Manualshelf

FIPS Standard

ManualsBrandsIntel ManualsOtherIntel Dual Band Wireless-N 7260
21222324252627282930
provided or maintained internally to the cryptographic boundary of the cryptographic module (e.g., an
internal battery).
The cryptographic module shall distinguish between data and control for input and data and status for
output. All input data entering the cryptographic module via the "data input" interface shall only pass
through the input data path. All output data exiting the cryptographic module via the "data output"
interface shall only pass through the output data path. The output data path shall be logically disconnected
from the circuitry and processes while performing key generation, manual key entry, or key zeroization.
To prevent the inadvertent output of sensitive information, two independent internal actions shall be
required to output data via any output interface through which plaintext cryptographic keys or CSPs or
sensitive data are output (e.g., two different software flags are set, one of which may be user initiated; or
two hardware gates are set serially from two separate actions).
SECURITY LEVELS 1 AND 2
For Security Levels 1 and 2, the physical port(s) and logical interface(s) used for the input and output of
plaintext cryptographic keys, cryptographic key components, authentication data, and CSPs may be shared
physically and logically with other ports and interfaces of the cryptographic module.
SECURITY LEVELS 3 AND 4
For Security Levels 3 and 4,
the physical port(s) used for the input and output of plaintext cryptographic key components,
authentication data, and CSPs shall be physically separated from all other ports of the
cryptographic module
or
the logical interfaces used for the input and output of plaintext cryptographic key components,
authentication data, and CSPs shall be logically separated from all other interfaces using a
trusted path,
and
plaintext cryptographic key components, authentication data, and other CSPs shall be directly
entered into the cryptographic module (e.g., via a trusted path or directly attached cable). (See
Section 4.7.4.)
4.3 Roles, Services, and Authentication
A cryptographic module shall support authorized roles for operators and corresponding services within
each role. Multiple roles may be assumed by a single operator. If a cryptographic module supports
concurrent operators, then the module shall internally maintain the separation of the roles assumed by each
operator and the corresponding services. An operator is not required to assume an authorized role to
perform services where cryptographic keys and CSPs are not modified, disclosed, or substituted (e.g., show
status, self-tests, or other services that do not affect the security of the module).
Authentication mechanisms may be required within a cryptographic module to authenticate an operator
accessing the module, and to verify that the operator is authorized to assume the requested role and perform
the services within the role.
15