HSM for Dummies
tion of defined security criteria is attained, depending on the degree of security
necessary and the quality tests required.
The ISO/IEC 19790 standard is essentially a reworking of the national U.S. standard
‘Federal Information Processing Standard Publication (FIPS PUB) 140-2:
Security requirements for cryptographic modules’. This ISO will represent a
broader foundation in upcoming FIPS 140 definitions.
Figure 4.1: CMVP website
The CMVP website has all information you could want on FIPS 140;
see http://csrc.nist.gov/groups/STM/cmvp/index.html.
The ‘Module Validation Lists’ section has an overview of certified devices
sorted by manufacturer. The ‘Modules in Process’ section contains
all manufacturers whose modules are currently under evaluation.
28
/index.html
