This page contains resources referenced in the FIPS 140-3 Management Manual
It is possible, under certain conditions, for a vendor to list multiple hardware modules under the same certificate. Some of the conditions are defined by the equivalency categories based on the technologies types and difference between the modules within the equivalency categories.
For more information regarding equivalency categories and testing level scenarios/categories and usage of the equivalency regression test table presented below, refer to the Management Manual and the Equivalence Categories.
AS |
TE |
Memory/Storage Devices |
I/O Ports |
Field Replaceable and Stationary Accessories |
Programmable Logic devices |
Section 6.2 Cryptographic Module Specification |
|||||
AS.02.19 |
TE.02.19.02 |
X |
X |
X |
X |
Section 6.3 Cryptographic Module Interfaces |
|||||
AS.03.07 |
TE.03.07.02 |
X |
X |
|
X |
TE.03.07.04 |
X |
X |
X |
X |
|
AS.03.14 |
TE.03.14.03 |
|
X |
|
X |
AS.03.18 |
TE.03.18.02 |
|
X |
|
|
AS.03.19 |
TE.03.19.02 |
|
X |
|
|
Section 6.4 Role, Services, and Authentication |
|||||
AS.04.03 |
TE.04.03.01 |
|
|
|
X |
AS.04.11 |
TE.04.11.02 |
|
|
|
X |
AS.04.19 |
TE.04.19.03 |
|
|
|
X |
AS.04.20 |
TE.04.20.03 |
|
|
|
X |
AS.04.44 |
TE.04.44.02 |
X |
|
|
|
Section 6.5 Software/Firmware security |
|||||
AS.05.06 |
TE.05.06.06 |
X |
|
|
|
Section 6.6 Operational Environment |
|||||
AS.06.08 |
TE.06.08.02 |
X |
|
|
|
Section 6.7 Physical Security |
|||||
Not Applicable |
|||||
Section 6.8 Non-Invasive Security |
|||||
Not Applicable |
|||||
Section 6.9 Sensitive Security Parameter Management |
|||||
AS.09.01 |
TE.09.01.02 TE.09.01.03 |
X |
|
|
X |
AS.09.02 |
TE.09.02.02 |
X |
|
|
|
AS.09.16 |
TE.09.16.03 |
|
|
|
X |
AS.09.28 |
TE.09.28.02 |
X |
X |
|
X |
Section 6.10 Self Tests |
|||||
AS.10.07 |
TE.10.07.05 |
X |
|
X |
X |
Section 6.11 Life-Cycle Assurance |
|||||
AS.11.08 |
TE.11.08.09 |
X |
X |
|
X |
AS.11.32 |
TE.11.32.02 |
X |
|
|
|
Section 6.12 Mitigation of Other Attacks |
|||||
Not Applicable |
Memory/Storage Devices Table |
Field Replaceable and Stationary Accessories Table |
Interface (I/O Ports)Table |
Programmable Logic Device Table |
The types of the hardware module categories within the scope of this guidance are Memory/Storage Devices, Field Replaceable and Stationary Accessories, Interfaces (I/O ports), and Programmable Logic Devices. In this document and the Management Manual section 7.7, they are referred to as Equivalency Category X, where X can be Memory/Storage Devices, Field Replaceable and Stationary Accessories, Interfaces (I/O ports), or Programmable Logic Devices. The tables below provide details and examples for each Equivalence Category.
