FIPS PUB 140 : 0001
Withdrawn
A Withdrawn Standard is one, which is removed from sale, and its unique number can no longer be used. The Standard can be withdrawn and not replaced, or it can be withdrawn and replaced by a Standard with a different number.
SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES
06-07-2023
1. OVERVIEW
1.1 Security Level 1
1.2 Security Level 2
1.3 Security Level 3
1.4 Security Level 4
2. DEFINITIONS AND ACRONYMS
2.1 Definitions
2.2 Acronyms
3. FUNCTIONAL SECURITY OBJECTIVES
4. SECURITY REQUIREMENTS
4.1 Cryptographic Modules
4.2 Module Interfaces
4.3 Roles and Services
4.3.1 Roles
4.3.2 Services
4.3.3 Operator Authentication
4.4 Finite State Machine Model
4.5 Physical Security
4.5.1 Single-Chip Cryptographic Modules
4.5.2 Multiple-Chip Embedded Cryptographic Modules
4.5.3 Multiple-Chip Standalone Cryptographic Modules
4.5.4 Environmental Failure Protection Features
4.5.4.1 Environmental Failure Protection Features
4.5.4.2 Environmental Failure Testing Procedures
4.6 Software Security
4.7 Operating System Security
4.8 Cryptographic Key Management
4.8.1 Key Generation
4.8.2 Key Distribution
4.8.3 Key Entry and Output
4.8.4 Key Storage
4.8.5 Key Destruction
4.8.6 Key Archiving
4.9 Cryptographic Algorithms
4.10 Electromagnetic Interference/Electromagnetic Compatibility
(EMI/EMC)
4.11 Self-Tests
4.11.1 Power-Up Tests
4.11.2 Conditional Tests
APPENDIX A. SUMMARY OF DOCUMENTATION REQUIREMENTS
APPENDIX B. RECOMMENDED SOFTWARE DEVELOPMENT PRACTICES
APPENDIX C. SELECTED REFERENCES
Committee |
AREA IPSC
|
DocumentType |
Standard
|
PublisherName |
US Military Specs/Standards/Handbooks
|
Status |
Withdrawn
|
08/30190992 DC : 0 | BS ISO 26430-6 - DIGITAL CINEMA (D-CINEMA) OPERATIONS - PART 6: AUDITORIUM SECURITY MESSAGES FOR INTRA-THEATER COMMUNICATIONS |
SCTE 165-10 : 2009 | IPCABLECOM 1.5 - PART 10: SECURITY |
BS ISO 26430-2:2008 | Digital cinema (D-cinema) operations Digital certificate |
TR 102 780 : 1.1.1 | METHODS FOR TESTING AND SPECIFICATION (MTS); SECURITY; GUIDE TO THE USE OF METHODS IN DEVELOPMENT OF ETSI SECURITY STANDARDS |
INCITS/ISO/IEC 15945 : 2002 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - SPECIFICATION OF TTP SERVICES TO SUPPORT THE APPLICATION OF DIGITAL SIGNATURES |
SCTE 135-3 : 2013 | DOCSIS 3.0 - PART 3: SECURITY SERVICES |
ISO 17090-5:2017 | Health informatics — Public key infrastructure — Part 5: Authentication using Healthcare PKI credentials |
ISO 26430-6:2009 | Digital cinema (D-cinema) operations — Part 6: Auditorium security messages for intra-theater communications |
IEC 62351-9:2017 | Power systems management and associated information exchange - Data and communications security - Part 9: Cyber security key management for power system equipment |
IEC TR 62443-3-1:2009 | Industrial communication networks - Network and system security - Part 3-1: Security technologies for industrial automation and control systems |
ASTM E 2085 : 2000 : REV A | Standard Guide on Security Framework for Healthcare Information (Withdrawn 2009) |
14/30249803 DC : 0 | BS ISO/IEC 27040 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - STORAGE SECURITY |
BS ISO 26430-6:2009 | Digital cinema (D-cinema) operations Auditorium security messages for intra-theater communications |
IEEE 1547.3 : 2007 | MONITORING, INFORMATION EXCHANGE, AND CONTROL OF DISTRIBUTED RESOURCES INTERCONNECTED WITH ELECTRIC POWER SYSTEMS |
13/30293455 DC : 0 | BS EN 62591 - INDUSTRIAL COMMUNICATION NETWORKS - WIRELESS COMMUNICATION NETWORK AND COMMUNICATION PROFILES - WIRELESSHART[TM] |
