U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Computer Security Resource Center

Computer Security Resource Center

This is an archive
(replace .gov by .rip)
    Projects Cryptographic Module Validation Program

Cryptographic Module Validation Program CMVP

FIPS 140-3 Resources

This page contains resources referenced in the FIPS 140-3 Management Manual

It is possible, under certain conditions, for a vendor to list multiple hardware modules under the same certificate.   Some of the conditions are defined by the equivalency categories based on the technologies types and difference between the modules within the equivalency categories. 

For more information regarding equivalency categories and testing level scenarios/categories and usage of the equivalency regression test table presented below, refer to the Management Manual and the Equivalence Categories. 

Equivalency Regression Tests

AS

TE

Memory/Storage Devices

I/O Ports

Field Replaceable and Stationary Accessories

Programmable Logic devices

Section 6.2 Cryptographic Module Specification

AS.02.19

TE.02.19.02

X

X

X

X

Section 6.3 Cryptographic Module Interfaces

AS.03.07

TE.03.07.02

X

X

 

X

TE.03.07.04

X

X

X

X

AS.03.14

TE.03.14.03

 

X

 

X

AS.03.18

TE.03.18.02
(Level 3 and 4)

 

X

 

 

AS.03.19

TE.03.19.02
(Level 3 and 4)

 

X

 

 

Section 6.4 Role, Services, and Authentication

AS.04.03

TE.04.03.01

 

 

 

X

AS.04.11

TE.04.11.02

 

 

 

X

AS.04.19

TE.04.19.03

 

 

 

X

AS.04.20

TE.04.20.03

 

 

 

X

AS.04.44

TE.04.44.02

X

 

 

 

Section 6.5 Software/Firmware security

AS.05.06

TE.05.06.06

X

 

 

 

Section 6.6 Operational Environment

AS.06.08

TE.06.08.02

X

 

 

 

Section 6.7 Physical Security

Not Applicable

Section 6.8 Non-Invasive Security

Not Applicable

Section 6.9 Sensitive Security Parameter Management

AS.09.01

TE.09.01.02

TE.09.01.03

X

 

 

X

AS.09.02

TE.09.02.02

X

 

 

 

AS.09.16

TE.09.16.03

 

 

 

X

AS.09.28

TE.09.28.02

X

X

 

X

Section 6.10 Self Tests

AS.10.07

TE.10.07.05

X

 

X

X

Section 6.11 Life-Cycle Assurance

AS.11.08

TE.11.08.09

X

X

 

X

AS.11.32

TE.11.32.02

X

 

 

 

Section 6.12 Mitigation of Other Attacks

Not Applicable

Memory/Storage Devices Table

Field Replaceable and Stationary Accessories Table

Interface (I/O Ports)Table

Programmable Logic Device Table

Equivalency Review Categories

The types of the hardware module categories within the scope of this guidance are Memory/Storage Devices, Field Replaceable and Stationary Accessories, Interfaces (I/O ports), and Programmable Logic Devices.  In this document and the Management Manual section 7.7, they are referred to as Equivalency Category X, where X can be Memory/Storage Devices, Field Replaceable and Stationary Accessories, Interfaces (I/O ports), or Programmable Logic Devices.  The tables below provide details and examples for each Equivalence Category.

  • Analysis Only (AO) for Equivalency Category X
  • Required Testing (RT) for Equivalency Category X
  • Focused Testing (FT) for Equivalency Category X
  • Complete Regression Testing (CRT)

 

Important Notes:

  1. If different hardware configurations require object code that is derived from different source code (drivers), subset/equivalence testing is required for all different hardware configurations.
  2. Vendors cannot claim physical security equivalence for modules with different cryptographic boundaries.
  3. The Security Policy does not need to differentiate exactly which models were fully tested versus which were only partially tested per Equivalency IG requirements.
  4. Entropy can cut across all components (e.g., the Linux kernel’s built-in timer events from storage I/O is affected by hard disk vs. SSD, entropy might be harvested from cold memory harvesting, thus memory size can affect entropy).  The above equivalence does not hold for Entropy, and the vendor and laboratory are responsible for appropriately analyzing entropy across all “different” devices.  For example, if all devices use the same chip as a noise source, then the entropy analysis may focus only on that chip, and the dispersal of that noise/entropy throughout the product.  In addition, platter count, a filtered air atmospheres vs a sealed helium atmosphere affects turbulence within an HDD.  If the drive uses head tracking data as a noise source changes in turbulence affect the distribution of entropy data.
  5. Computational Devices are outside the scope of this equivalency analysis.  The CPU Equivalency Work Group is responsible to defining the equivalency criteria and testing requirements.  Until such time that the CPU Equivalency Work Group completes its analysis the CAVS equivalency criteria defines the operational testing requirements for modules within a validation that include computational device differences.
  6. The examples are provided in the tables below. Equivalence Categories illustrate equivalency conditions that trigger an AO, RT, FT or CRT equivalency review.  The examples do not serve as a definitive list for all past, present and future technology types.

 

Memory/Storage Devices

#

Component Examples

Difference Type

Example

FIPS 140 Security Relevant?

Justification

IG

Requirements

Equivalence Testing/ Effort

Comments/Concerns

1

Hard Disk Drive (HDD[i])

Capacity differences

500GB SATA hard drive vs. 1TB SATA hard drive

No.

Platter count, which only affects capacity, is not security relevant.

AO

Bill of Materials information is sufficient to document the difference.

 

2

Technology differences
  • Heat-assisted magnetic recording (HAMR)
  • Shingled magnetic recording (SMR)
  • Two dimensional magnetic recording (TDMR)
  • Microwave-assisted magnetic recording (MAMR)
  • Perpendicular magnetic recording (PMR)

No.

Advancements in magnetic recording technology is not security relevant.

AO

Bill of Materials information is sufficient to document the difference.

 

3

Format differences
  • 4K native (4Kn)
  • 512 native (512n)
  • 512 emulation (512e)

No.

HDD formatting is not security relevant.

AO

Bill of Materials information is sufficient to document the difference.

 

4

Hard Disk Drive (HDD) or

Solid State Drive (SSD)

Technology differences

256GB HDD vs. 256GB SSD

 

Yes.

HDDs spread firmware and CSP data across reserved areas in NOR and NAND flash as well as magnetic media.  SSDs utilize NOR and NAND flash devices.

CRT

Test for all assurances listed within Revalidation Regression Test Table

 

5

Security Architecture

TCG Enterprise, TCG Opal, TCG Ruby, ATA Security Feature Set, etc.

Yes.

TCG Enterprise, Opal and Ruby have different security architectures.

CRT

 Test for all assurances listed within Revalidation Regression Test Table

 

6

Solid State Memory Device

Technology differences

NAND vs. NOR Flash.

Yes.

Read and write, implementations differ across technology types. 

RT

See Equivalency Regression Test Table

Zeroization at the very least must be tested for each technology type.

7

Solid State Drive (SSD)

Technology differences
  • eMMC 5.1 vs. UFS 2.1 NAND flash
  • eMMC: parallel bus and half-duplex communication channel
  • UFS: serial bus and full-duplex communication channel

Yes.

Embedded controller and bus structure are different.  Software drivers are different. 

CRT

Test for all assurances listed Revalidation Regression Test Table

Zeroization definitely must be tested for each technology type.

8

Capacity difference

4TB device vs. 12TB device

No.

The quantity of NAND flash within the device to store user data is not security relevant

AO

Bill of Materials information is sufficient to document the difference.

 

9

Solid State Memory Device

Technology difference & size difference

BiCS3 NAND vs. BiCS4 NAND

No.

BiCS3 devices contain 64 layers while BiCS4 devices contain 96 layers.  The increased layer count only adds capacity and therefore is not security relevant.

AO

Bill of Materials information is sufficient to document the difference.

 

10

DRAM[ii]

Technology & Size differences
  • DRAM vs SDRAM
  • Single data rate (SDR), double data rate (DDR), DDR3 or DD4
  • 64GB vs 128GB

No. 

  • Synchronous vs asynchronous operation does not affect cryptographic calculations.
  • Clock rate does not affect cryptographic calculations.
  • Capacity does not affect cryptographic calculations.

AO

Bill of Materials information is sufficient to document the difference (no need for physical access to device)

 

11

MRAM[iii]

Technology & Size differences

Conventional vs Spin-transfer Torque (STT)

No. 