Memory/Storage Devices |
|||||||
# |
Component Examples |
Difference Type |
Example |
FIPS 140 Security Relevant? Justification |
IG Requirements |
Equivalence Testing/ Effort |
Comments/Concerns |
1 |
Hard Disk Drive (HDD[i]) |
Capacity differences |
500GB SATA hard drive vs. 1TB SATA hard drive |
No. Platter count, which only affects capacity, is not security relevant. |
AO |
Bill of Materials information is sufficient to document the difference. |
|
2 |
Technology differences |
|
No. Advancements in magnetic recording technology is not security relevant. |
AO |
Bill of Materials information is sufficient to document the difference. |
|
|
3 |
Format differences |
|
No. HDD formatting is not security relevant. |
AO |
Bill of Materials information is sufficient to document the difference. |
|
|
4 |
Hard Disk Drive (HDD) or Solid State Drive (SSD) |
Technology differences |
256GB HDD vs. 256GB SSD
|
Yes. HDDs spread firmware and CSP data across reserved areas in NOR and NAND flash as well as magnetic media. SSDs utilize NOR and NAND flash devices. |
CRT |
Test for all assurances listed within Revalidation Regression Test Table |
|
5 |
Security Architecture |
TCG Enterprise, TCG Opal, TCG Ruby, ATA Security Feature Set, etc. |
Yes. TCG Enterprise, Opal and Ruby have different security architectures. |
CRT |
Test for all assurances listed within Revalidation Regression Test Table |
|
|
6 |
Solid State Memory Device |
Technology differences |
NAND vs. NOR Flash. |
Yes. Read and write, implementations differ across technology types. |
RT |
See Equivalency Regression Test Table |
Zeroization at the very least must be tested for each technology type. |
7 |
Solid State Drive (SSD) |
Technology differences |
|
Yes. Embedded controller and bus structure are different. Software drivers are different. |
CRT |
Test for all assurances listed Revalidation Regression Test Table |
Zeroization definitely must be tested for each technology type. |
8 |
Capacity difference |
4TB device vs. 12TB device |
No. The quantity of NAND flash within the device to store user data is not security relevant |
AO |
Bill of Materials information is sufficient to document the difference. |
|
|
9 |
Solid State Memory Device |
Technology difference & size difference |
BiCS3 NAND vs. BiCS4 NAND |
No. BiCS3 devices contain 64 layers while BiCS4 devices contain 96 layers. The increased layer count only adds capacity and therefore is not security relevant. |
AO |
Bill of Materials information is sufficient to document the difference. |
|
10 |
DRAM[ii] |
Technology & Size differences |
|
No.
|
AO |
Bill of Materials information is sufficient to document the difference (no need for physical access to device) |
|
11 |
MRAM[iii] |
Technology & Size differences |
Conventional vs Spin-transfer Torque (STT) |
No. Memory cell technology difference does not affect cryptographic calculations. |
AO |
Bill of Materials (no need for physical access to device) |
|
12 |
NAND[iv] Flash |
Technology & Size differences |
|
Need to assure that zeroization or other security services complete. |
RT |
See Equivalency Regression Test Table |
If a justification is found to support an assertion that NAND memory cell technological differences affect cryptographic calculations the testing requirements should be upgraded from RT to CRT. |
13 |
Capacity differences |
8GB vs 64GB
|
No. Capacity does not affect cryptographic calculations. |
AO |
Bill of Materials (no need for physical access to device) |
|
|
14 |
NOR[v] Flash |
Technology & Size differences |
Serial vs. Parallel Interface 256Mb vs 1GB |
No.
|
AO |
Bill of Materials (no need for physical access to device) |
|
15 |
Optical Disk Drive[vi] |
Technology & Size differences |
CD, DVD, Blu-ray, etc. |
No. Technology and capacity do not affect cryptographic calculations. |
AO |
Bill of Materials (no need for physical access to device) |
|
16 |
ROM[vii] |
Technology differences |
Mask ROM vs. EPROM vs. PROM vs. EEPROM, etc. |
Yes if,
|
CRT |
Test for all assurances listed within Revalidation Regression Test Table |
Need to assure that the contents of the Masked ROM and any EPROM type are identical |
17 |
Image difference |
Non-identical bit maps |
Yes if,
|
CRT |
Test for all assurances listed within Revalidation Regression Test Table |
|
|
18 |
Size difference or bus width |
|
Yes if,
|
CRT |
Test for all assurances listed within Revalidation Regression Test Table |
|
|
19 |
Technology difference, image difference, capacity difference or bus width difference |
|
No if,
|
AO |
Bill of Materials (no need for physical access to device) |
The vendor must provide evidence that proves the lack of linkage between the ROM device and FIPS 140-3 security functions. |
|
20 |
Magnetic Tape[viii] Drive |
Format, Technology & Size differences |
|
No. Technology and capacity do not affect cryptographic calculations. |
AO |
Bill of Materials (no need for physical access to device) |
|
21 |
USB Flash Drive |
Size differences |
4TB device vs. 12TB device |
No. Capacity does not affect cryptographic calculations. |
AO |
Bill of Materials (no need for physical access to device) |
|
22 |
Technology difference |
Internal microcontroller based on a different CPU core. |
Yes. Different CPU cores affect cryptographic calculations. |
CRT |
Test for all assurances listed within Revalidation Regression Test Table |
|
[i] A data storage device that uses magnetic storage to store and retrieve digital information using one or more rigid rapidly rotating disks (platters) coated with magnetic material.
