FIPS Standard
module will receive a rating that reflects the maximum security level for which the module fulfills all of the
requirements of that area. In areas that do not provide for different levels of security (i.e., standard set of
requirements), the cryptographic module will receive a rating commensurate with the overall level of
security.
In addition to receiving independent ratings for each of the security areas, a cryptographic module will also
receive an overall rating. The overall rating will indicate the minimum of the independent ratings received
in the areas.
Many of the security requirements of this standard include specific documentation requirements that are
summarized in Appendices A and C. All documentation, including copies of the user and installation
manuals, shall be provided to the testing laboratory by the vendor.
4.1 Cryptographic Module Specification
A cryptographic module shall be a set of hardware, software, firmware, or some combination thereof that
implements cryptographic functions or processes, including cryptographic algorithms and, optionally, key
generation, and is contained within a defined cryptographic boundary. A cryptographic module shall
implement at least one Approved security function used in an Approved mode of operation. Non-Approved
security functions may also be included for use in non-Approved modes of operation. The operator shall be
able to determine when an Approved mode of operation is selected. For Security Levels 1 and 2, the
cryptographic module security policy may specify when a cryptographic module is performing in an
Approved mode of operation. For Security Levels 3 and 4, a cryptographic module shall indicate when an
Approved mode of operation is selected. (Approved security functions are listed in Annex A to this
standard.)
A cryptographic boundary shall consist of an explicitly defined perimeter that establishes the physical
bounds of a cryptographic module. If a cryptographic module consists of software or firmware
components, the cryptographic boundary shall contain the processor(s) and other hardware components that
store and protect the software and firmware components. Hardware, software, and firmware components of
a cryptographic module can be excluded from the requirements of this standard if shown that these
components do not affect the security of the module.
The following documentation requirements shall apply to all security-specific hardware, software, and
firmware contained within a cryptographic module. These requirements do not apply to microcode or
system software whose source code is not available to the vendor or to any hardware, software, or firmware
components that can be shown not to affect the security of the cryptographic module.
• Documentation shall specify the hardware, software, and firmware components of a cryptographic
module, specify the cryptographic boundary surrounding these components, and describe the
physical configuration of the module (see Section 4.5).
• Documentation shall specify any hardware, software, or firmware components of a cryptographic
module that are excluded from the security requirements of this standard and explain the rationale
for the exclusion.
• Documentation shall specify the physical ports and logical interfaces and all defined input and
output data paths of a cryptographic module.
• Documentation shall specify the manual or logical controls of a cryptographic module, physical or
logical status indicators, and applicable physical, logical, and electrical characteristics.
• Documentation shall list all security functions, both Approved and non-Approved, that are
employed by a cryptographic module and shall specify all modes of operation, both Approved and
non-Approved.
13