U.S. Department of Commerce
Cheryl L. Shavers, Under Secretary for Technology
Raymond G. Kammer, Director
The Federal Information Processing Standards Publication Series of the National Institute of Standards and Technology (NIST) is the official series of publications relating to standards and guidelines adopted and promulgated under the provisions of Section 5131 of the Information Technology Management Reform Act of 1996 (Public Law 104-106) and the Computer Security Act of 1987 (Public Law 100-235). These mandates have given the Secretary of Commerce and NIST important responsibilities for improving the utilization and management of computer and related telecommunications systems in the Federal government. The NIST, through its Information Technology Laboratory, provides leadership, technical guidance, and coordination of government efforts in the development of standards and guidelines in these areas.
National Institute of Standards U.S. Government Printing Office For Sale by the National
Processing Standards Publication 140-2
1999 MONTH DAY
Announcing the Standard for
SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES
Federal Information Processing Standards Publications (FIPS PUBS) are issued by the National Institute of Standards and Technology (NIST) after approval by the Secretary of Commerce pursuant to Section 5131 of the Information Technology Management Reform Act of 1996 (Public Law 104-106) and the Computer Security Act of 1987 (Public Law 100-235).
Name of Standard. Security Requirements for Cryptographic Modules (FIPS PUB 140-2).
Category of Standard. Computer Security Standard, Cryptography.
This standard specifies the security requirements that are to be satisfied by a cryptographic module utilized within a security system protecting sensitive information. The standard provides four increasing, qualitative levels of security: Level 1, Level 2, Level 3, and Level 4. These levels are intended to cover the wide range of potential applications and environments in which cryptographic modules may be employed. The security requirements cover areas related to the secure design and implementation of a cryptographic module. These areas include cryptographic module specification, cryptographic module interfaces; roles, services, and authentication; finite state machine model; physical security; operating system security; cryptographic key management; electromagnetic interference/electromagnetic compatibility (EMI/EMC); self-tests; design assurance; and mitigation of other attacks. This standard supersedes FIPS 140-1, Security Requirements for Cryptographic Modules
, in its entirety.
The Cryptographic Module Validation Program (CMVP) validates cryptographic modules to Federal Information Processing Standard (FIPS) 140-2 and other cryptography based standards. The CMVP is a joint effort between NIST and the Communications Security Establishment (CSE) of the Government of Canada. Products validated as conforming to FIPS 140-2 are accepted by the Federal agencies of both countries for the protection of sensitive information (United States) or Designated Information (Canada). The goal of the CMVP is to promote the use of validated products and provide Federal agencies with a security metric to use in procuring equipment containing cryptographic modules.
In the CMVP, vendors of cryptographic modules use independent, accredited testing laboratories to have their modules tested. There are several National Voluntary Laboratory Accreditation Program (NVLAP) accredited laboratories that perform FIPS 140-2 compliance testing, located in the U.S. and in Canada.
5. Maintenance Agency.
Approving Authority. Secretary of Commerce.
Department of Commerce, National Institute of Standards and Technology, Information Technology Laboratory (ITL).
FIPS PUB 46-3, Data Encryption Standard.
FIPS PUB 74, Guidelines for Implementing and Using the NBS Data Encryption Standard.
FIPS PUB 81, DES Modes of Operation.
FIPS PUB 112, Password Usage.
FIPS PUB 113, Computer Data Authentication.
FIPS PUB 171, Key Management Using ANSI X9.17.
FIPS PUB 180-1, Secure Hash Standard.
FIPS PUB 186-2, Digital Signature Standard
Special Publication 800 2, Public Key Cryptography.
Other NIST publications may be applicable to the implementation and use of this standard. A list (NIST Publications List 91) of currently available computer security publications, including ordering information, can be obtained from NIST.
This standard is applicable to all Federal agencies that use cryptographic-based security systems to protect sensitive information in computer and telecommunication systems (including voice systems) as defined in Section 5131 of the Information Technology Management Reform Act of 1996, Public Law 104-106. This standard shall be used in designing and implementing cryptographic-based security systems that Federal departments and agencies operate or are operated for them under contract. Federal agencies, that use cryptographic-based security systems for protecting classified information, may use those systems for protecting unclassified information in lieu of systems that comply with this standard. Adoption and use of this standard is available to private and commercial organizations.
