ISO 20540:2018
ISO 20540:2018 Information technology – Security techniques – Testing cryptographic modules in their operational environment
CDN $312.00
Description
This document provides recommendations and checklists which can be used to support the specification and operational testing of cryptographic modules in their operational environment within an organization’s security system.
The cryptographic modules have four security levels which ISO/IEC 19790 defines to provide for a wide spectrum of data sensitivity (e.g. low-value administrative data, million-dollar funds transfers, life-protecting data, personal identity information, and sensitive information used by government) and a diversity of application environments (e.g. a guarded facility, an office, removable media, and a completely unprotected location).
This document includes:
a) recommendations to perform secure assessing for cryptographic module installation, configuration and operation;
b) recommendations to inspecting the key management system, protection of authentication credentials, and public and critical security parameters in the operational environment;
c) recommendations for identifying cryptographic module vulnerabilities;
d) checklists for the cryptographic algorithm policy, security guidance and regulation, security manage requirements, security level for each of the 11 requirement areas, the strength of the security function, etc.; and
e) recommendations to determine that the cryptographic module’s deployment satisfies the security requirements of the organization.
This document assumes that the cryptographic module has been validated as conformant with ISO/IEC 19790.
It can be used by an operational tester along with other recommendations if needed.
This document is limited to the security related to the cryptographic module. It does not include assessing the security of the operational or application environment. It does not define techniques for the identification, assessment and acceptance of the organization’s operational risk.
The organization’s accreditation, deployment and operation processes, shown in Figure 1, is not included to the scope of this document.
This document addresses operational testers who perform the operational testing for the cryptographic modules in their operational environment authorizing officials of cryptographic modules.
Edition
1
Published Date
2018-05-18
Status
PUBLISHED
Pages
39
Language
English
Format
Secure PDF
Secure – PDF details
- Save your file locally or view it via a web viewer
- Viewing permissions are restricted exclusively to the purchaser
- Device limits - 3
- Printing – Enabled only to print (1) copy
See more about our Environmental Commitment
Abstract
This document provides recommendations and checklists which can be used to support the specification and operational testing of cryptographic modules in their operational environment within an organization's security system.
The cryptographic modules have four security levels which ISO/IEC 19790 defines to provide for a wide spectrum of data sensitivity (e.g. low-value administrative data, million-dollar funds transfers, life-protecting data, personal identity information, and sensitive information used by government) and a diversity of application environments (e.g. a guarded facility, an office, removable media, and a completely unprotected location).
This document includes:
a) recommendations to perform secure assessing for cryptographic module installation, configuration and operation;
b) recommendations to inspecting the key management system, protection of authentication credentials, and public and critical security parameters in the operational environment;
c) recommendations for identifying cryptographic module vulnerabilities;
d) checklists for the cryptographic algorithm policy, security guidance and regulation, security manage requirements, security level for each of the 11 requirement areas, the strength of the security function, etc.; and
e) recommendations to determine that the cryptographic module's deployment satisfies the security requirements of the organization.
This document assumes that the cryptographic module has been validated as conformant with ISO/IEC 19790.
It can be used by an operational tester along with other recommendations if needed.
This document is limited to the security related to the cryptographic module. It does not include assessing the security of the operational or application environment. It does not define techniques for the identification, assessment and acceptance of the organization's operational risk.
The organization's accreditation, deployment and operation processes, shown in Figure 1, is not included to the scope of this document.
This document addresses operational testers who perform the operational testing for the cryptographic modules in their operational environment authorizing officials of cryptographic modules.
Previous Editions
Can’t find what you are looking for?
Please contact us at:
Related Documents
-
ISO 27006:2021 Requirements for bodies providing audit and certification of information security management systems – Part 2: Privacy information management systems
CDN $115.00 Add to cart -
ISO 27007:2020 Information security, cybersecurity and privacy protection – Guidelines for information security management systems auditing
CDN $312.00 Add to cart -
ISO 27013:2021 Information security, cybersecurity and privacy protection – Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1
CDN $351.00 Add to cart -
ISO 27562:2024 Information technology – Security techniques – Privacy guidelines for fintech services
CDN $273.00 Add to cart
