FIPS PUB 140-2 : 0
Withdrawn
A Withdrawn Standard is one, which is removed from sale, and its unique number can no longer be used. The Standard can be withdrawn and not replaced, or it can be withdrawn and replaced by a Standard with a different number.
SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES
05-07-2023
1. OVERVIEW
2. GLOSSARY OF TERMS AND ACRONYMS
3. FUNCTIONAL SECURITY OBJECTIVES
4. SECURITY REQUIREMENTS
APPENDIX A: SUMMARY OF DOCUMENTATION REQUIREMENTS
APPENDIX B: RECOMMENDED SOFTWARE DEVELOPMENT PRACTICES
APPENDIX C: CRYPTOGRAPHIC MODULE SECURITY POLICY
APPENDIX D: SELECTED BIBLIOGRAPHY
APPENDIX E: APPLICABLE INTERNET UNIFORM RESOURCE LOCATORS (URL)
CHANGE NOTICE
Specifies a standard that will be used by Federal organizations when these organizations specify that cryptographic-based security systems are to be used to provide protection for sensitive or valuable data. Protection of a cryptographic module within a security system is necessary to maintain the confidentiality and integrity of the information protected by the module. Provides the security requirements that will be satisfied by a cryptographic module. Also provides four increasing, qualitative levels of security intended to cover a wide range of potential applications and environments.
DocumentType |
Standard
|
PublisherName |
US Military Specs/Standards/Handbooks
|
Status |
Withdrawn
|
I.S. EN 62351-9:2017 | POWER SYSTEMS MANAGEMENT AND ASSOCIATED INFORMATION EXCHANGE - DATA AND COMMUNICATIONS SECURITY - PART 9: CYBER SECURITY KEY MANAGEMENT FOR POWER SYSTEM EQUIPMENT |
CSA ISO/IEC TR 24729-4:14 (R2019) | Information technology - Radio frequency identification for item management - Implementation guidelines - Part 4: Tag data security (Adopted ISO/IEC TR 24729-4:2009, first edition, 2009-03-15) |
ISO/IEC 20922:2016 | Information technology — Message Queuing Telemetry Transport (MQTT) v3.1.1 |
BS IEC 62055-41:2014 | Electricity metering. Payment systems Standard transfer specification (STS). Application layer protocol for one-way token carrier systems |
BS ISO 32000-2:2017 | Document management. Portable document format PDF 2.0 |
12/30204795 DC : 0 | BS ISO/IEC 19790 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES |
11/30251478 DC : 0 | BS EN 1300 - SECURE STORAGE UNITS - CLASSIFICATION FOR HIGH SECURITY LOCKS ACCORDING TO THEIR RESISTANCE TO UNAUTHORIZED OPENING |
TS 119 421 : 1.0.1 | ELECTRONIC SIGNATURES AND INFRASTRUCTURES (ESI); POLICY AND SECURITY REQUIREMENTS FOR TRUST SERVICE PROVIDERS ISSUING TIME-STAMPS |
ANSI INCITS 496 : 2012 | INFORMATION TECHNOLOGY - FIBRE CHANNEL - SECURITY PROTOCOLS - 2 (FC-SP-2) |
AAMI TIR57 : 2016 | PRINCIPLES FOR MEDICAL DEVICE SECURITY - RISK MANAGEMENT |
CEN/TS 16702-2:2015 | Electronic fee collection - Secure monitoring for autonomous toll systems - Part 2: Trusted recorder |
CEN ISO/TS 19299:2015 | Electronic fee collection - Security framework (ISO/TS 19299:2015) |
EN 319 421 : 1.1.1 | ELECTRONIC SIGNATURES AND INFRASTRUCTURES (ESI); POLICY AND SECURITY REQUIREMENTS FOR TRUST SERVICE PROVIDERS ISSUING TIME-STAMPS |
S.R. CEN/TS 16702-2:2015 | ELECTRONIC FEE COLLECTION - SECURE MONITORING FOR AUTONOMOUS TOLL SYSTEMS - PART 2: TRUSTED RECORDER |
BS ISO 17090-5:2017 | Health informatics. Public key infrastructure Authentication using Healthcare PKI credentials |
ANSI INCITS 516 : 2013(R2018) | INFORMATION TECHNOLOGY - SCSI STREAM COMMANDS - 4 (SSC-4) |
