iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO/IEC 19790

(Main)

Information security, cybersecurity and privacy protection — Security requirements for cryptographic modules

Information security, cybersecurity and privacy protection — Security requirements for cryptographic modules

Sécurité de l’information, cybersécurité et protection de la vie privée — Exigences de sécurité pour les modules cryptographiques

General Information

Status
Not Published
ICS
35.030 - IT Security
Technical Committee
ISO/IEC JTC 1/SC 27 - Information security, cybersecurity and privacy protection
Drafting Committee
ISO/IEC JTC 1/SC 27 - Information security, cybersecurity and privacy protection
Current Stage
6000 - International Standard under publication
Due Date
22-Jan-2025
Completion Date
22-Jan-2025
Ref Project

Relations

Revises
ISO/IEC 19790:2012 - Information technology — Security techniques — Security requirements for cryptographic modules
Effective Date
06-Jun-2022

Buy Standard

ISO/IEC FDIS 19790 - Information security, cybersecurity and privacy protection — Security requirements for cryptographic modules Released:11/12/2024ISO/IEC FDIS 19790 - Information security, cybersecurity and privacy protection — Security requirements for cryptographic modules Released:11/12/2024
PreviousNext
Draft
ISO/IEC FDIS 19790 - Information security, cybersecurity and privacy protection — Security requirements for cryptographic modules Released:11/12/2024
English language
80 pages
sale 15% off
Preview
sale 15% off
Preview
REDLINE ISO/IEC FDIS 19790 - Information security, cybersecurity and privacy protection — Security requirements for cryptographic modules Released:11/12/2024REDLINE ISO/IEC FDIS 19790 - Information security, cybersecurity and privacy protection — Security requirements for cryptographic modules Released:11/12/2024
PreviousNext
Draft
REDLINE ISO/IEC FDIS 19790 - Information security, cybersecurity and privacy protection — Security requirements for cryptographic modules Released:11/12/2024
English language
80 pages
sale 15% off
Preview
sale 15% off
Preview
ISO/IEC FDIS 19790 - Titre manque Released:12/7/2023ISO/IEC FDIS 19790 - Titre manque Released:12/7/2023
PreviousNext
Draft
ISO/IEC FDIS 19790 - Titre manque Released:12/7/2023
French language
90 pages
sale 15% off
Preview
sale 15% off
Preview
ISO/IEC FDIS 19790 - Sécurité de l’information, cybersécurité et protection de la vie privée — Exigences de sécurité pour les modules cryptographiques Released:12/12/2024ISO/IEC FDIS 19790 - Sécurité de l’information, cybersécurité et protection de la vie privée — Exigences de sécurité pour les modules cryptographiques Released:12/12/2024
PreviousNext
Draft
ISO/IEC FDIS 19790 - Sécurité de l’information, cybersécurité et protection de la vie privée — Exigences de sécurité pour les modules cryptographiques Released:12/12/2024
French language
86 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


FINAL DRAFT
International
Standard
ISO/IEC FDIS
ISO/IEC JTC 1/SC 27
Information security, cybersecurity
Secretariat: DIN
and privacy protection — Security
Voting begins on:
requirements for cryptographic
2024-11-26
modules
Voting terminates on:
2025-01-21
RECIPIENTS OF THIS DRAFT ARE INVITED TO SUBMIT,
WITH THEIR COMMENTS, NOTIFICATION OF ANY
RELEVANT PATENT RIGHTS OF WHICH THEY ARE AWARE
AND TO PROVIDE SUPPOR TING DOCUMENTATION.
IN ADDITION TO THEIR EVALUATION AS
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO­
LOGICAL, COMMERCIAL AND USER PURPOSES, DRAFT
INTERNATIONAL STANDARDS MAY ON OCCASION HAVE
TO BE CONSIDERED IN THE LIGHT OF THEIR POTENTIAL
TO BECOME STAN DARDS TO WHICH REFERENCE MAY BE
MADE IN NATIONAL REGULATIONS.
Reference number
ISO/IEC FDIS 19790:2024(en) © ISO/IEC 2024

FINAL DRAFT
ISO/IEC FDIS 19790:2024(en)
International
Standard
ISO/IEC FDIS
ISO/IEC JTC 1/SC 27
Information security, cybersecurity
Secretariat: DIN
and privacy protection — Security
Voting begins on:
requirements for cryptographic
modules
Voting terminates on:
RECIPIENTS OF THIS DRAFT ARE INVITED TO SUBMIT,
WITH THEIR COMMENTS, NOTIFICATION OF ANY
RELEVANT PATENT RIGHTS OF WHICH THEY ARE AWARE
AND TO PROVIDE SUPPOR TING DOCUMENTATION.
© ISO/IEC 2024
IN ADDITION TO THEIR EVALUATION AS
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO­
LOGICAL, COMMERCIAL AND USER PURPOSES, DRAFT
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
INTERNATIONAL STANDARDS MAY ON OCCASION HAVE
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
TO BE CONSIDERED IN THE LIGHT OF THEIR POTENTIAL
or ISO’s member body in the country of the requester.
TO BECOME STAN DARDS TO WHICH REFERENCE MAY BE
MADE IN NATIONAL REGULATIONS.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland Reference number
ISO/IEC FDIS 19790:2024(en) © ISO/IEC 2024

