This standard specifies the security requirements for a cryptographic module utilised within a security system protecting sensitive information in computer and telecommunication systems. This standard defines four security levels for cryptographic modules to provide for a wide spectrum of data sensitivity and a diversity of application environments. This International Standard specifies four security levels for each of 11 requirement areas with each security level increasing security over the preceding level.
2 Normative References
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
The documents listed in Annexes C, D and E of this standard.
3 Terms and Definitions
For the purposes of this document, the following terms and definitions apply.
3.1
access control list
list of permissions to grant access to an object
3.2
administer guidance
written material that is used by the Crypto Officer and/or other administrative roles for the correct configuration, maintenance, and administration of the cryptographic module
3.3
approval authority
organisation mandated to approve and/or evaluate security functions; An approval organisation evaluates and approves security functions but is not the testing entity which would test for conformance to this standard
3.4
approved data authentication technique
approved method that may include the use of a digital signature, message authentication code or keyed hash (e.g. HMAC)
3.5
approved integrity technique
approved hash, message authentication code or a digital signature algorithm
3.6
approved mode of operation
an operation mode of cryptographic module that utilises only an approved security function, not to be confused with the operation mode of cryptographic algorithm such as AES CCM
3.7
approved security function
security function (e.g. cryptographic algorithm) that is referenced in Annex C
3.8
asymmetric cryptographic technique
cryptographic technique that uses two related transformations: a public transformation (defined by the public key) and a private transformation (defined by the private key); the two transformations have the property that, given the public transformation, it is computationally infeasible to derive the private transformation in a given limited time and with given computational resources.
3.9
bypass capability
ability of a service to partially or wholly circumvent a cryptographic function
3.10
certificate
entity's data rendered unforgeable with the private or symmetric key of a certification authority
3.11
compromise
unauthorised disclosure, modification, substitution, or use of critical sensitive data or the unauthorized modification or substitution of public security parameters
3.12
conditional self-test
test performed by a cryptographic module when the conditions specified for the test occur
3.13
confidentiality
property that information is not made available or disclosed to unauthorised entities
3.14
configuration management system;CMS
management of security features and assurances through control of changes made to hardware, software and documentation of a cryptographic module
3.15
control information
information that is entered into a cryptographic module for the purposes of directing the operation of the module
1 Scope
This standard specifies the security requirements for a cryptographic module utilised within a security system protecting sensitive information in computer and telecommunication systems. This standard defines four security levels for cryptographic modules to provide for a wide spectrum of data sensitivity and a diversity of application environments. This International Standard specifies four security levels for each of 11 requirement areas with each security level increasing security over the preceding level.
2 Normative References
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
The documents listed in Annexes C, D and E of this standard.
3 Terms and Definitions
For the purposes of this document, the following terms and definitions apply.
3.1
access control list
list of permissions to grant access to an object
3.2
administer guidance
written material that is used by the Crypto Officer and/or other administrative roles for the correct configuration, maintenance, and administration of the cryptographic module
3.3
approval authority
organisation mandated to approve and/or evaluate security functions; An approval organisation evaluates and approves security functions but is not the testing entity which would test for conformance to this standard
3.4
approved data authentication technique
approved method that may include the use of a digital signature, message authentication code or keyed hash (e.g. HMAC)
3.5
approved integrity technique
approved hash, message authentication code or a digital signature algorithm
3.6
approved mode of operation
an operation mode of cryptographic module that utilises only an approved security function, not to be confused with the operation mode of cryptographic algorithm such as AES CCM
3.7
approved security function
security function (e.g. cryptographic algorithm) that is referenced in Annex C
3.8
asymmetric cryptographic technique
cryptographic technique that uses two related transformations: a public transformation (defined by the public key) and a private transformation (defined by the private key); the two transformations have the property that, given the public transformation, it is computationally infeasible to derive the private transformation in a given limited time and with given computational resources.
3.9
bypass capability
ability of a service to partially or wholly circumvent a cryptographic function
3.10
certificate
entity's data rendered unforgeable with the private or symmetric key of a certification authority
3.11
compromise
unauthorised disclosure, modification, substitution, or use of critical sensitive data or the unauthorized modification or substitution of public security parameters
3.12
conditional self-test
test performed by a cryptographic module when the conditions specified for the test occur
3.13
confidentiality
property that information is not made available or disclosed to unauthorised entities
3.14
configuration management system;CMS
management of security features and assurances through control of changes made to hardware, software and documentation of a cryptographic module
3.15
control information
information that is entered into a cryptographic module for the purposes of directing the operation of the module
