Difference between revisions of "FIPS 140"
(→References) |
(→Context) |
||
| Line 3: | Line 3: | ||
==Context== | ==Context== | ||
Latest version as of 2019-05-22 is [https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf FIPS 140-3], version 3. | Latest version as of 2019-05-22 is [https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf FIPS 140-3], version 3. | ||
| + | ==Comparisons== | ||
| + | In 2001, FIPS 140-2 superseded FIPS 140-1. FIPS 140-2 incorporated changes in applicable standards and technology since the development of FIPS 140-1 as well as changes that were based on comments received from the vendor, laboratory, and user communities. Though the standard was reviewed after 5 years, consensus to move forward was not achieved until publication of the 2012 revision of International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 19790 | ||
| + | |||
| + | FIPS 140-3 supersedes FIPS140-2. FIPS 140-3 aligns with ISO/IEC 19790:2012(E) and includes modifications of the Annexes that are allowed to CMVP (as a validation authority). The testing for these requirements will be in accordance with ISO/IEC 24759:2017(E), with the modifications, additions or deletions of vendor evidence and testing allowed as a validation authority under paragraph 5.2. Major changes in FIPS 140-3 are limited to the introduction of non-invasive physical requirements. | ||
| + | |||
==References== | ==References== | ||
* See wiki page [[Hardware Protection]] for a discussion of hardware versus software protection. | * See wiki page [[Hardware Protection]] for a discussion of hardware versus software protection. | ||
Revision as of 19:00, 16 February 2021
Contents
Full Title
Federal Information Processing Standard 140 Security Requirements for Cryptographic Modules.
Context
Latest version as of 2019-05-22 is FIPS 140-3, version 3.
Comparisons
In 2001, FIPS 140-2 superseded FIPS 140-1. FIPS 140-2 incorporated changes in applicable standards and technology since the development of FIPS 140-1 as well as changes that were based on comments received from the vendor, laboratory, and user communities. Though the standard was reviewed after 5 years, consensus to move forward was not achieved until publication of the 2012 revision of International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 19790
FIPS 140-3 supersedes FIPS140-2. FIPS 140-3 aligns with ISO/IEC 19790:2012(E) and includes modifications of the Annexes that are allowed to CMVP (as a validation authority). The testing for these requirements will be in accordance with ISO/IEC 24759:2017(E), with the modifications, additions or deletions of vendor evidence and testing allowed as a validation authority under paragraph 5.2. Major changes in FIPS 140-3 are limited to the introduction of non-invasive physical requirements.
References
- See wiki page Hardware Protection for a discussion of hardware versus software protection.