© ISO/IEC 2024 – All rights reserved
ii
ISO/IEC FDIS 19790:2024(en)
Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviated terms . 17
5 Cryptographic module security levels . .18
5.1 General .18
5.2 Security level 1 .18
5.3 Security level 2 .19
5.4 Security level 3 .19
5.5 Security level 4 . 20
6 Functional security objectives .21
7 Security requirements .21
7.1 General .21
7.2 Cryptographic module specification .24
7.2.1 Cryptographic module specification general requirements .24
7.2.2 Types of cryptographic modules .24
7.2.3 Cryptographic boundary .24
7.2.4 Module operations . 25
7.3 Cryptographic module interfaces .27
7.3.1 Cryptographic module interfaces general requirements .27
7.3.2 Types of interfaces .27
7.3.3 Categories of interfaces .27
7.3.4 Plaintext trusted path . 28
7.3.5 Protected internal paths . 29
7.4 Roles, services, and authentication . 29
7.4.1 Roles, services, and authentication general requirements . 29
7.4.2 Roles . 29
7.4.3 Services . 30
7.4.4 Authentication .31
7.5 Software/firmware security . 33
7.5.1 Software/firmware security general requirements . 33
7.5.2 Security level 1 . 34
7.5.3 Security level 2 . 34
7.5.4 Security levels 3 and 4. 35
7.6 Operational environment. 35
7.6.1 Operational environment general requirements . 35
7.6.2 Clause applicability . 36
7.6.3 Operating system requirements for modifiable operational environments .37
7.7 Physical security . 39
7.7.1 Physical security embodiments . 39
7.7.2 Physical security general requirements . 40
7.7.3 Physical security requirements for each physical security embodiment .42
7.7.4 Environmental failure protection/testing .43
7.7.5 Environmental failure protection features .43
7.7.6 Environmental failure testing procedures . 44
7.8 Non-invasive security . 44
7.8.1 Non-invasive security general requirements . 44
7.8.2 Security levels 1 and 2.45
7.8.3 Security level 3 .45
7.8.4 Security level 4 .45

© ISO/IEC 2024 – All rights reserved
iii
ISO/IEC FDIS 19790:2024(en)
7.9 Sensitive security parameter management .45
7.9.1 Sensitive security parameter management general requirements .45
7.9.2 Random bit generators .45
7.9.3 Sensitive security parameter generation . 46
7.9.4 Automated sensitive security parameter establishment . 46
7.9.5 Sensitive security parameter entry and output . 46
7.9.6 Sensitive security parameter storage .47
7.9.7 Sensitive security parameter zeroization .47
7.10 Self-tests . 48
7.10.1 Self-test general requirements . 48
7.10.2 Security levels 3 and 4. 49
7.10.3 Pre-operational self-tests . 49
7.10.4 Conditional self-tests . 50
7.11 Life-cycle assurance . 53
7.11.1 Life-cycle assurance general requirements .
...


Formatted: Centered
Style Definition
FDIS ISO/IEC FDIS 19790(E:2024(en) .
Formatted: zzCover, Left
ISO/IEC JTC 1/SC 27/WG 3
Formatted: Different first page header
Secretariat: DIN Formatted
...
Formatted
...
Date: 2024-06-0111-12
Formatted: Font: Not Bold
Information security, cybersecurity and privacy protection — Security requirements for
Formatted: zzCover, Left, Space After: 0 pt
cryptographic modules
Formatted: Font: 11 pt
Formatted: zzCover, Line spacing: single

FDIS stage
Warning for WDs and CDs
This document is not an ISO International Standard. It is distributed for review and comment. It is subject to
change without notice and may not be referred to as an International Standard.
Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of
which they are aware and to provide supporting documentation.

A model document of an International Standard (the Model International Standard) is available at:
https://www.iso.org/drafting-standards.html

