|
|
 |
FIPS 140-2 Security Requirements
FIPS 140-2 defines four increasing levels of security (1, 2, 3, and 4):
Security level 1 provides the lowest level of security requiring at least one approved cryptographic algorithm or security function used in a FIPS-approved mode of operation. An example of a Security Level 1 cryptographic module is a personal computer (PC) encryption board. The module may execute on a general purpose computing system.
Security level 2 surpasses a level 1 cryptographic module by adding the requirements for tamper-evidence and role-based authentication. The module may execute on a general purpose computing system with a trusted operating system.
Security level 3 surpasses a level 2 cryptographic module by adding the requirements for tamper-response and identity-based authentication. The module may execute on a general purpose computing system with a trusted operating system that implements a trusted path.
Security level 4 is the highest level of security defined by the FIPS 140-2 standard. The physical security mechanism must provide a complete envelope of protection around the cryptographic module with the intent of detecting and responding to all unauthorized attempts at physical access.
RAI || FIPS 140-2 || COMMON CRITERIA || RESOURCES || ABOUT RAI || CONTACT
© 2005 Rosenberry Associates Inc. All rights reserved.