ISO/IEC 19790
ISO/IEC 19790 is an ISO/IEC standard for security requirements for cryptographic modules. It addresses a wide range of issues regarding their implementation, including specifications, interface definitions, authentication, operational and physical security, configuration management, testing, and life-cycle management.[1] The first version of ISO/IEC 19790 was derived from the U.S. government computer security standard FIPS 140-2, Security Requirements for Cryptographic Modules.[2]
As of March 2025[update], the current version of the standard is ISO/IEC 19790:2025[3] that replaced the previous versions, ISO/IEC 19790:2012[4] and ISO/IEC 19790:2006,[5] which are now obsolete.
Use of ISO/IEC 19790 is referenced in the U.S. government standard FIPS 140-3.[6] As an ISO/IEC standard, access to it requires payment, typically on a per-user basis.[6]
ISO/IEC 24759 is a related standard for the testing of cryptographic modules,[7] the first version of which derived from NIST's Derived Test Requirements for FIPS PUB 140-2, Security Requirements for Cryptographic Modules.[2]
References
[edit]- ^ "Preview of ISO/IEC 19790:2012(en) Information technology — Security techniques — Security requirements for cryptographic modules". www.iso.org. Retrieved 2023-09-24.
- ^ a b "Standards - Cryptographic Module Validation Program". csrc.nist.gov. Archived from the original on 2017-11-15. Retrieved 2023-09-24.
- ^ "ISO/IEC 19790:2025". ISO.
- ^ "ISO/IEC 19790:2012". ISO. Retrieved 2023-09-24.
- ^ "ISO/IEC 19790:2006". ISO. Retrieved 2023-09-24.
- ^ a b Computer Security Division, Information Technology Laboratory (2016-10-11). "CMVP FIPS 140-3 Related References - Cryptographic Module Validation Program | CSRC | CSRC". CSRC | NIST. Retrieved 2023-09-24.
- ^ stevevi (2023-06-12). "Federal Information Processing Standard (FIPS) 140 - Azure Compliance". learn.microsoft.com. Retrieved 2023-09-24.
 | This cryptography-related article is a stub. You can help Wikipedia by expanding it. |