📑 Table of Contents

Cryptographic Module Testing Laboratory (CMTL) is an information technology (IT) computer security testing laboratory that is accredited to conduct cryptographic module evaluations for conformance to the FIPS 140-2 U.S. Government standard.

The National Institute of Standards and Technology (NIST) National Voluntary Laboratory Accreditation Program (NVLAP) accredits CMTLs to meet Cryptographic Module Validation Program (CMVP) standards and procedures.

This has been replaced by FIPS 140-2 and the Cryptographic Module Validation Program (CMVP).

CMTL requirements

edit

These laboratories must meet the following requirements:

  • NIST Handbook 150, NVLAP Procedures and General Requirements
  • NIST Handbook 150-17 Information Technology Security Testing - Cryptographic Module Testing
    • NVLAP Specific Operations Checklist for Cryptographic Module Testing

FIPS 140-2 in relation to the Common Criteria

edit

A CMTL can also be a Common Criteria (CC) Testing Laboratory (CCTL). The CC and FIPS 140-2 are different in the abstractness and focus of evaluation. FIPS 140-2 testing is against a defined cryptographic module and provides a suite of conformance tests to four FIPS 140 security levels. FIPS 140-2 describes the requirements for cryptographic modules and includes such areas as physical security, key management, self tests, roles and services, etc. The standard was initially developed in 1994 - prior to the development of the CC. The CC is an evaluation against a Protection Profile (PP), or security target (ST). Typically, a PP covers a broad range of products.

  • A CC evaluation does not supersede or replace a validation to either FIPS 140-1, FIPS140-2 or FIPS 140-3. The four security levels in FIPS 140-1 and FIPS 140-2 do not map directly to specific CC EALs or to CC functional requirements. A CC certificate cannot be a substitute for a FIPS 140-1 or FIPS 140-2 certificate.

If the operational environment is a modifiable operational environment, the operating system requirements of the Common Criteria are applicable at FIPS Security Levels 2 and above.

  • FIPS 140-1 required evaluated operating systems that referenced the Trusted Computer System Evaluation Criteria (TCSEC) classes C2, B1 and B2. However, TCSEC is no longer in use and has been replaced by the Common Criteria. Consequently, FIPS 140-2 now references the Common Criteria.

FIPS 140-2 or FIPS 140-3 validation efforts can be in some parts reused in Common Criteria evaluations, specifically in areas related to entropy source and cryptographic algorithms.

References

edit


edit

📚 Artikel Terkait di Wikipedia

Cryptographic module

Cryptographic Module Validation Program (CMVP) Cryptographic Module Testing Laboratory "Cryptographic module - Glossary". csrc.nist.gov. Retrieved 2023-09-24

Cryptographic Module Validation Program

All of the tests under the CMVP are handled by third-party laboratories that are accredited as Cryptographic Module Testing Laboratories by the National

FIPS 140-2

accredited Cryptographic Modules Testing laboratories perform validation testing of cryptographic modules. Cryptographic modules are tested against requirements

Advanced Encryption Standard

testing is a pre-requisite for the FIPS 140-2 module validation. However, successful CAVP validation in no way implies that the cryptographic module implementing

FIPS 140-3

security standard used to approve cryptographic modules. The title is Security Requirements for Cryptographic Modules. Initial publication was on March

Comparison of cryptography libraries

Technology Laboratory (October 11, 2016). "Search - Cryptographic Module Validation Program | CSRC | CSRC". CSRC | NIST. "Cryptographic Module Validation

ISO/IEC 19790

for Cryptographic Modules. "Preview of ISO/IEC 19790:2012(en) Information technology — Security techniques — Security requirements for cryptographic modules"

National Voluntary Laboratory Accreditation Program

(PLM test method) Asbestos fiber analysis (TEM test method) Fasteners and metals program Common Criteria Testing Laboratory (CCTL) Cryptographic Module Testing