS, LABORATORIES, AND 16 REVALIDATION REQUIREMENTS .. 16 FSM, SECURITY POLICY, USER Guidance AND CRYPTO OFFICER Guidance DOCUMENTATION.

Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program National Institute of Standards and Technology . CMVP 4 11/05/2021

Fullscreen Download

Tags:

  Implementation, Guidance, Implementation guidance

Information

Domain:

Source:

Link to this page:

Please notify us if you found a problem with this document:

Other abuse

Transcription of Implementation Guidance for FIPS 140-2

1 Implementation Guidance for FIPS 140-2 and the Cryptographic Module Validation Program National Institute of Standards and Technology Canadian Centre for Cyber Security Initial Release: March 28, 2003 Last Update: October 17, 2022 Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program National Institute of Standards and Technology CMVP 2 10/17/2022 Table of Contents OVERVIEW .. 6 GENERAL 7 REQUEST FOR Guidance FROM THE CMVP AND CAVP .. 7 COMPLETION OF A TEST REPORT: INFORMATION THAT MUST BE PROVIDED TO NIST AND CCCS .. 9 PARTIAL VALIDATIONS AND NOT APPLICABLE AREAS OF FIPS 140-2 .. 11 DESIGN AND TESTING OF CRYPTOGRAPHIC MODULES .. 12 MAINTAINING VALIDATION COMPLIANCE OF SOFTWARE OR FIRMWARE CRYPTOGRAPHIC MODULES .. 13 MODULES WITH BOTH A FIPS MODE AND A NON-FIPS MODE .. 15 RELATIONSHIPS AMONG VENDORS, LABORATORIES, AND 16 REVALIDATION REQUIREMENTS .. 16 FSM, SECURITY POLICY, USER Guidance AND CRYPTO OFFICER Guidance DOCUMENTATION.

2 34 PHYSICAL SECURITY TESTING FOR RE-VALIDATION FROM FIPS 140-1 TO FIPS 140-2 .. 35 TESTING USING EMULATORS AND SIMULATORS .. 36 POST-VALIDATION INQUIRIES .. 37 INSTRUCTIONS FOR VALIDATION INFORMATION FORMATTING .. 38 MOVED TO .. 52 MOVED TO .. 52 REQUESTING AN INVOICE BEFORE SUBMITTING A REPORT .. 52 REMOTE TESTING FOR SOFTWARE MODULES .. 53 LIMITING THE USE OF FIPS 186-2 .. 55 OPERATIONAL EQUIVALENCY TESTING FOR HW MODULES .. 57 TRACKING THE COMPONENT VALIDATION LIST .. 62 SECTION 1 - CRYPTOGRAPHIC MODULE SPECIFICATION .. 65 CRYPTOGRAPHIC MODULE NAME .. 65 FIPS APPROVED MODE OF OPERATION .. 66 FIRMWARE DESIGNATION .. 67 BINDING OF CRYPTOGRAPHIC ALGORITHM VALIDATION CERTIFICATES .. 68 MOVED TO .. 70 MOVED TO .. 70 MULTIPLE APPROVED MODES OF OPERATION .. 70 MOVED TO .. 72 DEFINITION AND REQUIREMENTS OF A HYBRID CRYPTOGRAPHIC MODULE .. 72 MOVED TO .. 73 MOVED TO .. 74 MOVED TO .. 74 MOVED TO.

3 74 MOVED TO .. 74 MOVED TO .. 74 SOFTWARE MODULE .. 74 FIRMWARE MODULE .. 76 PIV REFERENCE .. 79 NON-APPROVED MODE OF 80 SUB-CHIP CRYPTOGRAPHIC SUBSYSTEMS .. 82 PROCESSOR ALGORITHM ACCELERATORS (PAA) AND PROCESSOR ALGORITHM Implementation (PAI) .. 86 MODULE COUNT DEFINITION .. 90 DEFINITION AND USE OF A NON-APPROVED SECURITY FUNCTION .. 93 SECTION 2 CRYPTOGRAPHIC MODULE PORTS AND INTERFACES .. 98 TRUSTED PATH .. 98 SECTION 3 ROLES, SERVICES, AND AUTHENTICATION .. 101 Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program National Institute of Standards and Technology CMVP 3 10/17/2022 AUTHORIZED ROLES .. 101 BYPASS CAPABILITY IN ROUTERS .. 102 AUTHENTICATION MECHANISMS FOR SOFTWARE MODULES .. 104 MULTI-OPERATOR AUTHENTICATION .. 105 DOCUMENTATION REQUIREMENTS FOR CRYPTOGRAPHIC MODULE SERVICES .. 106 SECTION 4 - FINITE STATE MODEL .. 109 SECTION 5 - PHYSICAL SECURITY.