Formatted: Centered
FDIS ISO/IEC FDIS 19790 (E:2024(en)
Formatted: Font: 11 pt
Formatted: Font: 11 pt
Formatted: Font: 11 pt
Formatted: Space After: 0 pt, Line spacing: single
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of
Formatted: Font: 10 pt, Font color: Black, English
this publication may be reproduced or utilized otherwise in any form or by any means, electronic or
(United States)
mechanical, including photocopying, or posting on the internet or an intranet, without prior written
Formatted: Indent: Left: 0 cm, Right: 0 cm, Space
permission. Permission can be requested from either ISO at the address below or ISO’sISO's member body
Before: 0 pt, No page break before, Adjust space
in the country of the requester.
between Latin and Asian text, Adjust space between
Asian text and numbers, Border: Top: (No border), Left:
ISO copyright officeCopyright Office
(No border), Right: (No border)
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva Formatted: Font color: Blue
Phone: + 41 22 749 01 11
Formatted: Font color: Black, English (United States)
Email: copyright@iso.org
Formatted: Font color: Black, English (United States)
Email: copyright@iso.org
Website: www.iso.orgwww.iso.org
Formatted: Font: 11 pt, Font color: Blue
Published in Switzerland.
Formatted: Font color: Black, English (United States)
Formatted: Font: 11 pt, Font color: Blue
Formatted: Font color: Black, English (United States)
Formatted: Font color: Black, English (United States)
Formatted: Font: 11 pt, Font color: Blue
Formatted: Indent: Left: 0 cm, First line: 0 cm, Right: 0
cm, Adjust space between Latin and Asian text, Adjust
space between Asian text and numbers, Border: Left:
(No border), Right: (No border)
Formatted: Font color: Black, English (United States)
Formatted: Font color: Black, English (United States)
Formatted: Font: 11 pt, Font color: Blue
Formatted: Font color: Black, English (United Kingdom)
Formatted: Indent: Left: 0 cm, First line: 0 cm, Right: 0
cm, Adjust space between Latin and Asian text, Adjust
space between Asian text and numbers, Border: Bottom:
(No border), Left: (No border), Right: (No border)
Formatted: Font color: Black, English (United Kingdom)
Formatted: Font color: Black, English (United States)
Formatted: Font color: Black, English (United States)
© ISO /IEC 2024 – All rights reserved
ii
FDIS ISO/IEC FDIS 19790 (E:2024(en)
Formatted: Font: 11 pt
Formatted: Space After: 0 pt, Line spacing: single
Formatted: Font: 11 pt
Contents
Formatted: Font: 11 pt
Formatted: Space Before: 48 pt, Don't adjust space
Foreword . viii
between Latin and Asian text, Don't adjust space
between Asian text and numbers
Introduction . x
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviated terms . 21
5 Cryptographic module security levels . 21
5.1 General . 21
5.2 Security level 1 . 22
5.3 Security level 2 . 22
5.4 Security level 3 . 22
5.5 Security level 4 . 23
6 Functional security objectives . 24
7 Security requirements . 24
7.1 General . 24
7.2 Cryptographic module specification . 28
7.2.1 Cryptographic module specification general requirements . 28
7.2.2 Types of cryptographic modules . 28
7.2.3 Cryptographic boundary . 28
7.2.4 Module operations . 29
7.3 Cryptographic module interfaces . 31
7.3.1 Cryptographic module interfaces general requirements . 31
7.3.2 Types of interfaces . 31
7.3.3 Categories of interfaces . 31
7.3.4 Plaintext trusted path . 32
7.3.5 Protected internal paths . 33
7.4 Roles, services, and authentication . 33
7.4.1 Roles, services, and authentication general requirements . 33
7.4.2 Roles . 33
7.4.3 Services . 34
7.4.4 Authentication . 35
7.5 Software/firmware security . 37
7.5.1 Software/firmware security general requirements . 37
7.5.2 Security level 1 . 38
7.5.3 Security level 2 . 39
7.5.4 Security levels 3 and 4 . 39
7.6 Operational environment. 39
7.6.1 Operational environment general requirements . 39
7.6.2 Clause applicability . 41
7.6.3 Operating system requirements for modifiable operational environments . 41
7.7 Physical security . 43
7.7.1 Physical security embodiments . 43
7.7.2 Physical security general requirements . 45
7.7.3 Physical security requirements for each physical security embodiment . 47
7.7.4 Environmental failure protection/testing . 48
7.7.5 Environmental failure protection features . 49
7.7.6 Environmental failure testing procedures . 49
© ISO /IEC 2024 – All rights reserved
iii
FDIS ISO/IEC FDIS 19790 (E:2024(en)
Formatted: Space After: 0 pt, Line spacing: single
Formatted: Font: 11 pt
Formatted: Font: 11 pt
7.8 Non-invasive security . 49
7.8.1 Non-invasive security general requirements . 49 Formatted: Font: 11 pt
7.8.2 Security levels 1 and 2 . 50
7.8.3 Security level 3 . 50
7.8.4 Security level 4 . 50
7.9 Sensitive security parameter management . 50
7.9.1 Sensitive security parameter management general requirements . 50
7.9.2 Random bit generators . 51
7.9.3 Sensitive security parameter generation . 51
7.9.4 Automated sensitive security parameter establishment . 51
7.9.5 Sensitive security parameter entry and output . 51
7.9.6 Sensitive security parameter storage . 52
7.9.7 Sensitive security parameter zeroization . 52
7.10 Self-tests . 54
7.10.1 Self-test general requirements . 54
7.10.2 Security levels 3 and 4 . 55
7.10.3 Pre-operational self-tests . 55
7.10.4 Conditional self-tests . 56
7.11 Life-cycle assurance . 58
7.11.1 Life-cycle assurance general requirements . 58
7.11.2 Configuration management . 59
7.11.3 Design . 59
7.11.4 Finite state model . 59
7.11.5 Development . 60
7.11.6 Vendor testing . 62
7.11.7 Delivery and operation . 62
7.11.8 Guidance documents . 63
7.12 Mitigation of other attacks . 64
7.12.1 Mitigation of other attacks general requirements . 64
7.12.2 Security levels 1, 2 and 3 . 64
7.12.3 Security level 4 . 64
Annex A (normative)  Documentat
...