CEA TR 4 : 2014 | GUIDELINES FOR ADDING STRONG ENCRYPTION AND AUTHENTICATION TO APPLICATIONS USING ANSI/CEA-709.1 |
SCTE 41 : 2016 | POD COPY PROTECTION SYSTEM |
IEEE 1609.2-2013 | IEEE Standard for Wireless Access in Vehicular Environments — Security Services for Applications and Management Messages |
EN 319 411-2 : 2.2.2 | ELECTRONIC SIGNATURES AND INFRASTRUCTURES (ESI); POLICY AND SECURITY REQUIREMENTS FOR TRUST SERVICE PROVIDERS ISSUING CERTIFICATES; PART 2: REQUIREMENTS FOR TRUST SERVICE PROVIDERS ISSUING EU QUALIFIED CERTIFICATES |
PREN 1300 : DRAFT 2017 | SECURE STORAGE UNITS - CLASSIFICATION FOR HIGH SECURITY LOCKS ACCORDING TO THEIR RESISTANCE TO UNAUTHORIZED OPENING |
CAN/CSA-IEC/TS 62443-1-1:17 | Industrial communication networks — Network and system security — Part 1-1: Terminology, concepts and models (Adopted IEC technical specification 62443-1-1:2009, first edition, 2009-07) |
PD IEC/TS 62224:2013 | Multimedia home server systems. Conceptual model for digital rights management |
UNI/TS 11291-10 : 2013 | GAS MEASUREMENT SYSTEMS - HOURLY BASED GAS METERING SYSTEMS - PART 10: SAFETY |
IEEE 1363.3-2013 | IEEE Standard for Identity-Based Cryptographic Techniques using Pairings |
ANSI INCITS 522 : 2014 | ATA/ATAPI COMMAND SET - 3 (ACS-3) |
UNE-EN 1300:2014 | Secure storage units - Classification for high security locks according to their resistance to unauthorized opening |
ISO/IEC TS 20540:2018 | Information technology — Security techniques — Testing cryptographic modules in their operational environment |
BS EN 1300:2013 | Secure storage units. Classification for high security locks according to their resistance to unauthorized opening |
ISO/IEC 19790:2012 | Information technology — Security techniques — Security requirements for cryptographic modules |
BS ISO/IEC/IEEE 8802-1X : 2013 | INFORMATION TECHNOLOGY - TELECOMMUNICATIONS AND INFORMATION EXCHANGE BETWEEN SYSTEMS - LOCAL AND METROPOLITAN AREA NETWORKS - PART 1X: PORT-BASED NETWORK ACCESS CONTROL |
ISO 21188:2018 | Public key infrastructure for financial services — Practices and policy framework |
17/30333935 DC : 0 | BS EN 1300 - SECURE STORAGE UNITS - CLASSIFICATION FOR HIGH SECURITY LOCKS ACCORDING TO THEIR RESISTANCE TO UNAUTHORIZED OPENING |
IEC 62055-41:2014 RLV | Electricity metering – Payment systems – Part 41: Standard transfer specification (STS) – Application layer protocol for one-way token carrier systems |
DIN EN 1300:2014-05 | SECURE STORAGE UNITS - CLASSIFICATION FOR HIGH SECURITY LOCKS ACCORDING TO THEIR RESISTANCE TO UNAUTHORIZED OPENING |
NEMA EVSE 1.2:2015 | EV Charging Network Interoperability Standard Part 2: A Contactless RFID Credential for Authentication (UR Interface) |
ISO/IEC 19941:2017 | Information technology — Cloud computing — Interoperability and portability |
BS ISO/IEC 11889-1:2009 | Information technology. Trusted platform module Overview |
PD CEN/TS 16702-2:2015 | Electronic fee collection. Secure monitoring for autonomous toll systems Trusted recorder |
ISO/IEC 14776-454:2018 | Information technology Small computer system interface (SCSI) Part 454: SCSI Primary Commands - 4 (SPC-4) |
17/30354142 DC : 0 | BS EN 419231 - PROTECTION PROFILE FOR TRUSTWORTHY SYSTEMS SUPPORTING TIME STAMPING |
BS EN 14615:2017 | Postal services. Digital postage marks. Applications, security and design |