4 110 OPACITY AND PROBING OF CRYPTOGRAPHIC MODULES WITH FANS, VENTILATION HOLES OR SLITS AT LEVEL 110 TESTING TAMPER EVIDENT SEALS .. 111 PHYSICAL SECURITY ASSUMPTIONS .. 111 LEVEL 3: HARD COATING TEST METHODS .. 116 PHYSICAL SECURITY LEVEL 3 AUGMENTED WITH EFP/EFT .. 118 SECTION 6 OPERATIONAL ENVIRONMENT .. 119 SINGLE OPERATOR MODE AND CONCURRENT OPERATORS .. 119 APPLICABILITY OF OPERATIONAL ENVIRONMENT REQUIREMENTS TO JAVA SMART CARDS .. 120 CORRECTION TO COMMON CRITERIA REQUIREMENTS ON OPERATING SYSTEM .. 121 APPROVED INTEGRITY TECHNIQUES .. 122 SECTION 7 CRYPTOGRAPHIC KEY MANAGEMENT .. 123 MOVED TO .. 123 USE OF IEEE KEY DERIVATION PROTOCOLS .. 123 MOVED TO .. 124 ZEROIZATION OF POWER-UP TEST KEYS .. 124 STRENGTH OF KEY ESTABLISHMENT METHODS .. 124 MOVED TO .. 127 KEY ESTABLISHMENT AND KEY ENTRY AND OUTPUT .. 127 THE USE OF POST-PROCESSING IN KEY GENERATION METHODS .. 131 PROCEDURAL CSP ZEROIZATION.

5 133 USING THE SP 800-108 KDFS IN FIPS MODE .. 134 MOVED TO .. 135 KEY GENERATION FOR RSA SIGNATURE ALGORITHM .. 135 MOVED TO .. 136 ENTROPY CAVEATS .. 136 ENTROPY ASSESSMENT .. 140 ACCEPTABLE ALGORITHMS FOR PROTECTING STORED KEYS AND CSPS .. 145 ZEROIZATION OF ONE TIME PROGRAMMABLE (OTP) MEMORY .. 147 ENTROPY ESTIMATION AND COMPLIANCE WITH SP 800-90B .. 148 INTERPRETATION OF SP 800-90B REQUIREMENTS .. 151 COMBINING ENTROPY FROM MULTIPLE SOURCES .. 157 SECTION 8 ELECTROMAGNETIC INTERFERENCE/ELECTROMAGNETIC COMPATIBILITY (EMI/EMC) .. 160 SECTION 9 SELF-TESTS .. 161 KNOWN ANSWER TEST FOR KEYED HASHING ALGORITHM .. 161 KNOWN ANSWER TEST FOR EMBEDDED CRYPTOGRAPHIC ALGORITHMS .. 163 KAT FOR ALGORITHMS USED IN AN INTEGRITY TEST TECHNIQUE .. 163 KNOWN ANSWER TESTS FOR CRYPTOGRAPHIC ALGORITHMS .. 165 MODULE INITIALIZATION DURING POWER-UP .. 171 SELF-TESTS WHEN IMPLEMENTING THE SP 800-56A SCHEMES .. 172 SOFTWARE/FIRMWARE LOAD TEST.