Cryptographic-based security systems may be utilized in various computer and telecommunication applications (e.g., data storage, access control and personal identification, network communications
, radio, facsimile, and video) and in various environments (e.g., centralized computer facilities, office environments, and hostile environments). The cryptographic services (e.g., encryption, authentication, digital signature, and key management) provided by a cryptographic module will be based on many factors that are specific to the application and environment. The security level of a cryptographic module shall be chosen to provide a level of security appropriate for the security requirements of the application and environment in which the module is to be utilized and the security services that the module is to provide. The security requirements for a particular security level include both the security requirements specific to that level and the security requirements that apply to all modules regardless of the level.
Federal Information Processing Standard (FIPS) 140-2, Security Requirements for Cryptographic Modules (affixed).
This standard covers implementations of cryptographic modules including
, but not limited to, hardware components or modules, software programs or modules, computer firmware, or any combination thereof. Cryptographic modules that are validated under the CMVP will be considered as complying with this standard. Information about the CMVP can be obtained from the National Institute of Standards and Technology, Information Technology Laboratory, 100 Bureau Drive, Stop 8900, Gaithersburg, MD 20899-8900.
11. Approved Security Functions.
Cryptographic modules that comply with this standard shall employ cryptographic algorithms, cryptographic key generation algorithms and key management techniques, and authentication techniques that have been approved for protecting Federal government sensitive information. Approved cryptographic algorithms and techniques include those that are either:
specified in a Federal Information Processing Standard (FIPS), or
adopted in a FIPS and specified either in an appendix to the FIPS or in a document referenced by the FIPS.
If a cryptographic module is required to incorporate a trusted operating system, then the module shall employ trusted operating systems that have been evaluated by an accredited evaluation authority.
Resolution of questions regarding this standard will be provided by NIST. Questions concerning the content and specifications should be addressed to: Director, Information Technology Laboratory, ATTN: FIPS 140-2 Interpretation
, National Institute of Standards and Technology, 100 Bureau Drive, Stop 8900, Gaithersburg, MD 20899-8900.
13. Export Control.
Certain cryptographic devices and technical data regarding them are subject to Federal export controls and exports of cryptographic modules implementing this standard and technical data regarding them must comply with these Federal regulations and be licensed by the Bureau of Export Administration of the U.S. Department of Commerce. Applicable Federal government export controls are specified in Title 15, Code of Federal Regulations (CFR) Part 740.17; Title 15, CFR Part 742; and Title 15, CFR Part 774, Category 5, Part 2.
14. Implementation Schedule.
This standard becomes effective six months after approval by the Secretary of Commerce. A transition period from MONTH DAY, YEAR
until six months after the effective date is provided to enable all agencies to develop plans for the acquisition of products that are compliant with FIPS 140-2. Agencies may retain and use FIPS 140-1 validated products that have been purchased before the end of the transition period. After the transition period, modules will no longer be tested against the FIPS 140-1 requirements. Figure 1 summarizes the FIPS 140-2 implementation schedule.
FIPS 140-1 FIPS 140-2
APPROVAL DATE OF FIPS 140-2
EFFECTIVE DATE OF FIPS 140-2
(6 months after approval date)
TRANSITION PERIOD TO FIPS 140-2
(6 months after effective date)
Figure 1. FIPS 140-2 Implementation Schedule
The security requirements specified in this standard are based upon information provided by many sources within the Federal government and private industry. The requirements are designed to protect against adversaries mounting cost-effective attacks on sensitive government or commercial data (e.g., hackers, organized crime
, and economic competitors). The primary goal in designing an effective security system is to make the cost of any attack greater than the possible payoff.
While the security requirements specified in this standard are intended to maintain the security of a cryptographic module, conformance to this standard does not guarantee that a particular module is secure. It is the responsibility of the manufacturer of a cryptographic module to build the module in a secure manner.
Similarly, the use of a cryptographic module that conforms to this standard in an overall system does not guarantee the security of the overall system. The responsible authority in each agency shall assure that an overall system provides an acceptable level of security.
Since a standard of this nature must be flexible enough to adapt to advancements and innovations in science and technology, this standard will be reviewed every five years in order to consider new or revised requirements that may be needed to meet technological and economic changes.