Memory cell technology difference does not affect cryptographic calculations.

AO

Bill of Materials (no need for physical access to device)

 

12

NAND[iv] Flash

Technology & Size differences
  • SLC v. MLC vs TLC NAND
  • BiCS3 vs. BiCS4 NAND

Need to assure that zeroization or other security services complete.

RT

See Equivalency Regression Test Table

If a justification is found to support an assertion that NAND memory cell technological differences affect cryptographic calculations the testing requirements should be upgraded from RT to CRT.

13

Capacity differences

8GB vs 64GB

 

No. 

Capacity does not affect cryptographic calculations.

AO

Bill of Materials (no need for physical access to device)

 

14

NOR[v] Flash

Technology & Size differences

Serial vs. Parallel Interface

256Mb vs 1GB

No. 

  • Interface type does not affect cryptographic calculations.
  • Capacity does not affect cryptographic calculations.

AO

Bill of Materials (no need for physical access to device)

 

15

Optical Disk Drive[vi]

Technology & Size differences

CD, DVD, Blu-ray, etc.

No. 

Technology and capacity do not affect cryptographic calculations.

AO

Bill of Materials (no need for physical access to device)

 

16

ROM[vii]

Technology differences

Mask ROM vs. EPROM vs. PROM vs. EEPROM, etc.

Yes if,

  • any security function accesses the ROM
  • any function executed from ROM memory affects a security function

CRT

Test for all assurances listed within Revalidation Regression Test Table

Need to assure that the contents of the Masked ROM and any EPROM type are identical

17

Image difference

Non-identical bit maps

Yes if,

  • any security function accesses the ROM
  • any function executed from ROM memory affects a security function

CRT

Test for all assurances listed within Revalidation Regression Test Table

 

18

Size difference or bus width
  • 4Mb vs 2Mb
  • 8-bit bus vs 16-bit bus

Yes if,

  • any security function accesses the ROM
  • any function executed from ROM memory affects a security function

CRT

Test for all assurances listed within Revalidation Regression Test Table

 

19

Technology difference, image difference, capacity difference or bus width difference
  • Mask ROM vs. EPROM or PROM vs. EEPROM
  • Non-identical bit maps
  • 4Mb vs 2 Mb8-bit bus vs 16-bit bus

No if,

  • no security functions are directly or indirectly affected by the ROM code.

AO

Bill of Materials (no need for physical access to device)

The vendor must provide evidence that proves the lack of linkage between the ROM device and FIPS 140-3 security functions.

20

Magnetic Tape[viii] Drive

Format, Technology & Size differences
  • Linear, linear serpentine and helical recording methods
  • 100GB vs 6TB

No. 

Technology and capacity do not affect cryptographic calculations.

AO

Bill of Materials (no need for physical access to device)

  

21

USB Flash Drive

Size differences

4TB device vs. 12TB device

No. 

Capacity does not affect cryptographic calculations.

AO

Bill of Materials (no need for physical access to device)

  

22

Technology difference

Internal microcontroller based on a different CPU core.

Yes.

Different CPU cores affect cryptographic calculations.

CRT

Test for all assurances listed within Revalidation Regression Test Table

 

 

 

[i] A data storage device that uses magnetic storage to store and retrieve digital information using one or more rigid rapidly rotating disks (platters) coated with magnetic material.

[ii] Dynamic random-access memory (DRAM) is a type of random access semiconductor memory that stores each bit of data in a separate tiny capacitor within an integrated circuit. The capacitor can either be charged or discharged; these two states are taken to represent the two values of a bit, conventionally called 0 and 1.

[iii] Magnetoresistive random-access memory (MRAM) is a non-volatile random-access memory technology.  Unlike conventional RAM chip technologies, data in MRAM is not stored as electric charge or current flows, but by magnetic storage elements.

[iv] In flash memory, each memory cell resembles a standard MOSFET, except that the transistor has two gates instead of one. On top is the control gate, as in other MOS transistors, but below this there is a floating gate, which is insulated all around by an oxide layer. The floating-gate transistors in NAND flash are connected in a way that resembles a NAND gate.  Several transistors are connected in series, and the bit line is pulled low only if all the word lines are pulled high.

