The IT Law Wiki


  • NIST, Security Requirements for Cryptographic Modules (FIPS 140-1) (Jan. 1994) (full-text).


This publication provides a standard to be used by U.S. federal organizations when these organizations specify that cryptographic-based security systems protecting unclassified information within computer and telecommunication systems (including voice systems).

Protection of a cryptographic module within a security system is necessary to maintain the confidentiality and integrity of the information protected by the module. This standard specifies the security requirements that are to be satisfied by a cryptographic module. The standard provides four increasing, qualitative levels of security intended to cover a wide range of potential applications and environments.

The security requirements cover areas related to the secure design and implementation of a cryptographic module. These areas include basic design and documentation, module interfaces, authorized roles and services, physical security, software security, operating system security, key management, cryptographic algorithms, electromagnetic interference/electromagnetic compatibility (EMI/EMC), and self-testing.

This standard superseded FIPS 140, General Security Requirements for Equipment Using the Data Encryption Standard, in its entirety.

Security levels[]

Security Level 1[]

Security Level 1 provides the lowest level of security. It specifies basic security requirements for a cryptographic module (e.g., the encryption algorithm must be a FIPS-approved algorithm), but it differs from the higher levels in several respects. No physical security mechanisms are required in the module beyond the requirement for production-grade equipment.

Security Level 2[]

Security Level 2 improves the physical security of a Security Level 1 cryptographic module by adding the requirement for tamper-evident coatings or seals, or for pick-resistant locks. Tamper evident coatings or seals would be placed on a cryptographic module so that the coating or seal would have to be broken in order to attain physical access to the plaintext cryptographic keys and other critical security parameters within the module. Pick-resistant locks would be placed on covers or doors to protect against unauthorized physical access. These requirements provide a low cost means for physical security and avoid the cost of the higher level of protection involving hard opaque coatings or significantly more expensive tamper detection and zeroization circuitry.

Security Level 3[]

Security Level 3 requires enhanced physical security which is generally available in many existing commercial security products. Unlike Security Level 2 which employs locks to protect against tampering with a cryptographic module, or employs coatings or seals to detect when tampering has occurred, Level 3 attempts to prevent the intruder from gaining access to critical security parameters held within the module.

Level 3 provides for identity-based authentication, which is stronger than the role-based authentication used in Level 2. A module must authenticate the identity of an operator and verify that the identified operator is authorized to assume a specific role and perform a corresponding set of services.

Level 3 provides stronger requirements for entering and outputting critical security parameters. The data ports used for critical security parameters must be physically separated from other data ports. Furthermore, the parameters must either be entered into or output from the module in encrypted form (in which case they may travel through enclosing or intervening systems) or be directly entered into or output from the module (without passing through enclosing or intervening systems) using split knowledge procedures.

Security Level 4[]

Security Level 4 provides the highest level of security. Level 4 physical security provides an envelope of protection around the cryptographic module. Whereas the tamper detection circuits of lower level modules may be bypassed, the intent of Level 4 protection is to detect a penetration of the device from any direction. For example, if one attempts to cut through the enclosure of the cryptographic module, the attempt should be detected and all critical security parameters should be zeroized. Level 4 devices are particularly useful for operation in a physically unprotected environment where an intruder could possibly tamper with the device.

Level 4 also protects a module against a compromise of its security due to environmental conditions or fluctuations outside of the module's normal operating ranges for voltage and temperature. Intentional excursions beyond the normal operating ranges could be used to thwart a module's defense during an attack. A module is required to either include special environmental protection features designed to detect fluctuations and zeroize critical security parameters, or to undergo rigorous environmental failure testing that provides a reasonable assurance that the module will not be affected by fluctuations outside of the normal operating range in a manner that can compromise the security of the module.