ДСТУ ISO/IEC TS 20540:2018 Информационные технологии. Методы защиты. Руководства по тестированию криптографических модулей в рабочей среде (ISO/IEC TS 20540:2018, IDT)



ДСТУ ISO/IEC TS 20540:2018
(ISO/IEC TS 20540:2018, IDT)

Інформаційні технології. Методи захисту. Настанови щодо тестування криптографічних модулів у робочому середовищі

 
     
Не є офіційним виданням.
Офіційне видання розповсюджує національний орган стандартизації
(ДП «УкрНДНЦ» http://uas.gov.ua)

Contents

Foreword

Introduction

1 Scope

2 Normative references

3 Terms and definitions

4 Abbreviated terms

5 Document organization

6 Context of operational testing

7 Cryptographic modules

7.1 General

7.2 Types of cryptographic modules

7.2.1 General

7.2.2 Software module

7.2.3 Firmware module

7.2.4 Hardware module

7.2.5 Hybrid software module

7.2.6 Hybrid firmware module

7.3 Cryptographic module application environments

7.4 Security products with cryptographic modules

7.5 Security requirements for cryptographic modules

7.5.1 General

7.5.2 Security Level 1

7.5.3 Security Level 2

7.5.4 Security Level 3

7.5.5 Security Level 4

7.6 Life-cycle assurance of cryptographic modules

7.7 Cryptographic module security policy

7.7.1 General

7.7.2 Cryptographic module specification

7.7.3 Cryptographic module interfaces

7.7.4 Roles, services, and authentication

7.7.5 Software/firmware security

7.7.6 Operational environment

7.7.7 Physical security

7.7.8 Non-invasive security

7.7.9 Sensitive security parameters management

7.7.10 Self-tests

7.7.11 Life-cycle assurance

7.7.12 Mitigation of other attacks

7.8 Intended purpose of validated cryptographic modules

8 The application environment

8.1 Organizational security

8.2 Architecture of the application environment

9 The operational environment

9.1 Security requirements related to cryptographic modules for their operational environment

9.1.1 General

9.1.2 Entropy sources

9.1.3 Audit mechanism

9.1.4 Physically unclonable function

9.2 Security assumptions for the operational environment

9.2.1 General

9.2.2 Security Level 1

9.2.3 Security Level 2

9.2.4 Security Level 3

9.2.5 Security Level 4

10 How to select cryptographic modules

10.1 General

10.2 Use policy

10.3 Cryptographic module assurance

10.4 Interoperability

10.5 Selection of security rating for SSP protection

11 Principles for operational testing

11.1 General

11.2 Assumptions

11.3 Operational testing activities

11.4 Competence for operational testers

11.5 Use of validated evidence

11.6 Documentation

11.7 Operational testing procedure

12 Recommendations for operational testing

12.1 General

12.2 Recommendations for assessing the installation, configuration, and operation of the cryptographic module

12.2.1 General

12.2.2 Assessing installation of the cryptographic module

12.2.3 Assessing the configuration of the cryptographic module

12.2.4 Assessing the correct operation of the cryptographic module

12.3 Recommendations for inspecting a key management system

12.4 Recommendations for inspecting the security requirements of authentication credentials

12.5 Recommendations for assessing the availability of cryptographic modules

12.6 Recommendations for identifying potential residual vulnerabilities of cryptographic modules

12.7 Checking for the organization’s security policies

13 Reporting the results of operational testing

Annex A (informative) Examples of validated cryptographic modules lists

Annex B (informative) Checklist for operational testing of cryptographic modules

Bibliography