FIPS PUB 140-1

FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION

1994 January 11


SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES

CATEGORY: Computer Security
SUBCATEGORY: Cryptography


U.S. DEPARTMENT OF COMMERCE, Ronald H. Brown, Secretary

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY


Foreword

The Federal Information Processing Standards Publication Series of the National Institute of Standards and Technology (NIST) is the official series of publications relating to standards and guidelines adopted and promulgated under the provisions of Section 111(d) of the Federal Property and Administrative Services Act of 1949 as amended by the Computer Security Act of 1987, Public Law 100-235. These mandates have given the Secretary of Commerce and NIST important responsibilities for improving the utilization and management of computer and related telecommunications systems in the Federal Government. The NIST, through its Computer Systems Laboratory, provides leadership, technical guidance, and coordination of Government efforts in the development of standards and guidelines in these areas.

Comments concerning Federal Information Processing Standards Publications are welcomed and should be addressed to the Director, Computer Systems Laboratory, National Institute of Standards and Technology, Gaithersburg, MD 20899.

James H. Burrows, Director
Computer Systems Laboratory

Abstract

The selective application of technological and related procedural safeguards is an important responsibility of every Federal organization in providing adequate security in its computer and telecommunication systems. This publication provides a standard to be used by Federal organizations when these organizations specify that cryptographic-based security systems are to be used to provide protection for sensitive or valuable data. Protection of a cryptographic module within a security system is necessary to maintain the confidentiality and integrity of the information protected by the module. This standard specifies the security requirements that are to be satisfied by a cryptographic module. The standard provides four increasing, qualitative levels of security intended to cover a wide range of potential applications and environments. The security requirements cover areas related to the secure design and implementation of a cryptographic module. These areas include basic design and documentation, module interfaces, authorized roles and services, physical security, software security, operating system security, key management, cryptographic algorithms, electromagnetic interference/electromagnetic compatibility (EMI/EMC), and self-testing.

Key words: computer security, telecommunication security, cryptography, cryptographic modules, Federal Information Processing Standard (FIPS).


Federal Information
Processing Standards Publication 140-1

1994 January 11

Announcing the Standard for

SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES

Federal Information Processing Standards Publications (FIPS PUBS) are issued by the National Institute of Standards and Technology (NIST) after approval by the Secretary of Commerce pursuant to Section 111(d) of the Federal Property and Administrative Services Act of 1949 as amended by the Computer Security Act of 1987, Public Law 100-235.

  1. Name of Standard. Security Requirements for Cryptographic Modules (FIPS PUB 140-1).

  2. Category of Standard. Computer Security Standard, Cryptography

  3. Explanation. This standard specifies the security requirements that are to be satisfied by a cryptographic module utilized within a security system protecting unclassified information within computer and telecommunication systems (including voice systems). The standard provides four increasing, qualitative levels of security: Level 1, Level 2, Level 3, and Level 4. These levels are intended to cover the wide range of potential applications and environments in which cryptographic modules may be employed. The security requirements cover areas related to the secure design and implementation of a cryptographic module. These areas include basic design and documentation, module interfaces, authorized roles and services, physical security, software security, operating system security, key management, cryptographic algorithms, electromagnetic interference/electromagnetic compatibility (EMI/EMC), and self-testing. This standard supersedes FIPS 140, General Security Requirements for Equipment Using the Data Encryption Standard, in its entirety.

  4. Approving Authority. Secretary of Commerce.

  5. Maintenance Agency. Department of Commerce, National Institute of Standards and Technology, (Computer Systems Laboratory).

  6. Cross Index.
    1. FIPS PUB 46-2, Data Encryption Standard.
    2. FIPS PUB 48, Guidelines on Evaluation of Techniques for Automated Personal Identification.
    3. FIPS PUB 74, Guidelines for Implementing and Using the NBS Data Encryption Standard.
    4. FIPS PUB 81, DES Modes of Operation.
    5. FIPS PUB 83, Guideline of User Authentication Techniques for Computer Network Access Control.
    6. FIPS PUB 112, Password Usage.
    7. FIPS PUB 113, Computer Data Authentication.
    8. FIPS PUB 171, Key Management Using ANSI X9.17.
    9. FIPS PUB 180, Secure Hash Standard.
    10. Special Publication 500-157, Smart Card Technology: New Methods for Computer Access Control.
    11. Special Publication 800-2, Public Key Cryptography.
    12. Federal Information Resources Management Regulations (FIRMR) subpart 201.20.303, Standards, and subpart 201.39.1002, Federal Standards.

    Other NIST publications may be applicable to the implementation and use of this standard. A list (NIST Publications List 91) of currently available computer security publications, including ordering information, can be obtained from NIST.

