Cryptographic Module Testing Laboratory

Cryptographic Module Testing Laboratory

A Cryptographic Module Testing Laboratory (CMTL) is an information technology (IT) computer security testing laboratory that is accredited to conduct cryptographic module evaluations for conformance to the FIPS 140-2 U.S. Government standard.

The National Institute of Standards and Technology (NIST) National Voluntary Laboratory Accreditation Program (NVLAP) accredits CMTLs to meet Cryptographic Module Validation Program (CMVP) standards and procedures.

CMTL requirements

These laboratories must meet the following requirements:

  • NIST Handbook 150, NVLAP Procedures and General Requirements
  • NIST Handbook 150-17 Information Technology Security Testing - Cryptographic Module Testing
    • NVLAP Specific Operations Checklist for Cryptographic Module Testing

FIPS 140-2 in relation to the Common Criteria

A CMTL can also be a Common Criteria (CC) Testing Laboratory (CCTL). The CC and FIPS 140-2 are different in the abstractness and focus of tests. FIPS 140-2 testing is against a defined cryptographic module and provides a suite of conformance tests to four FIPS 140 security levels. FIPS 140-2 describes the requirements for cryptographic modules and includes such areas as physical security, key management, self tests, roles and services, etc. The standard was initially developed in 1994 - prior to the development of the CC. The CC is an evaluation against a Protection Profile (PP), usually created by the user, or security target (ST). Typically, a PP covers a broad range of products.

  • A CC evaluation does not supersede or replace a validation to either FIPS 140-1 or FIPS 140-2. The four security levels in FIPS 140-1 and FIPS 140-2 do not map directly to specific CC EALs or to CC functional requirements. A CC certificate cannot be a substitute for a FIPS 140-1 or FIPS 140-2 certificate.

If the operational environment is a modifiable operational environment, the operating system requirements of the Common Criteria are applicable at FIPS Security Levels 2 and above.

  • FIPS 140-1 required evaluated operating systems that referenced the Trusted Computer System Evaluation Criteria (TCSEC) classes C2, B1 and B2. However, TCSEC is no longer in use and has been replaced by the Common Criteria. Consequently, FIPS 140-2 now references the Common Criteria.

External links


Wikimedia Foundation. 2010.

Игры ⚽ Поможем решить контрольную работу

Look at other dictionaries:

  • Cryptographic Module Validation Program — Logo of the Cryptographic Module Validation Program. The Cryptographic Module Validation Program (CMVP) is a joint American and Canadian security accreditation program for cryptographic modules. The program is available to any vendors who seek to …   Wikipedia

  • National Voluntary Laboratory Accreditation Program — (NVLAP) is a National Institute of Standards and Technology (NIST) program which provides an unbiased third party test and evaluation program to accredit laboratories in their respective fields to the ISO 17025 standard. NVLAP is in compliance… …   Wikipedia

  • DSA — DSA, Digital Signature Algorithm Создатель: NIST Создан: 1991 год Опубликован: 1994 год Размер ключа: закрытый: 160 256 бит, открытый: 1024 3072 бит Размер подписи: два числа по 160 256 бит Эта статья включает описан …   Википедия

  • FIPS 140-2 — The Federal Information Processing Standard (FIPS) Publication 140 2, FIPS PUB 140 2, is a U.S. government computer security standard used to accredit cryptographic modules. The title is Security Requirements for Cryptographic Modules. Initial… …   Wikipedia

  • Атака по сторонним каналам — Атака по энергопотреблению на алгоритм RSA. Левый пик соответствует операции быстрого возведения в степень без умножения, правый  с умножением, что позволяет восстановить значение обрабатываемых битов. Атака по сто …   Википедия

  • Avionics software — is embedded software with legally mandated safety and reliability concerns used in avionics. The main difference between avionic software and conventional embedded software is that the development process is required by law and is optimized for… …   Wikipedia

  • Rootkit — A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications. The term rootkit is a concatenation… …   Wikipedia

  • NUS Master Of Computing — NUS School of computing which has approximately 2,000 students and 200 staffs, was established in 1998. Its root is Department of Information Systems and Computer Science (DISCS) within the Faculty of Science. The purpose of school is to produce… …   Wikipedia

  • United States — a republic in the N Western Hemisphere comprising 48 conterminous states, the District of Columbia, and Alaska in North America, and Hawaii in the N Pacific. 267,954,767; conterminous United States, 3,022,387 sq. mi. (7,827,982 sq. km); with… …   Universalium

  • Data remanence — is the residual representation of data that remains even after attempts have been made to remove or erase the data. This residue may result from data being left intact by a nominal file deletion operation, by reformatting of storage media that… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”