Ver:
· http://csrc.nist.gov/cryptval/140-2.htm
Security
Requirements for Cryptographic Modules
Security
Requirements for Cryptographic Modules
FIPS 140-2
Certification describes US government requirements that IT products must meet
for Sensitive But Unclassified (SBU) use. The standard was published by the
National Institute of Standards and Technology (NIST), has been adopted by the
Communication Security Establishment (CSE) of Canada, and is likely to be
adopted by the financial community through the American National Standards
Institute (ANSI).
FIPS 140-2
defines the security requirements that must be satisfied by a cryptographic
module used in a security system protecting unclassified information within IT
systems. There are four levels of security: Level 1 is the lowest and Level 4
is the highest. These levels are intended to cover the wide range of potential
applications and environments in which cryptographic modules may be deployed.
The security requirements cover areas related to the secure design and
implementation of a cryptographic module. These areas include basic design and
documentation, module interfaces, authorized roles and services, physical
security, software security, operating system security, key management,
cryptographic algorithms, electromagnetic interference/electromagnetic
compatibility (EMI/EMC), and selftesting.
http://www.spectralogic.com/index.cfm?fuseaction=home.displayFile&DocID=1235
Temas relacionados