  7. Applicability. This standard is applicable to all Federal agencies that use cryptographic-based security systems to protect unclassified information within computer and telecommunication systems (including voice systems) that are not subject to Section 2315 of Title 10, U.S. Code, or Section 3502(2) of Title 44, U.S. Code. This standard shall be used in designing, acquiring and implementing cryptographic-based security systems within computer and telecommunication systems (including voice systems), operated by a Federal agency or by a contractor of a Federal agency or other organization that processes information (using a computer or telecommunications system) on behalf of the Federal Government to accomplish a Federal function. Federal agencies which use cryptographic-based security systems for protecting classified information may use those systems for protecting unclassified information in lieu of systems that comply with this standard. Non-Federal government organizations are encouraged to adopt and use this standard when it provides the desired security for protecting valuable or sensitive information.

  8. Applications. Cryptographic-based security systems may be utilized in various computer and telecommunication (including voice) applications (e.g., data storage, access control and personal identification, radio, facsimile, video) and in various environments (e.g., centralized computer facilities, office environments, hostile environments). The cryptographic services (e.g., encryption, authentication, digital signature, key management) provided by a cryptographic module will be based on many factors which are specific to the application and environment. The security level of a cryptographic module shall be chosen to provide a level of security appropriate for the security requirements of the application and environment in which the module is to be utilized and the security services which the module is to provide. The security requirements for a particular security level include both the security requirements specific to that level and the security requirements that apply to all modules regardless of the level. System characteristics not related to security (e.g., telecommunications interoperability) are beyond the scope of this standard.

  9. Specifications. Federal Information Processing Standard (FIPS) 140-1, Security Requirements for Cryptographic Modules (affixed).

  10. Implementations. This standard covers implementations of cryptographic modules including, but not limited to, hardware components or modules, software programs or modules, computer firmware, or any combination thereof. Cryptographic modules that are validated by NIST, or that comply with the requirements of the FIPS 140-1 implementation and FIPS 140 acquisition schedules in Section 14 of the announcement of this standard, will be considered as complying with this standard. Information about the FIPS 140-1 validation program can be obtained from the National Institute of Standards and Technology, Computer Systems Laboratory, Gaithersburg, MD 20899.

  11. FIPS Approved Security Methods. Cryptographic modules that comply with this standard shall employ cryptographic algorithms, cryptographic key generation algorithms and key distribution techniques, and authentication techniques that have been FIPS approved for protecting Federal Government unclassified information. FIPS approved cryptographic algorithms, cryptographic key generation algorithms and key distribution techniques, and authentication techniques include those that are either:

    1. specified in a Federal Information Processing Standard (FIPS), or

    2. adopted in a FIPS and specified either in an appendix to the FIPS or in a document referenced by the FIPS.

    If a cryptographic module is required to incorporate a trusted operating system, then the module shall employ trusted operating systems that have been evaluated by a NIST accredited evaluation authority and against a FIPS approved evaluation criteria.

    Information about approved cryptographic methods and approved operating system evaluation authorities and criteria can be obtained from NIST.

  12. Interpretation. Resolution of questions regarding this standard will be provided by NIST. Questions concerning the content and specifications should be addressed to: Director, Computer Systems Laboratory, ATTN: FIPS 140-1 Interpretation, National Institute of Standards and Technology, Gaithersburg, MD 20899.

  13. Export Control. Certain cryptographic devices and technical data regarding them are deemed to be defense articles (i.e., inherently military in character) and are subject to Federal government export controls as specified in Title 22, Code of Federal Regulations, Parts 120-128. Some exports of cryptographic modules conforming to this standard and technical data regarding them must comply with these Federal regulations and be licensed by the U.S. Department of State. Other exports of cryptographic modules conforming to this standard and technical data regarding them fall under the licensing authority of the Bureau of Export Administration of the U.S. Department of Commerce. The Department of Commerce is responsible for licensing cryptographic devices used for authentication, access control, proprietary software, automatic teller machines (ATMs), and certain devices used in other equipment and software. For advice concerning which agency has licensing authority for a particular cryptographic device, please contact the respective agencies.

  14. Implementation Schedule. Figure 1 summarizes the implementation schedule for FIPS 140-1. The effective date of this standard is June 30, 1994.

    From approval of FIPS 140-1 to its effective date, agencies may purchase equipment with FIPS 140-1 cryptographic modules that have been affirmed in writing from the manufacturer as complying with this standard. From June 30, 1994 until six months after the establishment of the FIPS 140-1 validation program by NIST, agencies that have determined a need for equipment with cryptographic modules shall purchase equipment with FIPS 140-1 cryptographic modules that have been affirmed in writing by the manufacturer as complying with this standard. A copy of the written affirmation shall have been sent to the Director, Computer Systems Laboratory, National Institute of Standards and Technology, Gaithersburg, MD 20899.