PROJET DE NORME INTERNATIONALE
ISO/IEC DIS 19790
ISO/IEC JTC 1/SC 27 Secrétariat: DIN
Début de vote: Vote clos le:
2023-11-27 2024-02-19
Technologies de l'information — Techniques de sécurité —
Exigences de sécurité pour les modules cryptographiques
Information technology — Security techniques — Security requirements for cryptographic modules
ICS: 35.030
CE DOCUMENT EST UN PROJET DIFFUSÉ POUR
OBSERVATIONS ET APPROBATION. IL EST DONC
SUSCEPTIBLE DE MODIFICATION ET NE PEUT
ÊTRE CITÉ COMME NORME INTERNATIONALE
AVANT SA PUBLICATION EN TANT QUE TELLE.
Le présent document est distribué tel qu’il est parvenu du secrétariat du comité.
OUTRE LE FAIT D’ÊTRE EXAMINÉS POUR
ÉTABLIR S’ILS SONT ACCEPTABLES À DES
FINS INDUSTRIELLES, TECHNOLOGIQUES ET
COMMERCIALES, AINSI QUE DU POINT DE VUE
DES UTILISATEURS, LES PROJETS DE NORMES
INTERNATIONALES DOIVENT PARFOIS ÊTRE
CONSIDÉRÉS DU POINT DE VUE DE LEUR
POSSIBILITÉ DE DEVENIR DES NORMES
POUVANT SERVIR DE RÉFÉRENCE DANS LA
RÉGLEMENTATION NATIONALE.
Numéro de référence
LES DESTINATAIRES DU PRÉSENT PROJET ISO/IEC DIS 19790:2023(F)
SONT INVITÉS À PRÉSENTER, AVEC LEURS
OBSERVATIONS, NOTIFICATION DES DROITS
DE PROPRIÉTÉ DONT ILS AURAIENT
ÉVENTUELLEMENT CONNAISSANCE ET À
© ISO/IEC 2023
FOURNIR UNE DOCUMENTATION EXPLICATIVE.

̹ Ȁ ʹͲʹ͵–‘—•†”‘‹–•”±•‡”˜±•
ISO/IEC DIS 19790:2023(F)
ISO/IEC JTC 1/SC 27
ƒ–‡ǣʹͲʹͶǦͲʹǦͳͻ
ISO/IEC DIS 19790:2023(F)
Ȁ 
ͳȀʹ͹Ȁ
͵
‡…”±–ƒ”‹ƒ–ǣ 
Technologies de l’information — Techniques de sécurité —
Exigences de sécurité pour les modules cryptographiques
Information technology — Security techniques — Security requirements for cryptographic modules

Avertissement
‡†‘…—‡–̵‡•–’ƒ•—‡‘”‡‹–‡”ƒ–‹‘ƒŽ‡†‡Ž̵ Ǥ Ž‡•–†‹•–”‹„—±’‘—”‡šƒ‡‡–‘„•‡”˜ƒ–‹‘•Ǥ
Ž‡•–•—•…‡’–‹„Ž‡†‡‘†‹ˆ‹…ƒ–‹‘•ƒ•’”±ƒ˜‹•‡–‡’‡—–²–”‡…‹–±…‘‡‘”‡‹–‡”ƒ–‹‘ƒŽ‡Ǥ
‡•†‡•–‹ƒ–ƒ‹”‡•†—’”±•‡–’”‘Œ‡–•‘–‹˜‹–±•’”±•‡–‡”ǡƒ˜‡…Ž‡—”•‘„•‡”˜ƒ–‹‘•ǡ‘–‹ˆ‹…ƒ–‹‘†‡•
†”‘‹–•†‡’”‘’”‹±–±†‘–‹Ž•ƒ—”ƒ‹‡–±˜‡–—‡ŽŽ‡‡–…‘ƒ‹••ƒ…‡‡–ˆ‘—”‹”—‡†‘…—‡–ƒ–‹‘
‡š’Ž‹…ƒ–‹˜‡Ǥ

