Scope of Requirements
FIPS 140 imposes requirements in eleven different areas:
- Cryptographic module specification (what must be documented)
- Cryptographic module ports and interfaces (what information flows in and out, and how it must be segregated)
- Roles, services and authentication (who can do what with the module, and how this is checked)
- Finite state model (documentation of the high-level states the module can be in, and how transitions occur)
- Physical security (tamper evidence and resistance, and robustness against extreme environmental conditions)
- Operational environment (what sort of operating system the module uses and is used by)
- Cryptographic key management (generation, entry, output, storage and destruction of keys)
- EMI/EMC
- Self-tests (what must be tested and when, and what must be done if a test fails)
- Design assurance (what documentation must be provided to demonstrate that the module has been well designed and implemented)
- Mitigation of other attacks (if a module is designed to mitigate against, say, TEMPEST attacks then its documentation must say how)
Read more about this topic: FIPS 140
Famous quotes containing the words scope of and/or scope:
“Happy is that mother whose ability to help her children continues on from babyhood and manhood into maturity. Blessed is the son who need not leave his mother at the threshold of the world’s activities, but may always and everywhere have her blessing and her help. Thrice blessed are the son and the mother between whom there exists an association not only physical and affectional, but spiritual and intellectual, and broad and wise as is the scope of each being.”
—Lydia Hoyt Farmer (1842–1903)
“For it is not the bare words but the scope of the writer that gives the true light, by which any writing is to be interpreted; and they that insist upon single texts, without considering the main design, can derive no thing from them clearly.”
—Thomas Hobbes (1579–1688)