16. Waiver Procedure.
Under certain exceptional circumstances, the heads of Federal agencies, or their delegates, may approve waivers to Federal Information Processing Standards (FIPS). The heads of such agencies may redelegate such authority only to a senior official designated pursuant to Section 3506(b) of Title 44, U.S. Code. Waivers shall be granted only when compliance with a standard would
adversely affect the accomplishment of the mission of an operator of Federal computer system or
cause a major adverse financial impact on the operator that is not offset by government-wide savings.
Agency heads may act upon a written waiver request containing the information detailed above. Agency heads may also act without a written waiver request when they determine which conditions for meeting the standard cannot be met. Agency heads may approve waivers only by a written decision that explains the basis on which the agency head made the required finding(s). A copy of each such decision, with procurement sensitive or classified portions clearly identified, shall be sent to: National Institute of Standards and Technology; ATTN: FIPS Waiver Decision, Information Technology Laboratory, 100 Bureau Drive, Stop 8900, Gaithersburg, MD 20899-8900.
, notice of each waiver granted and each delegation of authority to approve waivers shall be sent promptly to the Committee on Government Operations of the House of Representatives and the Committee on Government Affairs of the Senate and shall be published promptly in the Federal Register
When the determination on a waiver applies to the procurement of equipment and/or services, a notice of the waiver determination must be published in the Commerce Business Daily
as a part of the notice of solicitation for offers of an acquisition or, if the waiver determination is made after that notice is published
, by amendment to such notice.
A copy of the waiver, any supporting documents, the document approving the waiver and any supporting and accompanying documents, with such deletions as the agency is authorized and decides to make under Section 552(b) of Title 5, U.S. Code, shall be part of the procurement documentation and retained by the agency.
Where to obtain copies. Copies of this publication are available for sale by the National Technical
Information Service, U.S. Department of Commerce, Springfield, VA 22161. When ordering
, refer to Federal Information Processing Standards Publication 140-2 (FIPSPUB1402) and identify the title. When microfiche is desired, this should be specified. Prices are published by NTIS in current catalogs and other issuances. Payment may be made by check, money order, deposit account, or charged to a credit card accepted by NTIS.
TABLE OF CONTENTS
1. OVERVIEW 1
1.1 Security Level 1 1
1.2 Security Level 2 2
1.3 Security Level 3 2
1.4Security Level 4 3
2. GLOSSARY OF TERMS AND ACRONYMS 4
2.1 Glossary of Terms 4
2.2 Acronyms 8
3. FUNCTIONAL SECURITY OBJECTIVES 10
4. SECURITY REQUIREMENTS 11
4.1 Cryptographic Module Specification 12
4.2 Cryptographic Module Interfaces 13
4.3Roles, Services, and Authentication 14
4.3.1 Roles 14
4.3.2 Services 14
4.3.3 Operator Authentication 15
4.4 Finite State Machine Model 17
4.5Physical Security 18
4.5.1General Physical Security Requirements 19
4.5.2Single-Chip Cryptographic Modules 20
4.5.3Multiple-Chip Embedded Cryptographic Modules 21
4.5.4 Multiple-Chip Standalone Cryptographic Modules 22
4.5.5 Environmental Failure Protection/Testing 23
22.214.171.124 Environmental Failure Protection Features (Alternative 1) 24
126.96.36.199 Environmental Failure Testing Procedures (Alternative 2) 24
4.6 Operating System Security 24
4.7 Cryptographic Key Management 27
4.7.1 Random and Pseudorandom Number Generators (RNG/PRNG) 28
4.7.2 Key Generation 28
4.7.3Key Exchange/Agreement 28
4.7.4 Key Entry and Output 28
4.7.5 Key Storage 29
4.7.6 Key Destruction 29
4.8 Electromagnetic Interference/Electromagnetic Compatibility (EMI/EMC) 30
4.9 Self-Tests 30
4.9.1 Power-Up Tests 30
4.9.2 Conditional Tests 32
4.10 Design Assurance 33
4.10.1Configuration Management 33
4.10.2 Delivery and Operation 34
4.10.4 Guidance Documents 36
4.10.5 Functional Testing and Test Coverage 36
4. 11 Mitigation of Other Attacks 37
APPENDIX A: SUMMARY OF DOCUMENTATION REQUIREMENTS 39
APPENDIX B: RECOMMENDED SOFTWARE DEVELOPMENT PRACTICES 44
APPENDIX C: CRYPTOGRAPHIC MODULE SECURITY POLICY 46
APPENDIX D: SELECTED BIBLIOGRAPHY 50