[ii] Dynamic random-access memory (DRAM) is a type of random access semiconductor memory that stores each bit of data in a separate tiny capacitor within an integrated circuit. The capacitor can either be charged or discharged; these two states are taken to represent the two values of a bit, conventionally called 0 and 1.
[iii] Magnetoresistive random-access memory (MRAM) is a non-volatile random-access memory technology. Unlike conventional RAM chip technologies, data in MRAM is not stored as electric charge or current flows, but by magnetic storage elements.
[iv] In flash memory, each memory cell resembles a standard MOSFET, except that the transistor has two gates instead of one. On top is the control gate, as in other MOS transistors, but below this there is a floating gate, which is insulated all around by an oxide layer. The floating-gate transistors in NAND flash are connected in a way that resembles a NAND gate. Several transistors are connected in series, and the bit line is pulled low only if all the word lines are pulled high.
[v] In NOR flash, each cell has one end connected directly to ground, and the other end connected directly to a bit line. This arrangement is called "NOR flash" because it acts like a NOR gate. When one of the word lines, connected to the cell's control gate is pulled high, the corresponding storage transistor acts to pull the output bit line low.
[vi] Optical storage is the storage of data on an optically readable medium. Data is recorded by making marks in a pattern that can be read back with the aid of light, usually a beam of laser light precisely focused on a spinning optical disc. Common examples include Blu-ray, DVD and CD.
[vii] Strictly, read-only memory refers to memory that is hard-wired, such as diode matrix and the later mask ROM (MROM), which cannot be changed after manufacture.
[viii] A tape drive is a data storage device that reads and writes data on a magnetic tape. Magnetic tape data storage is typically used for offline, archival data storage.
Field Replaceable and Stationary Accessories (FR & SA). |
|||||||
# |
Component Examples |
Difference Type |
Example |
FIPS 140 Security Relevant? Justification |
IG Requirements |
Equivalence Testing/Justification Effort |
Comments/Concerns |
1 |
Fans[i] |
Fans (size/number/positioning) |
1U vs. 2U sized fans. One vs multiple fans |
No. |
AO |
Bill of Materials (no need for physical access to device) |
|
2 |
Power Supply[ii] |
|
Power and power supplies are easily identifiable |
Yes. We need to assure that the module powers up. |
RT |
Bill of Materials and demonstrate that the module powers up and completes the power-up self-test |
|
3 |
Different number of power supplies |
Single vs. multiple power supplies |
Yes. We need to assure that the module powers up. |
RT |
Bill of Materials and demonstrate that the module powers up and completes the power-up self-test |
|
[i] A mechanical fan is an electrically powered machine used to create a flow within a fluid, such as air. Fans consist of a rotating arrangement of vanes or blades which act on the air.
[ii] A power supply is an electrical device that supplies electric power to an electrical load. The primary function of a power supply is to convert electric current from a source to the correct voltage, current, and frequency to power the load.
Interface (I/O Ports) |
|||||||
# |
Component Examples |
Difference Type |
Example |
FIPS 140 Security Relevant? Justification |
IG Requirements |
Equivalence Testing/Justification Effort |
Comments/Concerns |
1 |
Port Card |
Fewer or more ports of the same type |
The 8-port variant of a 16-port assembly that uses the same PCB layout and surface mount devices, but without the extra riser card or with some depopulated circuits |
No. |
AO |
Bill of Materials (no need for physical access to device) |
|
2 |
Similar interface technology but the same firmware drivers |
A 10/100 Ethernet port card versus a 1GbE port card that utilize the same firmware drivers. |
No, if source code analysis assures that the drivers do not differ with port type. |
AO |
Bill of Materials (no need for physical access to device) |
|
|
3 |
Similar interface technology but different firmware drivers |
A 10/100 Ethernet port card versus a 1GbE port card that utilize different firmware drivers. |
Yes, if the source code analysis shows that the firmware driver differences introduce vulnerabilities. |
RT |
See Equivalency Regression Test Table |
|
|
4 |
Different interface technology |
Fiber channel vs. Ethernet |
Yes. |
RT |
See Equivalency Regression Test Table |
Subset testing on equivalent products to assure the exercising of all driver code. |
|
5 |
Line Card |
Different number of line-card slots that support the same non-crypto/non-security relevant technology. |
|
No. |
AO |
Bill of Materials (no need for physical access to device) |