6 174 CONTINUOUS RANDOM NUMBER GENERATOR TESTS .. 175 PAIR-WISE CONSISTENCY SELF-TEST WHEN GENERATING A KEY PAIR .. 179 Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program National Institute of Standards and Technology CMVP 4 10/17/2022 POWER-UP TESTS FOR SOFTWARE MODULE LIBRARIES .. 180 REDUCING THE NUMBER OF KNOWN ANSWER TESTS .. 183 INTEGRITY TEST USING 185 NON-RECONFIGURABLE MEMORY INTEGRITY TEST .. 187 SECTION 10 DESIGN 189 SECTION 11 MITIGATION OF OTHER ATTACKS .. 190 MITIGATION OF OTHER ATTACKS .. 190 SECTION 12 APPENDIX A: SUMMARY OF DOCUMENTATION REQUIREMENTS .. 191 SECTION 13 APPENDIX B: RECOMMENDED SOFTWARE DEVELOPMENT PRACTICES .. 192 SECTION 14 APPENDIX C: CRYPTOGRAPHIC MODULE SECURITY POLICY .. 193 LEVEL OF DETAIL WHEN REPORTING CRYPTOGRAPHIC SERVICES .. 193 LEVEL OF DETAIL WHEN REPORTING MITIGATION OF OTHER ATTACKS .. 194 LOGICAL DIAGRAM FOR SOFTWARE, FIRMWARE AND HYBRID MODULES.

7 194 OPERATOR APPLIED SECURITY APPLIANCES .. 195 CRITICAL SECURITY PARAMETERS FOR THE SP 800-90 DRBGS .. 197 FIPS 140-2 ANNEX A APPROVED SECURITY 199 VALIDATION TESTING OF SHS ALGORITHMS AND HIGHER CRYPTOGRAPHIC ALGORITHM USING SHS ALGORITHMS .. 199 USE OF NON-NIST-RECOMMENDED ELLIPTIC CURVES .. 199 VENDOR AFFIRMATION OF CRYPTOGRAPHIC SECURITY METHODS .. 200 MOVED TO .. 203 KEY/IV PAIR UNIQUENESS REQUIREMENTS FROM SP 800-38D .. 203 MOVED TO .. 210 MOVED TO .. 210 USE OF A TRUNCATED 211 XTS-AES KEY GENERATION REQUIREMENTS .. 212 REQUIREMENTS FOR VENDOR AFFIRMATION OF SP 800-38G .. 213 THE USE AND THE TESTING REQUIREMENTS FOR THE FAMILY OF FUNCTIONS DEFINED IN FIPS 202 .. 214 REQUIREMENTS FOR VENDOR AFFIRMATION TO THE ADDENDUM TO SP 800-38A .. 216 SP 800-67 REV1 TRANSITION .. 218 APPROVED MODULUS SIZES FOR RSA DIGITAL SIGNATURE AND OTHER APPROVED PUBLIC KEY ALGORITHMS .. 220 VENDOR AFFIRMATION FOR THE SP 800-185 ALGORITHMS.

8 223 FIPS 140-2 ANNEX B APPROVED PROTECTION PROFILES .. 226 FIPS 140-2 ANNEX C APPROVED RANDOM NUMBER GENERATORS .. 227 MOVED TO .. 227 MOVED TO .. 227 FIPS 140-2 ANNEX D APPROVED KEY ESTABLISHMENT TECHNIQUES .. 228 MOVED TO .. 228 CAVP REQUIREMENTS FOR VENDOR AFFIRMATION OF SP 800-56A-REV2 .. 228 CAVP REQUIREMENTS FOR VENDOR AFFIRMATION TO SP 800-56A REV3 AND THE TRANSITION FROM THE VALIDATION TO THE EARLIER VERSIONS OF THIS 230 ACCEPTABLE KEY ESTABLISHMENT PROTOCOLS .. 232 ASSURANCE OF THE VALIDITY OF A PUBLIC KEY FOR KEY ESTABLISHMENT .. 234 REQUIREMENTS FOR VENDOR AFFIRMATION OF SP 800-56B .. 235 MOVED TO .. 237 REQUIREMENTS FOR VENDOR AFFIRMATION OF SP 800-132 .. 237 MOVED TO .. 239 KEY AGREEMENT METHODS .. 239 Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program National Institute of Standards and Technology CMVP 5 10/17/2022 KEY TRANSPORT METHODS .. 244 REQUIREMENTS FOR VENDOR AFFIRMATION OF SP 800-56C.

