ISO/IEC 19790

Last updated

ISO/IEC 19790 is an ISO/IEC standard for security requirements for cryptographic modules. It addresses a wide range of issues regarding their implementation, including specifications, interface definitions, authentication, operational and physical security, configuration management, testing, and life-cycle management. [1] The first version of ISO/IEC 19790 was derived from the U.S. government computer security standard FIPS 140-2, Security Requirements for Cryptographic Modules. [2]

As of 2023, the current version of the standard is ISO/IEC 19790:2012. [3] This replaces a previous version, ISO/IEC 19790:2006, which is now obsolete. [4]

Use of ISO/IEC 19790 is referenced in the U.S. government standard FIPS 140-3. [5] As an ISO/IEC standard, access to it requires payment, typically on a per-user basis. [5]

ISO/IEC 24759 is a related standard for the testing of cryptographic modules, [6] the first version of which derived from NIST's Derived Test Requirements for FIPS PUB 140-2, Security Requirements for Cryptographic Modules. [2]

Related Research Articles

<span class="mw-page-title-main">Advanced Encryption Standard</span> Standard for the encryption of electronic data

The Advanced Encryption Standard (AES), also known by its original name Rijndael, is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001.

The Federal Information Processing Standards (FIPS) of the United States are a set of publicly announced standards that the National Institute of Standards and Technology (NIST) has developed for use in computer situs of non-military United States government agencies and contractors. FIPS standards establish requirements for ensuring computer security and interoperability, and are intended for cases in which suitable industry standards do not already exist. AIR FIPS specifications are modified versions of standards the technical communities use, such as the American National Standards Institute (ANSI), the Institute of Electrical and Electronics Engineers (IEEE), and the International Organization for Standardization (ISO).

The Common Criteria for Information Technology Security Evaluation is an international standard for computer security certification. It is currently in version 3.1 revision 5.

The Federal Information Processing Standard Publication 140-2,, is a U.S. government computer security standard used to approve cryptographic modules. The title is Security Requirements for Cryptographic Modules. Initial publication was on May 25, 2001, and was last updated December 3, 2002.

<span class="mw-page-title-main">Cryptographic Module Validation Program</span> Joint American-Canadian security accreditation program for cryptographic modules

The Cryptographic Module Validation Program (CMVP) is a joint American and Canadian security accreditation program for cryptographic modules. The program is available to any vendors who seek to have their products certified for use by the U.S. Government and regulated industries that collect, store, transfer, share and disseminate "sensitive, but not classified" information. All of the tests under the CMVP are handled by third-party laboratories that are accredited as Cryptographic Module Testing Laboratories by the National Voluntary Laboratory Accreditation Program (NVLAP). Product certifications under the CMVP are performed in accordance with the requirements of FIPS 140-3.

The 140 series of Federal Information Processing Standards (FIPS) are U.S. government computer security standards that specify requirements for cryptographic modules.

Information security standards are techniques generally outlined in published materials that attempt to protect a user's or organization's cyber environment. This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks.

<span class="mw-page-title-main">Hardware security module</span> Physical computing device

A hardware security module (HSM) is a physical computing device that safeguards and manages secrets, performs encryption and decryption functions for digital signatures, strong authentication and other cryptographic functions. These modules traditionally come in the form of a plug-in card or an external device that attaches directly to a computer or network server. A hardware security module contains one or more secure cryptoprocessor chips.

<span class="mw-page-title-main">Network Security Services</span> Collection of cryptographic computer libraries

Network Security Services (NSS) is a collection of cryptographic computer libraries designed to support cross-platform development of security-enabled client and server applications with optional support for hardware TLS/SSL acceleration on the server side and hardware smart cards on the client side. NSS provides a complete open-source implementation of cryptographic libraries supporting Transport Layer Security (TLS) / Secure Sockets Layer (SSL) and S/MIME. NSS releases prior to version 3.14 are tri-licensed under the Mozilla Public License 1.1, the GNU General Public License, and the GNU Lesser General Public License. Since release 3.14, NSS releases are licensed under GPL-compatible Mozilla Public License 2.0.