Test on one variant of the multi-slot device and apply equivalency on other variants of chassis with different number of slots. |
6 |
Different combination of line-cards that include different security relevant technology. |
|
Yes. |
RT |
See Equivalency Regression Test Table |
Test on one combination of all possible line-cards/blades that incorporate crypto/security relevant technology and apply equivalency on any combination of the tested line-cards/blades. |
|
7 |
DVI[i] |
Different port count |
Single port vs dual port computers. |
No. Physical interface/layer has no security relevance |
AO |
Bill of Materials and/or schematics. No need for physical access to all devices. Test on one variant and apply equivalency to other variants. |
High-bandwidth Digital Content Protection (HDCP) is a form of digital copy protection that could introduce encryption |
8 |
Port Types |
Data rate difference |
Multi-port vs single port modules 10 GB vs 100 GB port blades |
No. Physical interface/layer has no security relevance |
AO |
Bill of Materials and/or schematics. No need for physical access to all devices |
Test on one variant and apply equivalency to other variants. |
9 |
Fiber optic[xiv] |
Single mode vs multi-mode and data rate or port count differences |
|
No. Physical interface/layer has no security relevance |
AO |
Bill of Materials and/or schematics. No need for physical access to all devices. Test on one variant and apply equivalency to other variants. |
Test on one variant and apply equivalency to other variants. |
10 |
FireWire[xv] (IEEE 1394) |
Port absence or inclusion |
|
Yes, if some variants include a FireWire port and some do not. |
RT |
See Equivalency Regression Test Table |
Susceptible to DMA side channel attack. Could lead to malicious external components dumping the module’s memory to find CSPs. |
11 |
FireWire (IEEE 1394) |
Connector configuration differences. For example, 4-pin/6-pin FireWire 400, 9-pin FireWire 800 and Ethernet type 1394a connectors |
|
No. Link/physical layer differences are not security relevant |
AO |
Bill of Materials and/or schematics. No need for physical access to all devices. |
Test on one variant and apply equivalency to other variants |
12 |
USB[xvi] |
Data rate differences Connector construction differences. For example, standard type A, B or C, mini type A or B, and micro types A, B and AB. |
|
No. Physical interface/layer - no security |
AO |
Bill of Materials and/or schematics. No need for physical access to all devices. |
Test on one variant and apply equivalency to other variants |
[i] Digital Visual Interface (DVI) is a video display interface used to connect a video source, such as a video display controller, to a display device, such as a computer monitor. DVI's digital video transmission format is based on panelLink, a serial format developed by Silicon Image that utilizes a high-speed serial link called transition minimized differential signaling (TMDS).
[ii] The Enterprise & Data Center SSD Form Factor (EDSFF) is a storage form factor for use in the data center that is being developed by the EDSFF Working Group.
[iii] The e in eSATA standing for external. eSATA is a variant of SATA designed for external connectivity. It uses a more robust connector, longer shielded cables, and stricter, but backward-compatible, electrical standards. The protocol and logical signaling in the link layer, transport layer and above are identical to internal SATA.
[iv] Ethernet is a family of computer networking technologies commonly used in local area networks (LAN), metropolitan area networks (MAN) and wide area networks (WAN).
[v] Fibre Channel over Ethernet (FCoE) is a computer network technology that encapsulates Fibre Channel frames over Ethernet networks. This allows Fibre Channel to use 10 Gigabit or higher Ethernet networks while preserving the Fibre Channel protocol.
[vi] Fibre Channel is a high-speed optical network interface primarily used to connect computer data storage to servers.
[vii] Gigabit Ethernet (GbE or 1 GigE) is a term describing various technologies for transmitting Ethernet frames at a rate of a gigabit per second (1,000,000,000 bits per second), as defined by the IEEE 802.3-2008.
[viii] InfiniBand (abbreviated IB) is a computer-networking communications standard used in high-performance computing that features very high throughput and very low latency. It is used for data interconnect both among and within computers. InfiniBand is also used as either a direct or switched interconnect between servers and storage systems, as well as an interconnect between storage systems.
[ix] M.2 (aka Next Generation Form Factor (NGFF)) is a specification for internally mounted computer expansion cards and associated connectors. It replaces the mSATA standard, which uses the PCI Express Mini Card physical card layout and connectors.
