标准摘要
[中文适用范围]: 本文件提供了推荐意见、要求和检查清单,可用于支持组织安全系统内加密模块在实际应用环境中的规格制定和现场测试。这些加密模块的整体安全等级与ISO/IEC 19790:2025中定义的四个安全级别相匹配,以满足以下需求:——广泛的数据敏感性范围(例如低价值的管理数据、百万美元的资金转账、生命保护数据、个人身份信息以及政府使用的敏感信息),以及——多样的应用环境(例如受保护的设施、办公室、可移动媒体以及完全无保护的地点)。本文件仅限于与加密模块相关的安全内容,不包括对现场或应用环境安全的评估。本文件未定义用于识别、评估和接受组织运营风险的技术。本文件适用于执行加密模块现场测试的现场测试人员以及加密模块的授权官员。 [外文原描述]: This document provides recommendations, requirements and checklists which can be used to support the specification and field testing of cryptographic modules in their field within an organization’s security system. The cryptographic modules have an overall security rating commensurate with the four security levels defined in ISO/IEC 19790:2025, to provide for: — a wide spectrum of data sensitivity (e.g. low-value administrative data, million-dollar funds transfers, life-protecting data, personal identity information, and sensitive information used by government), and — a diversity of application environments (e.g. a guarded facility, an office, removable media, and a completely unprotected location). This document is limited to the security related to the cryptographic module. It does not include assessing the security of the field or application environment. It does not define techniques for the identification, assessment and acceptance of the organization’s operational risk. This document applies to the field testers who perform the field testing for the cryptographic modules in their field and the authorizing officials of cryptographic modules.
英文名称Information security, cybersecurity and privacy protection - Testing cryptographic modules in their field