ǣ͵ͷǤͲ͵Ͳ


DOCUMENT PROTÉGÉ PAR COPYRIGHT
© ISO/IEC 2023
Tous droits réservés. Sauf prescription différente ou nécessité dans le contexte de sa mise en œuvre, aucune partie de cette
publication ne peut être reproduite ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique,
y compris la photocopie, ou la diffusion sur l’internet ou sur un intranet, sans autorisation écrite préalable. Une autorisation peut
être demandée à l’ISO à l’adresse ci-après ou au comité membre de l’ISO dans le pays du demandeur.
ISO copyright office
Case postale 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Genève
Tél.: +41 22 749 01 11
›’‡†—†‘…—‡–ǣ‘”‡‹–‡”ƒ–‹‘ƒŽ‡
Fax: +41 22 749 09 47
‘—•Ǧ–›’‡†—†‘…—‡–ǣ
E-mail: copyright@iso.org
Web: www.iso.org –ƒ†‡†—†‘…—‡–ǣȋͶͲȌ“—²–‡
ƒ‰—‡†—†‘…—‡–ǣ 
Publié en Suisse


ii
© ISO/IEC 2023 – Tous droits réservés

ISO/IEC DIS 19790:2023(F)
Sommaire Page
Avant-propos . vi
Introduction . viii
1 Domaine d'application .1
2 Références normatives .1
3 Termes et définitions .1
4 Abréviations . 20
5 Niveaux de sécurité des modules cryptographiques . 21
5.1 Niveau de sécurité 1 . 21
5.2 Niveau de sécurité 2 . 22
5.3 Niveau de sécurité 3 . 22
5.4 Niveau de sécurité 4 . 23
6 Objectifs de sécurité fonctionnelle . 24
7 Exigences de sécurité . 24
7.1 Généralités . 24
7.2 Spécification du module cryptographique . 27
7.2.1 Exigences générales relatives à la spécification du module cryptographique . 27
7.2.2 Types de modules cryptographiques . 27
7.2.3 Frontière cryptographique . 27
7.2.4 Fonctionnements du module . 29
7.3 Interfaces du module cryptographique . 31
7.3.1 Exigences générales relatives aux interfaces du module cryptographique . 31
7.3.2 Types d’interfaces . 31
7.3.3 Définition des interfaces . 31
7.3.4 Chemin de confiance en clair . 33
7.3.5 Chemins internes protégés . 33
7.4 Rôles, services et authentification . 34
7.4.1 Exigences générales en matière de rôles, de services et d’authentification . 34
7.4.2 Rôles . 34
7.4.3 Services. 34
7.4.4 Authentification . 36
7.5 Sécurité logicielle/micrologicielle . 38
7.6 Environnement opérationnel . 41
7.6.1 Exigences générales relatives à l’environnement opérationnel . 41
7.6.2 Applicabilité des paragraphes . 42
7.6.3 Exigences relatives au système d’exploitation pour les environnements
opérationnels modifiables . 43
7.7 Sécurité physique . 45
7.7.1 Matérialisations de la sécurité physique . 45
7.7.2 Exigences générales en matière de sécurité physique . 47
7.7.3 Exigences de sécurité physique pour chaque matérialisation de sécurité physique . 49
7.7.4 Protection contre les défaillances environnementales/essais de défaillance
environnementale . 51
7.8 Sécurité non invasive . 53
7.9 Gestion des paramètres de sécurité sensibles . 54
7.9.1 Exigences générales relatives à la gestion des paramètres de sécurité sensibles . 54
7.9.2 Générateurs de bits aléatoires . 54
© ISO/IEC 2023 – Tous droits réservés
iii
ISO/IEC DIS 19790:2023(F)
7.9.3 Génération de paramètres de sécurité sensibles . 55
7.9.4 Établissement automatisé de paramètres de sécurité sensibles . 55
7.9.5 Entrée et sortie de paramètres de sécurité sensibles . 55
7.9.6 Stockage des paramètres de sécurité sensibles . 56
7.9.7 Abrogation des paramètres de sécurité sensibles . 56
7.10 Auto-tests . 58
7.10.1 Exigences générales relatives aux auto-tests . 58
7.10.2 Auto-tests pré-opérationnels . 59
7.10.3 Auto-tests conditionnels . 60
7.11 Assurance du cycle de vie . 63
7.11.1 Exigences générales relatives à l’assurance du cycle de vie . 63
7.11.2 Gestion de la configuration . 63
7.11.3 Conception . 64
7.11.4 Modèle à état fini . 64
7.11.5 Développement . 65
7.11.6 Essais fournisseur . 67
7.11.7 Livraison et fonctionnement . 67
7.11.8 Fin de vie . 68
7.11.9 Guides (d’orientation) . 68
7.12 Atténuation des autres attaques. 69
(normative) Exigences en matière de documentation. 70
A.1 Objectif . 70
A.2 Rubriques . 70
A.2.1 Généralités. 70
A.2.2 Spécification du module cryptographique . 70
A.2.3 Interfaces du module cryptographique . 71
A.2.4 Rôles, services et authentification . 71
A.2.5 Sécurité logicielle/micrologicielle . 72
A.2.6 Environnement opérationnel . 72
A.2.7 Sécurité physique . 72
A.2.8 Sécurité non invasive . 72
A.2.9 Gestion des paramètres de sécurité sensibles .
...