[x] U.2 is a computer interface for connecting SSDs to a computer. It uses up to four PCI Express lanes.
[xi] A computer bus interface that connects host bus adapters to mass storage devices such as hard disk drives, optical drives, and solid-state drives.
[xii] Small Computer System Interface is a set of standards for physically connecting and transferring data between computers and peripheral devices. The SCSI standards define commands, protocols, electrical and optical interfaces. SCSI is most commonly used for hard disk drives and tape drives.
[xiii] Common digital signal communication interface. For example, RS-422 provides for data transmission, using balanced, or differential, signaling, with unidirectional/non-reversible, terminated or non-terminated transmission lines, point to point, or multi-drop. In contrast to RS-485, RS-422 does not allow multiple drivers but only multiple receivers.
[xiv] Fiber-optic communication is a method of transmitting information from one place to another by sending pulses of light through an optical fiber.
[xv] IEEE 1394 is an interface standard for a serial bus for high-speed communications and isochronous real-time data transfer. It was developed in the late 1980s and early 1990s by Apple, which called it FireWire. The 1394 interface is also known by the brands i.LINK (Sony), and Lynx (Texas Instruments).
[xvi] Universal Serial Bus (USB), is an industry standard that was developed to define cables, connectors and protocols for connection, communication, and power supply between personal computers and their peripheral devices. USB was designed to standardize the connection of computer peripherals, such as keyboards, pointing devices, digital cameras, printers, portable media players, disk drives and network adapters, to personal computers. It provides a communication channel and means to supply power to peripheral devices.
Programmable Logic Device |
|||||||
# |
Component Examples |
Difference Type |
Example |
FIPS 140 Security Relevant? Justification |
IG Requirements |
Equivalence Testing/Justification Effort |
Comments/Concerns |
1 |
CPLD[i] FPGA[ii] PAL[iii] GAL[iv] |
Programming code modification For example, Verilog or VHDL. |
Yes, if the code differences affect one or more ISO/IEC 19790:2012 security sections. |
RT & FT |
Subsection of Revalidation Regression Test Table for affected ISO/IEC 19790:2012 section (e.g. Section 6), plus Equivalency Regression Test Table for the remainder of the sections |
FPGAs that incorporate a CPU, PLDs that mediate interface access and enforce logical disconnection requirements, PLDs that govern the module’s FSM or initiate the tamper responses are examples of PLDs, which implement ISO/IEC 19790:2012 security relevant items. The CST laboratory must provide a summary of the changes and rationale for mapping the code changes to ISO/IEC 19790:2012 security sections 1 to 10. |
|
2 |
Soft IP core or Hard IP core differences |
Programming code modification For example, Verilog or VHDL. |
No, if the code differences do not affect ISO/EIC 1970:2012 security relevant items. |
AO |
Bill of Materials. Consider IP core code diff review. No need for physical access to device |
The BOM should list CPLD version data. The CST laboratory must provide a summary of the changes and rationale of why the differences do not affect ISO/IEC 19790:2012 security relevant items. Reviewing externally developed IP core is impractical. |
|
3 |
Gate and Macrocell count difference |
Xilinx XC2C32A: 750 Gates & 32 macrocells Xilinx XC2C256: 6000 Gates & 256 macrocells |
No. Like memory devices, capacity is not security relevant. |
AO |
Bill of Materials. Product Datasheet |
The BOM should list the manufacture’s part number |
[i] A programmable logic device with complexity between that of PALs and FPGAs, and architectural features of both.
[ii] A field-programmable gate array (FPGA) is an integrated circuit designed to be configured by a customer or a designer after manufacturing – hence the term "field-programmable"
[iii] PAL devices have arrays of transistor cells arranged in a "fixed-OR, programmable-AND" plane used to implement "sum-of-products" binary logic equations for each of the outputs in terms of the inputs and either synchronous or asynchronous feedback from the outputs.
[iv] The generic array logic device, or GAL, has the same logical properties as the PAL but can be erased and reprogrammed
[v] Soft IP cores are typically offered as synthesizable RTL. Synthesizable cores are delivered in a hardware description language such as Verilog or VHSIC hardware description language (VHDL)
[vi] Hard cores are defined as IP cores that cannot be modified and are thus "hard", analogous to the etymology of hardware and software
Security and Privacy: cryptography, testing & validation
Technologies: hardware, software & firmware