A cryptographic module is a component of a computer system that securely implements cryptographic algorithms, typically with some element of tamper resistance.

Cryptographic Module Testing Laboratory (CMTL) is an information technology (IT) computer security testing laboratory that is accredited to conduct cryptographic module evaluations for conformance to the FIPS 140-2 U.S. Government standard.

Lattice-based cryptography is the generic term for constructions of cryptographic primitives that involve lattices, either in the construction itself or in the security proof. Lattice-based constructions support important standards of post-quantum cryptography. Unlike more widely used and known public-key schemes such as the RSA, Diffie-Hellman or elliptic-curve cryptosystems — which could, theoretically, be defeated using Shor's algorithm on a quantum computer — some lattice-based constructions appear to be resistant to attack by both classical and quantum computers. Furthermore, many lattice-based constructions are considered to be secure under the assumption that certain well-studied computational lattice problems cannot be solved efficiently.

The Federal Information Processing Standard Publication 140-3 is a U.S. government computer security standard used to approve cryptographic modules. The title is Security Requirements for Cryptographic Modules. Initial publication was on March 22, 2019 and it supersedes FIPS 140-2.

<span class="mw-page-title-main">IT risk management</span>

IT risk management is the application of risk management methods to information technology in order to manage IT risk. Various methodologies exist to manage IT risks, each involving specific processes and steps.

The tables below compare cryptography libraries that deal with cryptography algorithms and have application programming interface (API) function calls to each of the supported features.

Storage security is a specialty area of security that is concerned with securing data storage systems and ecosystems and the data that resides on these systems.

FinalCode, Inc. is a multi-national software company that provides data-centric security and information rights management (IRM) to help enterprises mitigate data leakage and meet compliance requirements. FinalCode allows users to securely collaborate and share files using any communication channel, including existing Enterprise Content Management (ECM), Cloud Storage and collaboration applications.

The IBM 4767 PCIe Cryptographic Coprocessor is a hardware security module (HSM) that includes a secure cryptoprocessor implemented on a high-security, tamper resistant, programmable PCIe board. Specialized cryptographic electronics, microprocessor, memory, and random number generator housed within a tamper-responding environment provide a highly secure subsystem in which data processing and cryptography can be performed. Sensitive key material is never exposed outside the physical secure boundary in a clear format.

The IBM 4768 PCIe Cryptographic Coprocessor is a hardware security module (HSM) that includes a secure cryptoprocessor implemented on a high security, tamper resistant, programmable PCIe board. Specialized cryptographic electronics, microprocessor, memory, and random number generator housed within a tamper-responding environment provide a highly secure subsystem in which data processing and cryptography can be performed. Sensitive key material is never exposed outside the physical secure boundary in a clear format.

The IBM 4769 PCIe Cryptographic Coprocessor is a hardware security module (HSM) that includes a secure cryptoprocessor implemented on a high-security, tamper resistant, programmable PCIe board. Specialized cryptographic electronics, microprocessor, memory, and random number generator housed within a tamper-responding environment provide a highly secure subsystem in which data processing and cryptography can be performed. Sensitive key material is never exposed outside the physical secure boundary in a clear format.

References

  1. "Preview of ISO/IEC 19790:2012(en) Information technology — Security techniques — Security requirements for cryptographic modules". www.iso.org. Retrieved 2023-09-24.
  2. 1 2 "Standards - Cryptographic Module Validation Program". csrc.nist.gov. Archived from the original on 2017-11-15. Retrieved 2023-09-24.
  3. "ISO/IEC 19790:2012". ISO. Retrieved 2023-09-24.
  4. "ISO/IEC 19790:2006". ISO. Retrieved 2023-09-24.
  5. 1 2 Computer Security Division, Information Technology Laboratory (2016-10-11). "CMVP FIPS 140-3 Related References - Cryptographic Module Validation Program | CSRC | CSRC". CSRC | NIST. Retrieved 2023-09-24.
  6. stevevi (2023-06-12). "Federal Information Processing Standard (FIPS) 140 - Azure Compliance". learn.microsoft.com. Retrieved 2023-09-24.