[v] In NOR flash, each cell has one end connected directly to ground, and the other end connected directly to a bit line. This arrangement is called "NOR flash" because it acts like a NOR gate.  When one of the word lines, connected to the cell's control gate is pulled high, the corresponding storage transistor acts to pull the output bit line low.

[vi] Optical storage is the storage of data on an optically readable medium. Data is recorded by making marks in a pattern that can be read back with the aid of light, usually a beam of laser light precisely focused on a spinning optical disc.  Common examples include Blu-ray, DVD and CD.

[vii] Strictly, read-only memory refers to memory that is hard-wired, such as diode matrix and the later mask ROM (MROM), which cannot be changed after manufacture.

[viii] A tape drive is a data storage device that reads and writes data on a magnetic tape. Magnetic tape data storage is typically used for offline, archival data storage.

Back to Top  

 

Field Replaceable and Stationary Accessories (FR & SA).

#

Component Examples

Difference Type

Example

FIPS 140 Security Relevant?

Justification

IG

Requirements

Equivalence Testing/Justification Effort

Comments/Concerns

1

Fans[i]

Fans (size/number/positioning)

1U vs. 2U sized fans.  One vs multiple fans

No.

AO

Bill of Materials (no need for physical access to device)

 

2

Power Supply[ii]
  • AC vs. DC power supply
  • External adapter vs internal adapter.

Power and power supplies are easily identifiable

Yes.

We need to assure that the module powers up.

RT

Bill of Materials and demonstrate that the module powers up and completes the power-up self-test

 

3

Different number of power supplies

Single vs. multiple power supplies

Yes.

We need to assure that the module powers up.

RT

Bill of Materials and demonstrate that the module powers up and completes the power-up self-test

 
 

[i] A mechanical fan is an electrically powered machine used to create a flow within a fluid, such as air.  Fans consist of a rotating arrangement of vanes or blades which act on the air.

[ii] A power supply is an electrical device that supplies electric power to an electrical load. The primary function of a power supply is to convert electric current from a source to the correct voltage, current, and frequency to power the load.

Back to Top 

 

Interface (I/O Ports)

#

Component Examples

Difference Type

Example

FIPS 140 Security Relevant?

Justification

IG

Requirements

Equivalence Testing/Justification Effort

Comments/Concerns

1

Port Card

Fewer or more ports of the same type

The 8-port variant of a 16-port assembly that uses the same PCB layout and surface mount devices, but without the extra riser card or with some depopulated circuits

No.

AO

Bill of Materials (no need for physical access to device)

 

2

Similar interface technology but the same  firmware drivers

A 10/100 Ethernet port card versus a 1GbE port card that utilize the same firmware drivers.

No, if source code analysis assures that the drivers do not differ with port type.

AO

Bill of Materials (no need for physical access to device)

 

3

Similar interface technology but different  firmware drivers

A 10/100 Ethernet port card versus a 1GbE port card that utilize different firmware drivers.

Yes, if the source code analysis shows that the firmware driver differences introduce vulnerabilities.

RT

See Equivalency Regression Test Table

 

4

Different interface technology

Fiber channel vs. Ethernet

Yes.

RT

See Equivalency Regression Test Table

Subset testing on equivalent products to assure the exercising of all driver code.

5

Line Card

Different number of line-card slots that support the same non-crypto/non-security relevant technology.
  • Chassis or pizza box type product family that include various line card/blade slots. 
  • For example, the Brocade 6510 (48-port) and 6520 (96-port) fit this situation.

No.

AO

Bill of Materials (no need for physical access to device)

Test on one variant of the multi-slot device and apply equivalency on other variants of chassis with different number of slots.

6

Different combination of line-cards that include different security relevant technology.
  • Combination of line-cards or blades that incorporate cryptography or other security relevant technology.
  • For example, key managers, encryption line cards, HSMs etc. 

Yes.

RT

See Equivalency Regression Test Table

Test on one combination of all possible line-cards/blades that incorporate crypto/security relevant technology and apply equivalency on any combination of the tested line-cards/blades.

7

DVI[i]

Different port count

Single port vs dual port computers.

No.