16/30335156 DC : 0 | BS EN 14615 - POSTAL SERVICES - DIGITAL POSTAGE MARKS - APPLICATIONS, SECURITY AND DESIGN |
13/30284056 DC : 0 | BS EN 62055-41 - ELECTRICITY METERING - PAYMENT SYSTEMS - PART 41: STANDARD TRANSFER SPECIFICATION (STS) - APPLICATION LAYER PROTOCOL FOR ONE-WAY TOKEN CARRIER SYSTEMS |
ISO 26430-2:2008 | Digital cinema (D-cinema) operations — Part 2: Digital certificate |
BS EN 62351-9:2017 | Power systems management and associated information exchange. Data and communications security Cyber security key management for power system equipment |
CAN/CSA-ISO/IEC 15945-04 (R2017) | Information Technology - Security Techniques - Specification of TTP Services to Support the Application of Digital Signatures (Adopted ISO/IEC 15945:2002, first edition, 2002-02-01) |
ISO/IEC TR 24729-4:2009 | Information technology Radio frequency identification for item management Implementation guidelines Part 4: Tag data security |
IEC TS 62351-2:2008 | Power systems management and associated information exchange - Data and communications security - Part 2: Glossary of terms |
BS ISO/IEC 18031 : 2011 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - RANDOM BIT GENERATION |
ISO/IEC 11889-1:2015 | Information technology — Trusted platform module library — Part 1: Architecture |
IEC TR 62351-13:2016 | Power systems management and associated information exchange - Data and communications security - Part 13: Guidelines on security topics to be covered in standards and specifications |
ISO/IEC 14776-454:2018 | Information technology Small computer system interface (SCSI) Part 454: SCSI Primary Commands - 4 (SPC-4) |
17/30281253 DC : 0 | BS ISO 21188 - PUBLIC KEY INFRASTRUCTURE FOR FINANCIAL SERVICES - PRACTICES AND POLICY FRAMEWORK |
TS 102 042 : 2.4.1 | ELECTRONIC SIGNATURES AND INFRASTRUCTURES (ESI); POLICY REQUIREMENTS FOR CERTIFICATION AUTHORITIES ISSUING PUBLIC KEY CERTIFICATES |
BS ISO 17090-3:2008 | Health informatics. Public key infrastructure Policy management of certification authority |
ISO/IEC 18031:2011 | Information technology Security techniques Random bit generation |
ISO 15782-1:2009 | Certificate management for financial services Part 1: Public key certificates |
NFPA 731 : 2017 | INSTALLATION OF ELECTRONIC PREMISES SECURITY SYSTEMS |
15/30328633 DC : 0 | BS ISO/IEC 20922 - INFORMATION TECHNOLOGY - MESSAGE QUEUING TELEMETRY TRANSPORT (MQTT) V3.1.1 |
BS ISO 15782-1:2009 | Certificate management for financial services Public key certificates |
TR 102 437 : 1.1.1 | ELECTRONIC SIGNATURES AND INFRASTRUCTURES (ESI); GUIDANCE ON TS 101 456 (POLICY REQUIREMENTS FOR CERTIFICATION AUTHORITIES ISSUING QUALIFIED CERTIFICATES) |
EN 62351-9:2017 | Power systems management and associated information exchange - Data and communications security - Part 9: Cyber security key management for power system equipment |
ANSI X9.97-1 : 2009 | FINANCIAL SERVICES - SECURE CRYPTOGRAPHIC DEVICES (RETAIL) - PART 1: CONCEPTS, REQUIREMENTS AND EVALUATION METHODS |
07/30170887 DC : DRAFT AUG 2007 | BS ISO 26430-2 - DIGITAL CINEMA (D-CINEMA) OPERATIONS - PART 2: DIGITAL CERTIFICATE |
BS ISO/IEC 20922:2016 | Information technology. Message Queuing Telemetry Transport (MQTT) v3.1.1 |
ANSI X9.79-1 : 2001 | FINANCIAL SERVICES PUBLIC KEY INFRASTRUCTURE - PART 1: PKI PRACTICES AND POLICY FRAMEWORK |
TS 102 023 : 1.2.2 | ELECTRONIC SIGNATURES AND INFRASTRUCTURES (ESI); POLICY REQUIREMENTS FOR TIME-STAMPING AUTHORITIES |
