Dra%FIPS%140-3% Implementaon%using%ISO% Standards% · Dra%FIPS%140-3% Implementaon%using%ISO%...
Transcript of Dra%FIPS%140-3% Implementaon%using%ISO% Standards% · Dra%FIPS%140-3% Implementaon%using%ISO%...
![Page 1: Dra%FIPS%140-3% Implementaon%using%ISO% Standards% · Dra%FIPS%140-3% Implementaon%using%ISO% Standards% Presented%by%Kim%Schaffer,%DSc% AtICMC%2017%!](https://reader034.fdocuments.us/reader034/viewer/2022051605/600e48072f971852ad0c2397/html5/thumbnails/1.jpg)
Dra$ FIPS 140-‐3 Implementa5on using ISO Standards
Presented by Kim Schaffer, DSc At ICMC 2017
![Page 2: Dra%FIPS%140-3% Implementaon%using%ISO% Standards% · Dra%FIPS%140-3% Implementaon%using%ISO% Standards% Presented%by%Kim%Schaffer,%DSc% AtICMC%2017%!](https://reader034.fdocuments.us/reader034/viewer/2022051605/600e48072f971852ad0c2397/html5/thumbnails/2.jpg)
! Quick status ! Draft documents awaiting public comment period
! Overview of documentation ! ISO 19790 and ISO 24759 ! FIPS 140-‐3 ! SP 800-‐140 and SP 800-‐140A through F ! Management Manual ! Implementation Guidance
! Questions
![Page 3: Dra%FIPS%140-3% Implementaon%using%ISO% Standards% · Dra%FIPS%140-3% Implementaon%using%ISO% Standards% Presented%by%Kim%Schaffer,%DSc% AtICMC%2017%!](https://reader034.fdocuments.us/reader034/viewer/2022051605/600e48072f971852ad0c2397/html5/thumbnails/3.jpg)
CMVP FIPS 140-‐3 Program Documents
ISO 19790
ISO 19790 W/
Annex A through F
ISO 24759
FIPS 140-‐3
SP 800-‐140
SP 800-‐140A through F
Web Management Manual
Web Implementa5on Guidance
Web CT Standards Per5nent to CMVP
Web CMVP Standards/Procedures
![Page 4: Dra%FIPS%140-3% Implementaon%using%ISO% Standards% · Dra%FIPS%140-3% Implementaon%using%ISO% Standards% Presented%by%Kim%Schaffer,%DSc% AtICMC%2017%!](https://reader034.fdocuments.us/reader034/viewer/2022051605/600e48072f971852ad0c2397/html5/thumbnails/4.jpg)
! Purpose is: ! Security requirements for cryptographic modules ! Annexes define requirements modifiable by validation authority
! Current ISO version is ISO/IEC 19790:2012/Cor.1:2015(E) ! Is referred to as ISO/IEC 19790:2012(E) so that changes will not have to be made when ISO is updated unless specifically needed.
ISO/IEC 19790:2012(E)
![Page 5: Dra%FIPS%140-3% Implementaon%using%ISO% Standards% · Dra%FIPS%140-3% Implementaon%using%ISO% Standards% Presented%by%Kim%Schaffer,%DSc% AtICMC%2017%!](https://reader034.fdocuments.us/reader034/viewer/2022051605/600e48072f971852ad0c2397/html5/thumbnails/5.jpg)
! Purpose is: ! Test requirements for cryptographic modules ! Specifies testing (TE) and vendor evidence (VE)
! Current ISO version is ISO/IEC 24759:2014/Cor.1.2015(E) ! Is referred to as ISO/IEC 24759:2014(E) so that changes will not have to be made when ISO is updated unless specifically needed.
