标准摘要
[中文适用范围]: 本国际标准规定了用于保护计算机和电信系统中敏感信息的 security 系统中使用的密码模块的安全要求。本国际标准定义了四个安全级别,以涵盖广泛的数据敏感性(例如低价值的管理数据、百万美元的资金转账、保护生命的数据、个人身份信息以及政府使用的敏感信息)和多样化的应用环境(例如受保护的设施、办公室、可移动介质和完全 unprotected 的地点)。本标准为 11 个要求领域中的每一个规定了四个安全级别,每个安全级别的安全要求均高于前一级别。本国际标准规定的安全要求旨在维持密码模块提供的安全性,但符合本国际标准并不足以确保特定模块是安全的,也不足以确保模块提供的安全性对信息所有者而言是足够和可接受的。 [外文原描述]: ISO/IEC 19790:2012 the security requirements for a cryptographic module utilised within a security system protecting sensitive information in computer and telecommunication systems. This International Standard defines four security levels for cryptographic modules to provide for a wide spectrum of data sensitivity (e.g. low value administrative data, million dollar funds transfers, life protecting data, personal identity information, and sensitive information used by government) and a diversity of application environments (e.g. a guarded facility, an office, removable media, and a completely unprotected location). This International Standard specifies four security levels for each of 11 requirement areas with each security level increasing security over the preceding level. ISO/IEC 19790:2012 specifies security requirements specifically intended to maintain the security provided by a cryptographic module and compliance with this International Standard is not sufficient to ensure that a particular module is secure or that the security provided by the module is sufficient and acceptable to the owner of the information that is being protected.
英文名称Information technology - Security techniques - Security requirements for cryptographic modules