PROJET FINAL
Norme
internationale
ISO/IEC FDIS
ISO/IEC JTC 1/SC 27
Sécurité de l’information,
Secrétariat: DIN
cybersécurité et protection de la vie
Début de vote:
privée — Exigences de sécurité pour
2024-11-26
les modules cryptographiques
Vote clos le:
2025-01-21
Information security, cybersecurity and privacy protection —
Security requirements for cryptographic modules
LES DESTINATAIRES DU PRÉSENT PROJET SONT
INVITÉS À PRÉSENTER, AVEC LEURS OBSERVATIONS,
NOTIFICATION DES DROITS DE PROPRIÉTÉ DONT ILS
AURAIENT ÉVENTUELLEMENT CONNAISSANCE ET À
FOURNIR UNE DOCUMENTATION EXPLICATIVE.
OUTRE LE FAIT D’ÊTRE EXAMINÉS POUR
ÉTABLIR S’ILS SONT ACCEPTABLES À DES FINS
INDUSTRIELLES, TECHNOLOGIQUES ET COM-MERCIALES,
AINSI QUE DU POINT DE VUE DES UTILISATEURS, LES
PROJETS DE NORMES
INTERNATIONALES DOIVENT PARFOIS ÊTRE CONSIDÉRÉS
DU POINT DE VUE DE LEUR POSSI BILITÉ DE DEVENIR DES
NORMES POUVANT
SERVIR DE RÉFÉRENCE DANS LA RÉGLEMENTATION
NATIONALE.
Numéro de référence
ISO/IEC FDIS 19790:2024(fr) © ISO/IEC 2024

PROJET FINAL
ISO/IEC FDIS 19790:2024(fr)
Norme
internationale
ISO/IEC FDIS
ISO/IEC JTC 1/SC 27
Sécurité de l’information,
Secrétariat: DIN
cybersécurité et protection de la vie
Début de vote:
privée — Exigences de sécurité pour
2024-11-26
les modules cryptographiques
Vote clos le:
2025-01-21
Information security, cybersecurity and privacy protection —
Security requirements for cryptographic modules
LES DESTINATAIRES DU PRÉSENT PROJET SONT
INVITÉS À PRÉSENTER, AVEC LEURS OBSERVATIONS,
NOTIFICATION DES DROITS DE PROPRIÉTÉ DONT ILS
AURAIENT ÉVENTUELLEMENT CONNAISSANCE ET À
FOURNIR UNE DOCUMENTATION EXPLICATIVE.
DOCUMENT PROTÉGÉ PAR COPYRIGHT
OUTRE LE FAIT D’ÊTRE EXAMINÉS POUR
ÉTABLIR S’ILS SONT ACCEPTABLES À DES FINS
© ISO/IEC 2024
INDUSTRIELLES, TECHNOLOGIQUES ET COM-MERCIALES,
AINSI QUE DU POINT DE VUE DES UTILISATEURS, LES
Tous droits réservés. Sauf prescription différente ou nécessité dans le contexte de sa mise en œuvre, aucune partie de cette
PROJETS DE NORMES
publication ne peut être reproduite ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique,
INTERNATIONALES DOIVENT PARFOIS ÊTRE CONSIDÉRÉS
y compris la photocopie, ou la diffusion sur l’internet ou sur un intranet, sans autorisation écrite préalable. Une autorisation peut DU POINT DE VUE DE LEUR POSSI BILITÉ DE DEVENIR DES
NORMES POUVANT
être demandée à l’ISO à l’adresse ci-après ou au comité membre de l’ISO dans le pays du demandeur.
SERVIR DE RÉFÉRENCE DANS LA RÉGLEMENTATION
NATIONALE.
ISO copyright office
Case postale 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Genève
Tél.: +41 22 749 01 11
E-mail: copyright@iso.org
Web: www.iso.org
Publié en Suisse
Numéro de référence
ISO/IEC FDIS 19790:2024(fr) © ISO/IEC 2024