Physical interface/layer has no security relevance

AO

Bill of Materials and/or schematics.  No need for physical access to all devices. Test on one variant and apply equivalency to other variants.

High-bandwidth Digital Content Protection (HDCP) is a form of digital copy protection that could introduce encryption

8

Port Types

Data rate difference
Port count difference

Multi-port vs single port modules

10 GB vs 100 GB port blades

No.

Physical interface/layer has no security relevance

AO

Bill of Materials and/or schematics.  No need for physical access to all devices

Test on one variant and apply equivalency to other variants.

9

Fiber optic[xiv]

Single mode vs multi-mode and data rate or port count differences

 

No.

Physical interface/layer has no security relevance

AO

Bill of Materials and/or schematics.  No need for physical access to all devices. Test on one variant and apply equivalency to other variants.

Test on one variant and apply equivalency to other variants.

10

FireWire[xv] (IEEE 1394)

Port absence or inclusion

 

Yes, if some variants include a FireWire port and some do not.

RT

See Equivalency Regression Test Table

Susceptible to DMA side channel attack.  Could lead to malicious external components dumping the module’s memory to find CSPs.

11

FireWire (IEEE 1394)

Connector configuration differences.  For example, 4-pin/6-pin FireWire 400, 9-pin FireWire 800 and Ethernet type 1394a connectors

 

No.

Link/physical layer differences are not security relevant

AO

Bill of Materials and/or schematics.  No need for physical access to all devices.

Test on one variant and apply equivalency to other variants

12

USB[xvi]

Data rate differences

Connector construction differences.  For example, standard type A, B or C, mini type A or B, and micro types A, B and AB.

 

No.

Physical interface/layer - no security

AO

Bill of Materials and/or schematics.  No need for physical access to all devices.

Test on one variant and apply equivalency to other variants
 

[i] Digital Visual Interface (DVI) is a video display interface used to connect a video source, such as a video display controller, to a display device, such as a computer monitor.  DVI's digital video transmission format is based on panelLink, a serial format developed by Silicon Image that utilizes a high-speed serial link called transition minimized differential signaling (TMDS).

[ii] The Enterprise & Data Center SSD Form Factor (EDSFF) is a storage form factor for use in the data center that is being developed by the EDSFF Working Group.

[iii] The e in eSATA standing for external.  eSATA is a variant of SATA designed for external connectivity. It uses a more robust connector, longer shielded cables, and stricter, but backward-compatible, electrical standards. The protocol and logical signaling in the link layer, transport layer and above are identical to internal SATA.

[iv] Ethernet is a family of computer networking technologies commonly used in local area networks (LAN), metropolitan area networks (MAN) and wide area networks (WAN).

[v] Fibre Channel over Ethernet (FCoE) is a computer network technology that encapsulates Fibre Channel frames over Ethernet networks. This allows Fibre Channel to use 10 Gigabit or higher Ethernet networks while preserving the Fibre Channel protocol.

[vi] Fibre Channel is a high-speed optical network interface primarily used to connect computer data storage to servers.

[vii] Gigabit Ethernet (GbE or 1 GigE) is a term describing various technologies for transmitting Ethernet frames at a rate of a gigabit per second (1,000,000,000 bits per second), as defined by the IEEE 802.3-2008.

[viii] InfiniBand (abbreviated IB) is a computer-networking communications standard used in high-performance computing that features very high throughput and very low latency. It is used for data interconnect both among and within computers. InfiniBand is also used as either a direct or switched interconnect between servers and storage systems, as well as an interconnect between storage systems.

[ix] M.2 (aka Next Generation Form Factor (NGFF)) is a specification for internally mounted computer expansion cards and associated connectors. It replaces the mSATA standard, which uses the PCI Express Mini Card physical card layout and connectors.

[x] U.2 is a computer interface for connecting SSDs to a computer. It uses up to four PCI Express lanes.

[xi] A computer bus interface that connects host bus adapters to mass storage devices such as hard disk drives, optical drives, and solid-state drives.

[xii] Small Computer System Interface is a set of standards for physically connecting and transferring data between computers and peripheral devices. The SCSI standards define commands, protocols, electrical and optical interfaces. SCSI is most commonly used for hard disk drives and tape drives.