BS ISO 26430-1:2008 | Digital cinema (D-cinema) operations Key delivery message |
PREN 14615 : DRAFT 2016 | POSTAL SERVICES - DIGITAL POSTAGE MARKS - APPLICATIONS, SECURITY AND DESIGN |
NASA HDBK 0008 : 2012 | NASA PRODUCT DATA AND LIFE-CYCLE - MANAGEMENT (PDLM) HANDBOOK |
DD IEC/TS 62351-2:2008 | Power systems management and associated information exchange. Data and communications security Glossary of terms |
ISO 17090-3:2008 | Health informatics Public key infrastructure Part 3: Policy management of certification authority |
SCTE 23-2 : 2017 | DOCSIS 1.1 - PART 2: BASELINE PRIVACY PLUS INTERFACE |
SCTE 24-10 : 2016 | IPCABLECOM 1.0 - PART 10: SECURITY SPECIFICATION |
ANSI X9.82-1 : 2006(R2013) | RANDOM NUMBER GENERATION - PART 1: OVERVIEW AND BASIC PRINCIPLES |
CSA ISO/IEC 15945 : 2004 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - SPECIFICATION OF TTP SERVICES TO SUPPORT THE APPLICATION OF DIGITAL SIGNATURES |
IEC TS 62443-1-1:2009 | Industrial communication networks - Network and system security - Part 1-1: Terminology, concepts and models |
IEC 62591:2016 | Industrial networks - Wireless communication network and communication profiles - WirelessHART<sup>TM</sup> |
07/30170884 DC : DRAFT AUG 2007 | BS ISO 26430-1 - DIGITAL CINEMA (D-CINEMA) OPERATIONS - PART 1: KEY DELIVERY MESSAGE |
ISO 26430-1:2008 | Digital cinema (D-cinema) operations — Part 1: Key delivery message |
CSA ISO/IEC 15945 : 2004 : R2012 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - SPECIFICATION OF TTP SERVICES TO SUPPORT THE APPLICATION OF DIGITAL SIGNATURES |
DD IEC TS 62224 : DRAFT 2007 | MULTIMEDIA HOME SERVER SYSTEMS - CONCEPTUAL MODEL FOR DIGITAL RIGHTS MANAGEMENT |
ANSI INCITS 426 : 2007 | FIBRE CHANNEL - SECURITY PROTOCOLS (FC-SP) |
ANSI X9.82-3 : 2007(R2017) | RANDOM NUMBER GENERATION - PART 3: DETERMINISTIC RANDOM BIT GENERATORS |
TS 102 639-5 : 1.1.1 | ACCESS AND TERMINALS, TRANSMISSION AND MULTIPLEXING (ATTM); THIRD GENERATION TRANSMISSION SYSTEMS FOR INTERACTIVE CABLE TELEVISION SERVICES - IP CABLE MODEMS; PART 5: SECURITY SERVICES |
TS 101 456 : 1.4.3 | ELECTRONIC SIGNATURES AND INFRASTRUCTURES (ESI); POLICY REQUIREMENTS FOR CERTIFICATION AUTHORITIES ISSUING QUALIFIED CERTIFICATES |
INCITS/ISO/IEC 15945 : 2002 : R2007 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - SPECIFICATION OF TTP SERVICES TO SUPPORT THE APPLICATION OF DIGITAL SIGNATURES |
ANSI X9.26 : 1990 | FINANCIAL INSTITUTION SIGN-ON AUTHENTICATION FOR WHOLESALE FINANCIAL SYSTEMS |
IEEE 828-2012 | IEEE Standard for Configuration Management in Systems and Software Engineering |
ANSI X9.23 : 1988 | FINANCIAL INSTITUTION ENCRYPTION OF WHOLESALE FINANCIAL MESSAGES |
ANSI X9.9 : 86(R1994) | FINANCIAL INSTITUTION MESSAGE AUTHENTICATION (WHOLESALE) |
FIPS PUB 101 : 0 | GUIDELINE FOR LIFECYCLE VALIDATION, VERIFICATION & TESTING OF COMPUTER SOFTWARE |
IEEE 729-1983 | IEEE Standard Glossary of Software Engineering Terminology |
IEEE 1012-2012 | IEEE Standard for System and Software Verification and Validation |
ISO 9074:1989 | Information processing systems — Open Systems Interconnection — Estelle: A formal description technique based on an extended state transition model |
ANSI X9.17 : 1995 | FINANCIAL INSTITUTION KEY MANAGEMENT (WHOLESALE), |
ISO 8807:1989 | Information processing systems Open Systems Interconnection LOTOS A formal description technique based on the temporal ordering of observational behaviour |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.