ISO/IEC 19790 explained

ISO/IEC 19790 is an ISO/IEC standard for security requirements for cryptographic modules. It addresses a wide range of issues regarding their implementation, including specifications, interface definitions, authentication, operational and physical security, configuration management, testing, and life-cycle management.[1] The first version of ISO/IEC 19790 was derived from the U.S. government computer security standard FIPS 140-2, Security Requirements for Cryptographic Modules.[2]

, the current version of the standard is ISO/IEC 19790:2012.[3] This replaces a previous version, ISO/IEC 19790:2006, which is now obsolete.[4]

Use of ISO/IEC 19790 is referenced in the U.S. government standard FIPS 140-3.[5] As an ISO/IEC standard, access to it requires payment, typically on a per-user basis.

ISO/IEC 24759 is a related standard for the testing of cryptographic modules,[6] the first version of which derived from NIST's Derived Test Requirements for FIPS PUB 140-2, Security Requirements for Cryptographic Modules.

Notes and References

  1. Web site: Preview of ISO/IEC 19790:2012(en) Information technology — Security techniques — Security requirements for cryptographic modules . 2023-09-24 . www.iso.org.
  2. Web site: Standards - Cryptographic Module Validation Program . https://web.archive.org/web/20171115184427/https://csrc.nist.gov/Projects/cryptographic-module-validation-program/Standards . 2017-11-15 . 2023-09-24 . csrc.nist.gov.
  3. Web site: ISO/IEC 19790:2012 . 2023-09-24 . ISO . en.
  4. Web site: ISO/IEC 19790:2006 . 2023-09-24 . ISO . en.
  5. Web site: Computer Security Division . Information Technology Laboratory . 2016-10-11 . CMVP FIPS 140-3 Related References - Cryptographic Module Validation Program CSRC CSRC . 2023-09-24 . CSRC NIST . EN-US.
  6. Web site: stevevi . 2023-06-12 . Federal Information Processing Standard (FIPS) 140 - Azure Compliance . 2023-09-24 . learn.microsoft.com . en-us.