ISO/IEC ISO/IEC 24759:2014(E)
![Page 6: Dra%FIPS%140-3% Implementaon%using%ISO% Standards% · Dra%FIPS%140-3% Implementaon%using%ISO% Standards% Presented%by%Kim%Schaffer,%DSc% AtICMC%2017%!](https://reader034.fdocuments.us/reader034/viewer/2022051605/600e48072f971852ad0c2397/html5/thumbnails/6.jpg)
! Purpose is: ! Confirms US decision to use ISO/IEC 19790:2012(E) to replace FIPS 140-‐2 ! Defines basis for CMVP validation program
! Declares SP 800-‐140 series as requirements for validation program ! Clarify/Replace ISO/IEC 19790:2012(E) Annexes with SP 800-‐140A through F ! Identify SP 800-‐140 as the validation authority requirements, supplementing ISO/IEC 24759:2014(E)
FIPS 140-‐3
![Page 7: Dra%FIPS%140-3% Implementaon%using%ISO% Standards% · Dra%FIPS%140-3% Implementaon%using%ISO% Standards% Presented%by%Kim%Schaffer,%DSc% AtICMC%2017%!](https://reader034.fdocuments.us/reader034/viewer/2022051605/600e48072f971852ad0c2397/html5/thumbnails/7.jpg)
! Identify validation authority changes (addition/modification/deletion) to the vendor evidence (VE) and testing (TE) necessary to meet the requirements in ISO/IEC 19790:2012(E)
! Introduce additional language necessary to support program specific implementation
SP 800-‐140
![Page 8: Dra%FIPS%140-3% Implementaon%using%ISO% Standards% · Dra%FIPS%140-3% Implementaon%using%ISO% Standards% Presented%by%Kim%Schaffer,%DSc% AtICMC%2017%!](https://reader034.fdocuments.us/reader034/viewer/2022051605/600e48072f971852ad0c2397/html5/thumbnails/8.jpg)
! Dictates the presentation of ISO/IEC 19790:2012(E) Annex A requirements
! Can change any additional requirements in ISO/IEC 24759:2014(E) 6.13 ! Could call for the use of the Security Policy Template
SP 800-‐140A Documenta5on Requirements
![Page 9: Dra%FIPS%140-3% Implementaon%using%ISO% Standards% · Dra%FIPS%140-3% Implementaon%using%ISO% Standards% Presented%by%Kim%Schaffer,%DSc% AtICMC%2017%!](https://reader034.fdocuments.us/reader034/viewer/2022051605/600e48072f971852ad0c2397/html5/thumbnails/9.jpg)
! Dictates the presentation of ISO/IEC 19790:2012(E) Annex B requirements
! Can change any additional requirements in ISO/IEC 24759:2014(E) 6.14 ! Could call for the use of the Security Policy Template
SP 800-‐140B Crypto Module Security Policy
![Page 10: Dra%FIPS%140-3% Implementaon%using%ISO% Standards% · Dra%FIPS%140-3% Implementaon%using%ISO% Standards% Presented%by%Kim%Schaffer,%DSc% AtICMC%2017%!](https://reader034.fdocuments.us/reader034/viewer/2022051605/600e48072f971852ad0c2397/html5/thumbnails/10.jpg)
! Replaces ISO/IEC 19790:2012(E) Annex C requirements ! Can change any additional requirements in ISO/IEC 24759:2014(E) 6.15 ! Draft should point to CT administered website for requirements
SP 800-‐140C Approved Security Func5ons
![Page 11: Dra%FIPS%140-3% Implementaon%using%ISO% Standards% · Dra%FIPS%140-3% Implementaon%using%ISO% Standards% Presented%by%Kim%Schaffer,%DSc% AtICMC%2017%!](https://reader034.fdocuments.us/reader034/viewer/2022051605/600e48072f971852ad0c2397/html5/thumbnails/11.jpg)
! Replaces ISO/IEC 19790:2012(E) Annex D requirements ! Can change any additional requirements in ISO/IEC 24759:2014(E) 6.16 ! Draft should point to CT administered website for requirements
SP 800-‐140D Approved Sensi5ve Security Parameter Genera5on and Establishment Methods
![Page 12: Dra%FIPS%140-3% Implementaon%using%ISO% Standards% · Dra%FIPS%140-3% Implementaon%using%ISO% Standards% Presented%by%Kim%Schaffer,%DSc% AtICMC%2017%!](https://reader034.fdocuments.us/reader034/viewer/2022051605/600e48072f971852ad0c2397/html5/thumbnails/12.jpg)
! Replaces ISO/IEC 19790:2012(E) Annex E requirements ! Can change any additional requirements in ISO/IEC 24759:2014(E) 6.17 ! Draft should ?
! Point to CT administered website for requirements ! Point to new standard ! Incorporate draft annex from old Draft 140-‐3
SP 800-‐140E Approved Authen5ca5on Mechanisms
![Page 13: Dra%FIPS%140-3% Implementaon%using%ISO% Standards% · Dra%FIPS%140-3% Implementaon%using%ISO% Standards% Presented%by%Kim%Schaffer,%DSc% AtICMC%2017%!](https://reader034.fdocuments.us/reader034/viewer/2022051605/600e48072f971852ad0c2397/html5/thumbnails/13.jpg)
! Replaces ISO/IEC 19790:2012(E) Annex F requirements ! Can change any additional requirements in ISO/IEC 24759:2014(E) 6.18 ! Draft should ?
! Point to CT administered website for requirements ! Point to new standard
SP 800-‐140F Non-‐Invasive A[ack Mi5ga5on Test Metrics
![Page 14: Dra%FIPS%140-3% Implementaon%using%ISO% Standards% · Dra%FIPS%140-3% Implementaon%using%ISO% Standards% Presented%by%Kim%Schaffer,%DSc% AtICMC%2017%!](https://reader034.fdocuments.us/reader034/viewer/2022051605/600e48072f971852ad0c2397/html5/thumbnails/14.jpg)
! Updated from 140-‐2 to address 140-‐3 issues ! Transition to web-‐based document ! Under control of CMVP at www.nist.gov/cmvp
Implementa5on Guidance
![Page 15: Dra%FIPS%140-3% Implementaon%using%ISO% Standards% · Dra%FIPS%140-3% Implementaon%using%ISO% Standards% Presented%by%Kim%Schaffer,%DSc% AtICMC%2017%!](https://reader034.fdocuments.us/reader034/viewer/2022051605/600e48072f971852ad0c2397/html5/thumbnails/15.jpg)
! Addresses how to do business with CMVP ! Moving to web-‐based ! Will be updated to address FIPS 140-‐3 relevant issues ! Under control of CMVP at www.nist.gov/cmvp
Management Manual