TS 103 161-9 : 1.1.1 | ACCESS, TERMINALS, TRANSMISSION AND MULTIPLEXING (ATTM); INTEGRATED BROADBAND CABLE AND TELEVISION NETWORKS; IPCABLECOM 1.5; PART 9: SECURITY |
IEEE 1622-2011 | IEEE Standard for Electronic Distribution of Blank Ballots for Voting Systems |
16/30327465 DC : 0 | BS ISO 17090-5 - HEALTH INFORMATICS - PUBLIC KEY INFRASTRUCTURE - PART 5: AUTHENTICATION USING HEALTHCARE PKI CREDENTIALS |
ANSI INCITS 501 : 2016 | INFORMATION TECHNOLOGY - SECURITY FEATURES FOR SCSI COMMANDS (SFSC) |
TS 102 640-3 : 2.1.2 | ELECTRONIC SIGNATURES AND INFRASTRUCTURES (ESI); REGISTERED ELECTRONIC MAIL (REM); PART 3: INFORMATION SECURITY POLICY REQUIREMENTS FOR REM MANAGEMENT DOMAINS |
PREN 419231 : DRAFT 2017 | PROTECTION PROFILE FOR TRUSTWORTHY SYSTEMS SUPPORTING TIME STAMPING |
SAE J2945/1_201603 | On-Board System Requirements for V2V Safety Communications |
S.R. CEN/TS 419241:2014 | SECURITY REQUIREMENTS FOR TRUSTWORTHY SYSTEMS SUPPORTING SERVER SIGNING |
I.S. EN 14615:2017 | POSTAL SERVICES - DIGITAL POSTAGE MARKS - APPLICATIONS, SECURITY AND DESIGN |
CEN/TS 419241:2014 | Security Requirements for Trustworthy Systems Supporting Server Signing |
S.R. CEN ISO/TS 19299:2015 | ELECTRONIC FEE COLLECTION - SECURITY FRAMEWORK (ISO/TS 19299:2015) |
ARINC 823P2:2008 | DataLink Security, Part 2 - Key Management |
ISO/TS 19299:2015 | Electronic fee collection Security framework |
EN 1300:2013 | Secure storage units - Classification for high security locks according to their resistance to unauthorized opening |
UNI EN 1300 : 2014 | SECURE STORAGE UNITS - CLASSIFICATION FOR HIGH SECURITY LOCKS ACCORDING TO THEIR RESISTANCE TO UNAUTHORIZED OPENING |
14/30302798 DC : 0 | BS ISO/IEC 11889-1 - INFORMATION TECHNOLOGY - TRUSTED PLATFORM MODULE - PART 1: ARCHITECTURE |
CAN/CSA-IEC/TR 62443-3-1:17 | Industrial communication networks — Network and system security — Part 3-1: Security technologies for industrial automation and control systems (Adopted IEC technical report 62443-3-1:2009, first edition, 2009-07) |
NASA STD 4009 : 2014 | SPACE TELECOMMUNICATIONS RADIO SYSTEMS (STRS) ARCHITECTURE STANDARD |
14/30284313 DC : 0 | BS ISO 32000-2 - DOCUMENT MANAGEMENT - PORTABLE DOCUMENT FORMAT - PART 2: PDF 2.0 |
ISO/IEC 21277:2018 | Information technology — Radio frequency identification device performance test methods — Crypto suite |
ANSI INCITS 467 : 2011 | INFORMATION TECHNOLOGY - SCSI STREAM COMMANDS - 3 (SSC-3) |
CAN/CSA-ISO/IEC 11889-1:16 | Information technology Trusted Platform Module Library Part 1: Architecture (Adopted ISO/IEC 11889-1:2015, second edition, 2015-12-15) |
BS ISO 21188:2006 | Public key infrastructure for financial services. Practices and policy framework |
BS ISO/IEC 19941:2017 | Information technology. Cloud computing. Interoperability and portability |
ANSI X9.84 : 2010(R2017) | BIOMETRIC INFORMATION MANAGEMENT AND SECURITY FOR THE FINANCIAL SERVICES INDUSTRY |
DIN CEN ISO/TS 19299;DIN SPEC 74125:2016-02 | ELECTRONIC FEE COLLECTION - SECURITY FRAMEWORK (ISO/TS 19299:2015) |
ANSI X9.97-1 : 2009 | FINANCIAL SERVICES - SECURE CRYPTOGRAPHIC DEVICES (RETAIL) - PART 1: CONCEPTS, REQUIREMENTS AND EVALUATION METHODS |
ANSI X9.112-2 : 2014 | WIRELESS MANAGEMENT AND SECURITY - PART 2: ATM AND POS |
TS 102 220 : 1.1.1 | ACCESS AND TERMINALS (AT); TECHNICAL SPECIFICATION: DELIVERY OF CABLE BASED SERVICES ACROSS A HOME ACCESS TO THE DEVICES IN THE HOME |
