Publications
July 19, 2023: URLs for CSRC publication details pages have changed. Legacy URLs should automatically redirect to the new URLs. However, links to the actual publications have NOT changed (e.g., DOIs and PDFs on nvlpubs.nist.gov). Please send inquiries to
csrc-inquiry@nist.gov. [12:20 pm ET - If you received "Page Not Found" errors recently, please retry accessing those files. File synchronization should now be complete.]
Withdrawn on September 26, 2018.
A Comparison of the Security Requirements for Cryptographic Modules in FIPS 140-1 and FIPS 140-2
Documentation
Date Published: June 2001
Author(s)
S. Snouffer (NIST), Annabelle Lee (NIST), Arthur Oldehoeft (NIST)
Federal agencies, industry, and the public now rely on cryptography to protect information and communications used in critical infrastructures, electronic commerce, and other application areas. Cryptographic modules are implemented in these products and systems to provide cryptographic services such as confidentiality, integrity, non-repudiation and identification and authentication. A documented methodology for conformance testing through a defined set of security requirements in FIPS 140-1 and FIPS 140-2 and other cryptographic standards is specified in the Derived Test Requirements.FIPS 140-1 is one of NIST's most successful standards and forms the very foundation of the Cryptographic Module Validation Program. FIPS 140-2 addresses lessons learned from questions and comments and reflects changes in technology. The standard was strengthened, but not changed in focus or emphasis. Also, the standard was minimally restructured to: standardize the language and terminology to add clarity and consistency; remove redundant and extraneous information to make the standard more concise; and revise or remove vague requirements. Finally, a new section was added detailing new types of attacks on cryptographic modules that currently do not have specific testing available. This differences paper summarizes the changes from FIPS 140-1 to FIPS 140-2 and documents the detailed requirements.
Federal agencies, industry, and the public now rely on cryptography to protect information and communications used in critical infrastructures, electronic commerce, and other application areas. Cryptographic modules are implemented in these products and systems to provide cryptographic services such...
See full abstract
Federal agencies, industry, and the public now rely on cryptography to protect information and communications used in critical infrastructures, electronic commerce, and other application areas. Cryptographic modules are implemented in these products and systems to provide cryptographic services such as confidentiality, integrity, non-repudiation and identification and authentication. A documented methodology for conformance testing through a defined set of security requirements in FIPS 140-1 and FIPS 140-2 and other cryptographic standards is specified in the Derived Test Requirements.FIPS 140-1 is one of NIST's most successful standards and forms the very foundation of the Cryptographic Module Validation Program. FIPS 140-2 addresses lessons learned from questions and comments and reflects changes in technology. The standard was strengthened, but not changed in focus or emphasis. Also, the standard was minimally restructured to: standardize the language and terminology to add clarity and consistency; remove redundant and extraneous information to make the standard more concise; and revise or remove vague requirements. Finally, a new section was added detailing new types of attacks on cryptographic modules that currently do not have specific testing available. This differences paper summarizes the changes from FIPS 140-1 to FIPS 140-2 and documents the detailed requirements.
Hide full abstract
Keywords
Cryptographic modules; cryptography; cryptography security requirements; FIPS PUB 140-1; FIPS PUB 140-2
Control Families
System and Communications Protection