Manualshelf

FIPS Standard

ManualsBrandsIntel ManualsOtherIntel Dual Band Wireless-N 7260
21222324252627282930
Documentation shall specify:
! a block diagram depicting all of the major hardware components of a cryptographic module and
component interconnections, including any microprocessors, input/output buffers,
plaintext/ciphertext buffers, control buffers, key storage, working memory, and program
memory, and
! the design of the hardware, software, and firmware components of a cryptographic module.
High-level specification languages for software/firmware or schematics for hardware shall be
used to document the design.
Documentation shall specify all security-related information, including secret and private
cryptographic keys (both plaintext and encrypted), authentication data (e.g., passwords, PINs),
CSPs, and other protected information (e.g., audited events, audit data) whose disclosure or
modification can compromise the security of the cryptographic module.
Documentation shall specify a cryptographic module security policy. The security policy shall
include the rules derived from the requirements of this standard and the rules derived from any
additional requirements imposed by the vendor (see Appendix C).
4.2 Cryptographic Module Ports and Interfaces
A cryptographic module shall restrict all information flow and physical access points to physical ports and
logical interfaces that define all entry and exit points to and from the module. The cryptographic module
interfaces shall be logically distinct from each other although they may share one physical port (e.g., input
data may enter and output data may exit via the same port) or may be distributed over one or more physical
ports (e.g., input data may enter via both a serial and a parallel port). An Application Program Interface
(API) of a software component of a cryptographic module may be defined as one or more logical
interfaces(s).
A cryptographic module shall have the following four logical interfaces ("input" and "output" are indicated
from the perspective of the module):
Data input interface. All data (except control data entered via the control input interface) that is input
to and processed by a cryptographic module (including plaintext data, ciphertext data, cryptographic
keys and CSPs, authentication data, and status information from
another module) shall enter via the
"data input" interface.
Data output interface. All data (except status data output via the status output interface) that is output
from a cryptographic module (including plaintext data, ciphertext data, cryptographic keys and CSPs,
authentication data, and control information for another module) shall exit via the "data output"
interface. All data output via the data output interface shall be inhibited when an error state exists and
during self-tests (see Section 4.9).
Control input interface. All input commands, signals, and control data (including function calls and
manual controls such as switches, buttons, and keyboards) used to control the operation of a
cryptographic module shall enter via the "control input" interface.
Status output interface. All output signals, indicators, and status data (including return codes and
physical indicators such as Light Emitting Diodes and displays) used to indicate the status of a
cryptographic module shall exit via the "status output" interface.
All external electrical power that is input to a cryptographic module (including power from an external
power source or batteries) shall enter via a power port. A power port is not required when all power is
14