9 247 REFERENCES TO THE SUPPORT OF INDUSTRY PROTOCOLS .. 249 REQUIREMENTS FOR VENDOR AFFIRMATION TO SP 800-133 .. 250 ELLIPTIC CURVES AND THE MODP GROUPS IN SUPPORT OF INDUSTRY PROTOCOLS .. 252 SP 800-56C REV2 ONE-STEP KEY DERIVATION FUNCTION WITHOUT A COUNTER .. 255 WITHDRAWN 257 CRYPTOGRAPHIC KEY STRENGTH MODIFIED BY AN ENTROPY ESTIMATE .. 257 VALIDATING THE TRANSITION FROM FIPS 186-2 TO FIPS 186-4 .. 258 CAVP REQUIREMENTS FOR VENDOR AFFIRMATION OF SP 800-90 .. 261 USE OF OTHER CORE SYMMETRIC ALGORITHMS IN ANSI RNG .. 263 RNGS: SEEDS, SEED KEYS AND DATE/TIME VECTORS .. 263 DEFINITION OF AN NDRNG .. 264 CAVP REQUIREMENTS FOR VENDOR AFFIRMATION OF SP 800-38D .. 265 CAVP REQUIREMENTS FOR VENDOR AFFIRMATION OF FIPS 186-3 DIGITAL SIGNATURE STANDARD .. 267 CAVP REQUIREMENTS FOR VENDOR AFFIRMATION OF NIST SP 800-38E .. 271 CAVP REQUIREMENTS FOR VENDOR AFFIRMATION OF SP 800-56A .. 272 REQUIREMENTS FOR VENDOR AFFIRMATION OF SP 800-108.

10 274 REQUIREMENTS FOR VENDOR AFFIRMATION OF SP 800-135 REV1 .. 275 LISTING OF DES IMPLEMENTATIONS .. 276 VALIDATION OF TRANSITIONING CRYPTOGRAPHIC ALGORITHMS AND KEY LENGTHS .. 276 CHANGE SUMMARY .. 281 NEW Guidance .. 281 MODIFIED Guidance .. 283 END OF DOCUMENT .. 296 Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program National Institute of Standards and Technology CMVP 6 10/17/2022 Overview This Implementation Guidance document is issued and maintained by the Government's National Institute of Standards and Technology (NIST) and the Canadian Centre for Cyber Security (CCCS), which serve as the validation authorities of the Cryptographic Module Validation Program (CMVP) for their respective governments. The CMVP validates the test results of National Voluntary Laboratory Accreditation Program (NVLAP) accredited Cryptographic and Security Testing (CST) Laboratories which test cryptographic modules for conformance to Federal Information Processing Standard Publication (FIPS) 140-2 , Security Requirements for Cryptographic Modules.

Show more

Documents from same domain

ITL Bulletin Guidelines for Securing Wireless Local …

ITL Bulletin Guidelines for Securing Wireless Local

csrc.nist.gov

Wireless networks, like other communications networks, ... NIST SP 800-153, Guidelines for Securing Wireless Local Area Networks (WLANs), was

  Guidelines, Network, Communication, Wireless, Inst, Bulletin, Local, Communications networks, Wireless networks, Bulletin guidelines for securing wireless local, Securing, Guidelines for securing wireless local

Windows 7 BitLocker FIPS Security Policy - NIST

Windows 7 BitLocker FIPS Security Policy - NIST

csrc.nist.gov

Windows 7 BitLocker™ Drive Encryption is a data protection feature available in Windows® 7 Enterprise and Ultimate for client computers and in Windows Server 2008 R2. BitLocker is Microsoft’s response to one of our

  Windows, Inst, Windows 7, 174 7

An information exchange For Information Security and ...

An information exchange For Information Security and ...

csrc.nist.gov

Identity, Credential, and Access Management ICAM ICAM represents the intersection of digital identities, credentials, and access control into one comprehensive approach.