IEEE 802.16-2012 | IEEE Standard for Air Interface for Broadband Wireless Access Systems |
ANSI X9.79-4 : 2013 | PUBLIC KEY INFRASTRUCTURE (PKI) - PART 4: ASYMMETRIC KEY MANAGEMENT |
BS ISO/IEC 19790:2012 | Information technology. Security techniques. Security requirements for cryptographic modules |
UNI CEN/TS 419241 : 2014 | SECURITY REQUIREMENTS FOR TRUSTWORTHY SYSTEMS SUPPORTING SERVER SIGNING |
PD CEN ISO/TS 19299:2015 | Electronic fee collection. Security framework |
12/30247184 DC | BS ISO 32000-2 - DOCUMENT MANAGEMENT - PORTABLE DOCUMENT FORMAT - PART 2: PDF 2.0 |
SCTE 24-10 : 2016 | IPCABLECOM 1.0 - PART 10: SECURITY SPECIFICATION |
IEC 61753-052-6 : 2016 | DOCSIS 3.1 - PART 5: SECURITY SPECIFICATION (INPUT) |
ISO/IEC/IEEE 8802-1X:2013 | Telecommunications and exchange between information technology systems — Requirements for local and metropolitan area networks — Part 1X: Port-based network access control |
ANSI INCITS 513 : 2015 | INFORMATION TECHNOLOGY - SCSI PRIMARY COMMANDS - 4 (SPC-4) |
ISO/IEC 29180:2012 | Information technology — Telecommunications and information exchange between systems — Security framework for ubiquitous sensor networks |
IEC PAS 62734:2012 | Industrial communication networks - Fieldbus specifications - Wireless systems for industrial automation: process control and related applications |
I.S. EN 1300:2013 | SECURE STORAGE UNITS - CLASSIFICATION FOR HIGH SECURITY LOCKS ACCORDING TO THEIR RESISTANCE TO UNAUTHORIZED OPENING |
IEC TS 62224:2013 | Multimedia home server systems - Conceptual model for digital rights management |
EN 14615:2017 | Postal services - Digital postage marks - Applications, security and design |
INCITS/ISO/IEC 11889-4 : 2009(R2014) | INFORMATION TECHNOLOGY - TRUSTED PLATFORM MODULE - PART 4: COMMANDS |
PD IEC/PAS 62734:2012 | Industrial communication networks. Fieldbus specifications. Wireless systems for industrial automation: process control and related applications |
EN 319 411-1 : 1.2.2 | ELECTRONIC SIGNATURES AND INFRASTRUCTURES (ESI); POLICY AND SECURITY REQUIREMENTS FOR TRUST SERVICE PROVIDERS ISSUING CERTIFICATES; PART 1: GENERAL REQUIREMENTS |
BS ISO/IEC/IEEE 8802-1AR:2014 | Information technology. Telecommunications and information exchange between systems. Local and metropolitan area networks Secure device identity |
TS 119 411-1 : 1.0.1 | ELECTRONIC SIGNATURES AND INFRASTRUCTURES (ESI); POLICY AND SECURITY REQUIREMENTS FOR TRUST SERVICE PROVIDERS ISSUING CERTIFICATES; PART 1: GENERAL REQUIREMENTS |
ANSI X9.82-3 : 2007(R2017) | RANDOM NUMBER GENERATION - PART 3: DETERMINISTIC RANDOM BIT GENERATORS |
ISA 99.00.01 : 2007 | SECURITY FOR INDUSTRIAL AUTOMATION AND CONTROL SYSTEMS - PART 1: TERMINOLOGY, CONCEPTS, AND MODELS |
ISO/IEC/IEEE 8802-1AR:2014 | Information technology Telecommunications and information exchange between systems Local and metropolitan area networks Part 1AR: Secure device identity |
IEC 62055-41:2018 RLV | Electricity metering - Payment systems - Part 41: Standard transfer specification (STS) - Application layer protocol for one-way token carrier systems |
PD CEN/TS 419241:2014 | Security Requirements for Trustworthy Systems Supporting Server Signing |
IEEE 1667-2015 | IEEE Standard for Discovery, Authentication, and Authorization in Host Attachments of Storage Devices |
ISO 32000-2:2017 | Document management Portable document format Part 2: PDF 2.0 |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.