Manualshelf

FIPS Standard

ManualsBrandsIntel ManualsOtherIntel Dual Band Wireless-N 7260
31323334353637383940
SECURITY LEVEL 4
In addition to the applicable requirements for Security Levels 1, 2, and 3, the following requirements shall
also apply to operating systems for Security Level 4.
All cryptographic software, cryptographic keys and CSPs, and control and status information shall
be under the control of
! an operating system that meets the functional requirements specified in the Protection Profiles
listed in Annex B. The operating system shall be evaluated at the CC evaluation assurance
level EAL4, or
! an equivalent evaluated trusted operating system.
4.7 Cryptographic Key Management
The security requirements for cryptographic key management encompass the entire lifecycle of
cryptographic keys, cryptographic key components, and CSPs employed by the cryptographic module.
Key management includes random number and key generation, key establishment, key distribution, key
entry/output, key storage, and key zeroization. A cryptographic module may also employ the key
management mechanisms of another cryptographic module. Encrypted cryptographic keys and CSPs refer
to keys and CSPs that are encrypted using an Approved algorithm or Approved security function.
Cryptographic keys and CSPs encrypted using a non-Approved algorithm or proprietary algorithm or
method are considered in plaintext form, within the scope of this standard
Secret keys, private keys, and CSPs shall be protected within the cryptographic module from unauthorized
disclosure, modification, and substitution. Public keys shall be protected within the cryptographic module
against unauthorized modification and substitution.
Documentation shall specify all cryptographic keys, cryptographic key components, and CSPs employed
by a cryptographic module.
4.7.1 Random Number Generators (RNGs)
A cryptographic module may employ random number generators (RNGs). If a cryptographic module
employs Approved or non-Approved RNGs in an Approved mode of operation, the data output from the
RNG shall pass the continuous random number generator test as specified in Section 4.9.2. Approved
RNGs shall be subject to the cryptographic algorithm test in Section 4.9.1. Approved RNGs are listed in
Annex C to this standard.
Until such time as an Approved nondeterministic RNG standard exists, nondeterministic RNGs approved
for use in classified applications may be used for key generation or to seed Approved deterministic RNGs
used in key generation. Commercially available nondeterministic RNGs may be used for the purpose of
generating seeds for Approved deterministic RNGs. Nondeterministic RNGs shall comply with all
applicable RNG requirements of this standard.
An Approved RNG shall be used for the generation of cryptographic keys used by an Approved security
function. The output from a non-Approved RNG may be used 1) as input (e.g., seed, and seed key) to an
Approved deterministic RNG or 2) to generate initialization vectors (IVs) for Approved security
function(s). The seed and seed key shall not have the same value.
Documentation shall specify each RNG (Approved and non-Approved) employed by a cryptographic
module.
30