  Identity, Access, Credentials, And access

A Random Zoo: Sloth, Unicorn and trx - NIST

A Random Zoo: Sloth, Unicorn and trx - NIST

csrc.nist.gov

sloth, described in Section 3 (and pronounced “slow­ th”), a new approach to public randomness selection, unicorn, is proposed in Section 4: unicorn results in a

  Inst, Random, Sloth, A random zoo

Port Authority Series PA111-SA CDI 01-03-0912B

Port Authority Series PA111-SA CDI 01-03-0912B

csrc.nist.gov

The Port Authority is designed primarily to protect firewall/router console port access. The device was designed to overcome the weaknesses of RADIUS and TACACS+ for remote access authentication. The problem of the firewall/router not being able to contact

  Ports, Authority, Port authority

HikSSL Cryptographic Module version 1.0.0 FIPS 140-2 Non ...

HikSSL Cryptographic Module version 1.0.0 FIPS 140-2 Non ...

csrc.nist.gov

Hangzhou Hikvision Digital Technology Co., Ltd. affirms that the module runs correctly on the following network camera and NVR models: • Network Cameras: model names starting with DS-2CD2.

  Technology, Digital, Hikvision, Hangzhou, Hangzhou hikvision digital technology

A Method for Quantitative Risk Analysis - NIST

A Method for Quantitative Risk Analysis - NIST

csrc.nist.gov

It does, however, present its results in a management-friendly form of monetary values, percentages, and probabilities. Since the Office of Management and ... A Method for Quantitative Risk Analysis James W. Meritt. There are two primary methods of risk analysis: Analysis.

  Analysis, Management, Methods, Risks, Inst, Quantitative, Method for quantitative risk analysis

20 Most Important Controls For Continuous Cyber Security ...

20 Most Important Controls For Continuous Cyber Security ...

csrc.nist.gov

Topics • Background • Philosophy and Approach for the “20 Most Important Security Controls” • Control Examples and List of Controls

  Important, Most, Most important

J) of SP 800 - NIST Computer Security Resource Center

J) of SP 800 - NIST Computer Security Resource Center

csrc.nist.gov

between SP 800-53, Revision 4 and the Initial Public Draft of SP 800- 53, Revision 5. The changes to the control baselines are reflected in a separate document.

  Inst, Sp 800, Of sp 800

Publication Number: NIST Special Publication (SP) 800-53 ...

Publication Number: NIST Special Publication (SP) 800-53 ...

csrc.nist.gov

The Special Publication 800-series reports on ITL’s research, guidelines, and outreach efforts in information system security, and its collaborative activities …

  Special, Inst, Publication, Nist special publication, Special publication 800

Related documents

RadioRA 2 Maestro Local Controls SPEC (369225)

RadioRA 2 Maestro Local Controls SPEC (369225)

www.lutron.com

3P ower Boosters / Load Interfaces: -RRD-PRO can be used to control power boosters / load interfaces. For a list of compatible power boosters / load interfaces see Compatible Power Boosters and Load Interfaces, page 11.

  Rowe

Date of Directive

Date of Directive

sos.idaho.gov

LIVING WILL AND DURABLE POWER OF ATTORNEY FOR HEALTH CARE. Date of Directive: Name of person executing Directive: Address of person executing Directive: A Living Will. A Directive to Withhold or to Provide Treatment. 1. I willfully and voluntarily make known my desire that my life shall not be prolonged artificially under the circumstances set ...

BREATHTAKING Design Strategy

BREATHTAKING Design Strategy

www.goldennumber.net

Natural Sunfl ower Grid City Grid Dome Grid Euclidian Geometry Proportions of a Circle Sub-Proportions Natural Golden Spiral Parthenon Da Vinci’s Mona Lisa Natural Magnetic Energy Duality in Balance Elements of Energy “De Architectura” Greek House Plan Long: 1:1, 2:3, 3:4 Middle: 2:4, 4:9, 9:16 Short: 1:1, 2:3, 3:4 Da Vinci’s Vitruvian ...

  Rowe

MODULE 3: HYDROGEN USE IN INTERNAL

MODULE 3: HYDROGEN USE IN INTERNAL

www1.eere.energy.gov

• the p ower o utp t of hydr gen internal comb stion engines • the effect of mixing hyd r ogen with other hyd carb n fuels Hydrogen Fuel Cell Engines and Related Technologies: Rev 0, …

  Hydrogen, Rowe, Gone, Hyd r ogen

Related search queries

Ower, Hydrogen, Hyd r ogen