© ISO/IEC 2024 – Tous droits réservés
ii
ISO/IEC FDIS 19790:2024(fr)
Sommaire Page
Avant-propos .v
Introduction .vii
1 Domaine d’application . 1
2 Références normatives . 1
3 Termes et définitions . 1
4 Abréviations . 19
5 Niveaux de sécurité des modules cryptographiques . 19
5.1 Généralités .19
5.2 Niveau de sécurité 1 . . 20
5.3 Niveau de sécurité 2 . 20
5.4 Niveau de sécurité 3 . 20
5.5 Niveau de sécurité 4 .21
6 Objectifs de sécurité fonctionnelle .22
7 Exigences de sécurité .22
7.1 Généralités . 22
7.2 Spécification du module cryptographique . 25
7.2.1 Exigences générales relatives à la spécification du module cryptographique . 25
7.2.2 Types de modules cryptographiques . 26
7.2.3 Frontière cryptographique . 26
7.2.4 Fonctionnements du module .27
7.3 Interfaces du module cryptographique . 29
7.3.1 Exigences générales relatives aux interfaces du module cryptographique . 29
7.3.2 Types d’interfaces . 29
7.3.3 Catégories d’interfaces . 29
7.3.4 Chemin de confiance en clair . 30
7.3.5 Chemins internes protégés .31
7.4 Rôles, services et authentification .31
7.4.1 Exigences générales en matière de rôles, de services et d’authentification .31
7.4.2 Rôles .32
7.4.3 Services .32
7.4.4 Authentification . 34
7.5 Sécurité logicielle/micrologicielle . 36
7.5.1 Exigences générales en matière de sécurité logicielle/micrologicielle . 36
7.5.2 Niveau de sécurité 1 . 36
7.5.3 Niveau de sécurité 2 .37
7.5.4 Niveaux de sécurité 3 et 4 . 38
7.6 Environnement opérationnel . 38
7.6.1 Exigences générales relatives à l’environnement opérationnel . 38
7.6.2 Applicabilité des paragraphes . 39
7.6.3 Exigences relatives au système d’exploitation pour les environnements
opérationnels modifiables . 40
7.7 Sécurité physique .42
7.7.1 Matérialisations de la sécurité physique .42
7.7.2 Exigences générales en matière de sécurité physique .43
7.7.3 Exigences de sécurité physique pour chaque matérialisation de sécurité physique . 46
7.7.4 Protection contre les défaillances environnementales/essais de défaillance
environnementale .47
7.7.5 Fonctionnalités de protection contre les défaillances environnementales .47
7.7.6 Procédures d’essai de défaillance environnementale .47
7.8 Sécurité non invasive . 48
7.8.1 Exigences générales en matière de sécurité non invasive . 48
7.8.2 Niveaux de sécurité 1 et 2 . 48

© ISO/IEC 2024 – Tous droits réservés
iii
ISO/IEC FDIS 19790:2024(fr)
7.8.3 Niveau de sécurité 3 . 48
7.8.4 Niveau de sécurité 4 . 49
7.9 Gestion des paramètres de sécurité sensibles . 49
7.9.1 Exigences générales relatives à la gestion des paramètres de sécurité sensibles . 49
7.9.2 Générateurs de bits aléatoires . 49
7.9.3 Génération de paramètres de sécurité sensibles . 49
7.9.4 Établissement automatisé de paramètres de sécurité sensibles . 50
7.9.5 Entrée et sortie de paramètres de sécurité sensibles . 50
7.9.6 Stockage des paramètres de sécurité sensibles .51
7.9.7 Abrogation des paramètres de sécurité sensibles .51
7.10 Auto-tests .52
7.10.1 Exigences générales relatives aux auto-tests .52
7.10.2 Niveaux de sécurité 3 et 4 . 53
7.10.3 Auto-tests pré-opérationnels . 53
7.10.4 Auto-tests conditionnels . 54
7.11 Assurance du cycle de vie .
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO/IEC 27562:2024(Main)
Information technology — Security techniques — Privacy guidelines for fintech services

This document provides guidelines on privacy for fintech services. It identifies all relevant business models and roles in consumer-to-business relations and business-to-business relations, as well as privacy risks and privacy requirements, which are related to fintech services. It provides specific privacy controls for fintech services to address privacy risks. This document is based on the principles from ISO/IEC 29100, ISO/IEC 27701, and ISO/IEC 29184, the privacy impact assessment framework described in ISO/IEC 29134, and the risk management guideline described in ISO 31000. It also provides guidelines focusing on a set of privacy requirements for each stakeholder. This document can be applicable to all kinds of organizations such as regulators, institutions, service providers and product providers in the fintech service environment.

  • Standard
    30 pages
    English language
    sale 15% off
ISO
ISO/IEC 27013:2021/Amd 1:2024(Amendment)
Information security, cybersecurity and privacy protection — Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 — Amendment 1
  • Standard
    4 pages
    English language
    sale 15% off
ISO
ISO/IEC 20008-3:2024(Main)
Information security — Anonymous digital signatures — Part 3: Mechanisms using multiple public keys

This document specifies anonymous digital signature mechanisms in which a verifier uses multiple public keys to verify a digital signature. This document provides: — a general description of an anonymous digital signature mechanism using multiple public keys; — a variety of mechanisms that provide such anonymous digital signatures. For each mechanism, this document specifies the process for: — generating the private key and public key of each user; — producing signatures; — verifying signatures; — linking signatures (if the mechanism supports linking); — tracing signatures (if the mechanism supports tracing); — producing signatures with threshold capability (if the mechanism supports a threshold capability); — verifying signatures with threshold capability (if the mechanism supports a threshold capability). This document does not define the implementation of a public key infrastructure (PKI) and the means for distinct entities to exchange, extract and verify their respective public key certificates.

