Scope of Requirements
FIPS 140 imposes requirements in eleven different areas:
- Cryptographic module specification (what must be documented)
- Cryptographic module ports and interfaces (what information flows in and out, and how it must be segregated)
- Roles, services and authentication (who can do what with the module, and how this is checked)
- Finite state model (documentation of the high-level states the module can be in, and how transitions occur)
- Physical security (tamper evidence and resistance, and robustness against extreme environmental conditions)
- Operational environment (what sort of operating system the module uses and is used by)
- Cryptographic key management (generation, entry, output, storage and destruction of keys)
- EMI/EMC
- Self-tests (what must be tested and when, and what must be done if a test fails)
- Design assurance (what documentation must be provided to demonstrate that the module has been well designed and implemented)
- Mitigation of other attacks (if a module is designed to mitigate against, say, TEMPEST attacks then its documentation must say how)
Read more about this topic: FIPS 140
Famous quotes containing the words scope of and/or scope:
“For it is not the bare words but the scope of the writer that gives the true light, by which any writing is to be interpreted; and they that insist upon single texts, without considering the main design, can derive no thing from them clearly.”
—Thomas Hobbes (1579–1688)
“Every person is responsible for all the good within the scope of his abilities, and for no more, and none can tell whose sphere is the largest.”
—Gail Hamilton (1833–1896)