    Figure 1. FIPS 140-1 Implementation Schedule

    For a one year period following the six months after the establishment of the FIPS 140-1 validation program, agencies shall purchase either equipment with validated FIPS 140-1 cryptographic modules, or equipment whose cryptographic modules have been submitted for FIPS 140-1 validation. After this period, only FIPS 140-1 validated cryptographic modules will be considered as meeting the provisions of this standard.

    Figure 2 summarizes the schedule for acquisition of FIPS 140 compliant equipment. For up to three years following June 30, 1994, equipment with cryptographic modules complying to FIPS 140, General Security Requirements for Equipment Using the Data Encryption Standard (formerly Federal Standard 1027), may be purchased in lieu of equipment with modules that comply with this standard. These modules either shall have been endorsed by the National Security Agency (NSA) as complying to Federal Standard 1027, or shall be affirmed in writing by the manufacturer as complying to FIPS 140. NSA endorsed modules shall have been endorsed prior to January 11, 1994. A list of endorsed products (NSA Endorsed Data Encryption Standard (DES) Products List) is available from the NSA. For modules affirmed by the manufacturer as complying with FIPS 140, a copy of the written affirmation shall have been sent by the manufacturer to the Director of the Computer Systems Laboratory at NIST prior to June 30, 1994. A list of these modules is available from NIST.

    Equipment purchased under the above conditions may continue to be used for the lifetime of the equipment without the need for further affirmation or validation for conformance to this standard.

    Figure 2. FIPS 140 Schedule for Acquisition of Validated Products

  15. Qualifications. The security requirements specified in this standard are based upon information provided by many sources within the Federal government and private industry. The requirements are designed to protect against adversaries mounting cost-effective attacks on unclassified government or commercial data (e.g., hackers, organized crime, economic competitors). The primary goal in designing an effective security system is to make the cost of any attack greater than the possible payoff.

    While the security requirements specified in this standard are intended to maintain the security of a cryptographic module, conformance to this standard does not guarantee that a particular module is secure. It is the responsibility of the manufacturer of a cryptographic module to build the module in a secure manner.

    Similarly, the use of a cryptographic module that conforms to this standard in an overall system does not guarantee the security of the overall system. The responsible authority in each agency shall assure that an overall system provides an acceptable level of security.

    Since a standard of this nature must be flexible enough to adapt to advancements and innovations in science and technology, this standard will be reviewed every 5 years in order to consider new or revised requirements that may be needed to meet technological and economic changes.

  16. Waiver Procedure. Under certain exceptional circumstances, the heads of Federal agencies may approve waivers to Federal Information Processing Standards (FIPS). The head of such agency may redelegate such authority only to a senior official designated pursuant to Section 3506(b) of Title 44, U.S. Code. Waivers shall be granted only when:

    1. Compliance with a standard would adversely affect the accomplishment of the mission of an operator of a Federal computer system, or

    2. cause a major adverse financial impact on the operator which is not offset by Government-wide savings.

    Agency heads may act upon a written waiver request containing the information detailed above. Agency heads may also act without a written waiver request when they determine that conditions for meeting the standard cannot be met. Agency heads may approve waivers only by a written decision which explains the basis on which the agency head made the required finding(s). A copy of each such decision, with procurement sensitive or classified portions clearly identified, shall be sent to: National Institute of Standards and Technology; ATTN: FIPS Waiver Decisions, Technology Building, Room B-154; Gaithersburg, MD 20899.

    In addition, notice of each waiver granted and each delegation of authority to approve waivers shall be sent promptly to the Committee on Government Operations of the House of Representatives and the Committee on Government Affairs of the Senate and shall be published promptly in the Federal Register.

    When the determination on a waiver applies to the procurement of equipment and/or services, a notice of the waiver determination must be published in the Commerce Business Daily as a part of the notice of solicitation for offers of an acquisition or, if the waiver determination is made after that notice is published, by amendment to such notice.

    A copy of the waiver, any supporting documents, the document approving the waiver and any supporting and accompanying documents, with such deletions as the agency is authorized and decides to make under Section 552(b) of Title 5, U.S. Code, shall be part of the procurement documentation and retained by the agency.

  17. Where to obtain copies. Copies of this publication are available for sale by the National Technical Information Service, U.S. Department of Commerce, Springfield, VA 22161. When ordering, refer to Federal Information Processing Standards Publication 140-1 (FIPS PUB 140-1), and title. When microfiche is desired, this should be specified. Payment may be made by check, money order, credit card, or deposit account.


Federal Information
Processing Standards Publication 140-1

1994 January 11

Specifications for the

SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES

  1. OVERVIEW
  2. DEFINITIONS AND ACRONYMS
  3. FUNCTIONAL SECURITY OBJECTIVES

  4. SECURITY REQUIREMENTS