[xiii] Common digital signal communication interface.  For example, RS-422 provides for data transmission, using balanced, or differential, signaling, with unidirectional/non-reversible, terminated or non-terminated transmission lines, point to point, or multi-drop. In contrast to RS-485, RS-422 does not allow multiple drivers but only multiple receivers.

[xiv] Fiber-optic communication is a method of transmitting information from one place to another by sending pulses of light through an optical fiber.

[xv] IEEE 1394 is an interface standard for a serial bus for high-speed communications and isochronous real-time data transfer. It was developed in the late 1980s and early 1990s by Apple, which called it FireWire. The 1394 interface is also known by the brands i.LINK (Sony), and Lynx (Texas Instruments).

[xvi] Universal Serial Bus (USB), is an industry standard that was developed to define cables, connectors and protocols for connection, communication, and power supply between personal computers and their peripheral devices.  USB was designed to standardize the connection of computer peripherals, such as keyboards, pointing devices, digital cameras, printers, portable media players, disk drives and network adapters, to personal computers.  It provides a communication channel and means to supply power to peripheral devices.

Back to Top 

 

Programmable Logic Device

#

Component Examples

Difference Type

Example

FIPS 140 Security Relevant?

Justification

IG

Requirements

Equivalence Testing/Justification Effort

Comments/Concerns

1

CPLD[i]

FPGA[ii]

PAL[iii]

GAL[iv]

Soft IP core[v] or Hard IP core[vi] differences

Programming code modification

For example, Verilog or VHDL.

Yes, if the code differences affect one or more ISO/IEC 19790:2012 security sections.

RT & FT

Subsection of Revalidation Regression Test Table  for affected ISO/IEC 19790:2012 section (e.g. Section 6), plus Equivalency Regression Test Table for the remainder of the sections

FPGAs that incorporate a CPU, PLDs that mediate interface access and enforce logical disconnection requirements, PLDs that govern the module’s FSM or initiate the tamper responses are examples of PLDs, which implement ISO/IEC 19790:2012 security relevant items.  The CST laboratory must provide a summary of the changes and rationale for mapping the code changes to ISO/IEC 19790:2012 security sections 1 to 10.   

2

Soft IP core or Hard IP core differences

Programming code modification

For example, Verilog or VHDL.

No, if the code differences do not affect ISO/EIC 1970:2012 security relevant items.

AO

Bill of Materials.

Consider IP core code diff review. 

No need for physical access to device

The BOM should list CPLD version data.

The CST laboratory must provide a summary of the changes and rationale of why the differences do not affect ISO/IEC 19790:2012 security relevant items. 

Reviewing externally developed IP core is impractical.

3

Gate and Macrocell count difference

Xilinx XC2C32A: 750 Gates & 32 macrocells

Xilinx XC2C256: 6000 Gates & 256 macrocells

No.  Like memory devices, capacity is not security relevant.

AO

Bill of Materials.

Product Datasheet

The BOM should list the manufacture’s part number
 

[i] A programmable logic device with complexity between that of PALs and FPGAs, and architectural features of both.

[ii] A field-programmable gate array (FPGA) is an integrated circuit designed to be configured by a customer or a designer after manufacturing – hence the term "field-programmable"

[iii] PAL devices have arrays of transistor cells arranged in a "fixed-OR, programmable-AND" plane used to implement "sum-of-products" binary logic equations for each of the outputs in terms of the inputs and either synchronous or asynchronous feedback from the outputs.

[iv] The generic array logic device, or GAL, has the same logical properties as the PAL but can be erased and reprogrammed

[v] Soft IP cores are typically offered as synthesizable RTL. Synthesizable cores are delivered in a hardware description language such as Verilog or VHSIC hardware description language (VHDL)

[vi] Hard cores are defined as IP cores that cannot be modified and are thus "hard", analogous to the etymology of hardware and software

Back to Top 

 

Not Available

 

Contacts

Beverly Trapnell - NIST CMVP Program Manager
cmvp@nist.gov

Carolyn French - CCCS CMVP Program Manager
CMVP@cyber.gc.ca

Topics

Security and Privacy: cryptography, testing & validation

Technologies: hardware, software & firmware

Created October 11, 2016, Updated November 17, 2021