  • Standard
    23 pages
    English language
    sale 15% off
ISO
ISO/IEC 27035-4:2024(Main)
Information technology — Information security incident management — Part 4: Coordination

This document provides guidelines for multiple organizations handling information security incidents in a coordinated manner. It also addresses the impacts of external cooperation on the internal incident management of an individual organization and provides guidelines for an individual organization to adapt to the coordination process. Furthermore, it provides guidelines for the coordination team, if it exists, to perform coordination activities supporting the cross-organization incident response. The principles given in this document are generic and are intended to be applicable to multiple organizations to work together to handle information security incidents, regardless of their types, sizes or nature. Organizations can adjust the guidance given in this document according to their type, sizes and nature of business in relation to the information security risk situation. This document is also applicable to an individual organization that participates in partner relationships.

  • Standard
    22 pages
    English language
    sale 15% off
ISO
ISO/IEC 9797-2:2021/Cor 1:2024(Corrigendum)
Information security — Message authentication codes (MACs) — Part 2: Mechanisms using a dedicated hash-function — Technical Corrigendum 1
  • Standard
    3 pages
    English language
    sale 15% off
ISO
ISO/IEC 18014-2:2021/Cor 1:2024(Corrigendum)
Information security — Time-stamping services — Part 2: Mechanisms producing independent tokens — Technical Corrigendum 1
  • Standard
    1 page
    English language
    sale 15% off
ISO
ISO/IEC 27019:2024(Main)
Information security, cybersecurity and privacy protection — Information security controls for the energy utility industry

This document provides information security controls for the energy utility industry, based on ISO/IEC 27002:2022, for controlling and monitoring the production or generation, transmission, storage and distribution of electric power, gas, oil and heat, and for the control of associated supporting processes. This includes in particular the following: — central and distributed process control, monitoring and automation technology as well as information systems used for their operation, such as programming and parameterization devices; — digital controllers and automation components such as control and field devices or programmable logic controllers (PLCs), including digital sensor and actuator elements; — all further supporting information systems used in the process control domain, e.g. for supplementary data visualization tasks and for controlling, monitoring, data archiving, historian logging, reporting and documentation purposes; — communication technology used in the process control domain, e.g. networks, telemetry, telecontrol applications and remote-control technology; — Advanced metering infrastructure (AMI) components, e.g. smart meters; — measurement devices, e.g. for emission values; — digital protection and safety systems, e.g. protection relays, safety PLCs, emergency governor mechanisms; — energy management systems, e.g. for distributed energy resources (DER), electric charging infrastructures, and for private households, residential buildings or industrial customer installations; — distributed components of smart grid environments, e.g. in energy grids, in private households, residential buildings or industrial customer installations; — all software, firmware and applications installed on above-mentioned systems, e.g. distribution management system (DMS) applications or outage management systems (OMS); — any premises housing the abovementioned equipment and systems; — remote maintenance systems for abovementioned systems. This document does not apply to the process control domain of nuclear facilities. This domain is covered by IEC 63096.

  • Standard
    39 pages
    English language
    sale 15% off
  • Standard
    48 pages
    French language
    sale 15% off
ISO
ISO/IEC 23264-2:2024(Main)
Information security — Redaction of authentic data — Part 2: Redactable signature schemes based on asymmetric mechanisms

This document specifies cryptographic mechanisms to redact authentic data. The mechanisms described in this document offer different combinations of the security properties defined and described in ISO/IEC 23264-1. For all mechanisms, this document describes the processes for key generation, generating the redactable attestation, carrying out redactions and verifying redactable attestations. This document contains mechanisms that are based on asymmetric cryptography using three related transformations: ¾ a public transformation defined by a verification key (verification process for verifying a redactable attestation), ¾ a private transformation defined by a private attestation key (redactable attestation process for generating a redactable attestation), and ¾ a third transformation defined by the redaction key (redaction process) allowing to redact authentic information within the constraints set forth during generation of the attestation such that redacted information cannot be reconstructed. This document contains mechanisms which, after a successful redaction, allow the attestation to remain verifiable using the verification transformation and attest that non-redacted fields of the attested message are unmodified. This document further details that the three transformations have the property whereby it is computationally infeasible to derive the private attestation transformation, given the redaction and or the verification transformation and key(s).

  • Standard
    58 pages
    English language
    sale 15% off
ISO
ISO/IEC 27554:2024(Main)
Information security, cybersecurity and privacy protection — Application of ISO 31000 for assessment of identity-related risk

This document provides guidelines for identity-related risk, as an extension of ISO 31000:2018. More specifically, it uses the process outlined in ISO 31000 to guide users in establishing context and assessing risk, including providing risk scenarios for processes and implementations that are exposed to identity-related risk. This document is applicable to the risk assessment of processes and services that rely on or are related to identity. This document does not include aspects of risk related to general issues of delivery, technology or security.

  • Standard
    18 pages
    English language
    sale 15% off
ISO
ISO/IEC 27403:2024(Main)
Cybersecurity – IoT security and privacy – Guidelines for IoT-domotics

This document provides guidelines to analyse security and privacy risks and identifies controls that can be implemented in Internet of Things (IoT)-domotics systems.

  • Standard
    39 pages
    English language
    sale 15% off