Ver:
·
http://csrc.nist.gov/cryptval/140-2.htm
Security Requirements for
Cryptographic Modules
Security Requirements for
Cryptographic Modules
FIPS 140-2 Certification
describes US government requirements that IT products must meet for Sensitive
But Unclassified (SBU) use. The standard was published by the National
Institute of Standards and Technology (NIST), has been adopted by the
Communication Security Establishment (CSE) of Canada, and is likely to be
adopted by the financial community through the American National Standards
Institute (ANSI).
FIPS 140-2 defines the
security requirements that must be satisfied by a cryptographic module used in
a security system protecting unclassified information within IT systems. There
are four levels of security: Level 1 is the lowest and Level 4 is the highest.
These levels are intended to cover the wide range of potential applications and
environments in which cryptographic modules may be deployed. The security
requirements cover areas related to the secure design and implementation of a
cryptographic module. These areas include basic design and documentation,
module interfaces, authorized roles and services, physical security, software
security, operating system security, key management, cryptographic algorithms,
electromagnetic interference/electromagnetic compatibility (EMI/EMC), and
selftesting.
http://www.spectralogic.com/index.cfm?fuseaction=home.displayFile&DocID=1235