NIST Requests Input on Revised Cryptographic Standards
Cryptographic modules perform the cryptographic functions that protect the security of information systems: encryption, decryption, digital signing, authentication, and random number generation. FIPS 140-2 defines four qualitative security levels, which are used by hardware and software developers as a guide to the development of cryptographic tools. The Cryptographic Module Validation Program (CVMP), a joint effort between NIST and the Communications Security Establishment Canada (CSEC), validates these modules for use by federal agencies and contractors.
NIST originally began work on the successor to FIPS 140-2 back in 2005, and published drafts for comment in 2007, 2009, and 2012. NIST is now considering the adoption of ISO/IEC 19790:2012 as the successor to FIPS 140-2. ISO/IEC’s 19790 series was originally based on the predecessor to FIPS 140-2 and, as with the FIPS approach, it has four security levels and eleven requirement areas. ISO/IEC revised the 19790 series in 2012. The 2012 revision expanded the scope of the standards to address software and firmware in addition to hardware, among other developments.
The RFI asks several questions designed to elicit input from organizations that develop or use cryptographic tools on the likely impact of switching to ISO/IEC 19790:2012. NIST is particularly interested in gauging the demand for the new ISO/IEC standard and weighing its benefits against the potential disruptive impact of switching standards. The RFI includes the following questions:
- Have your customers or users asked for either ISO/IEC 19790:2012 or FIPS 140-2 validations in cryptographic products?
- Have the markets you serve asked for either validation and have you noticed any changes in what the markets you serve are asking for?
- Do you think the ISO/IEC 19790:2012 standard specifies tests and provides evidence of conformance for cryptographic algorithms and modules better, equally or less as compared to FIPS 140-2 and in what areas?
- Is there a difference in risk that you perceive would be mitigated or accepted in use of one standard versus the other?
- Are the requirements in ISO/IEC 19790:2012 specific enough for your organization to develop a cryptographic module that can demonstrate conformance to this standard?
- Would the U.S. Government citation of an ISO standard that has a fee for access to the standard inhibit your use or implementation of this standard?
- Do either FIPS 140-2 or ISO/IEC 19790:2012 have a gap area that is not required for implementation, test or validation that presents an unacceptable risk to users of cryptographic modules?
Adoption of ISO/IEC 19790:2012 as the NIST standard would enable cryptographic standards to be harmonized throughout much of the globe. For organizations with information systems in several jurisdictions, the efficiencies of a harmonized approach may be significant. But transition costs are likely because several changes would impact the design of cryptographic modules. For example, whereas FIPS 140-2 allows password complexity requirements to be manually enforced, ISO/IEC 19790:2012 would require that complexity requirements be enforced by the module itself. Many products that have been certified under FIPS 140-2 may need to be re-engineered to be validated under the new standards.
Comments are being accepted at UseOfISO@nist.gov through September 28 at 5:00 p.m. EST.
Brian Kennedy, an associate in our Washington, D.C. office, contributed to this entry.
This entry was originally posted on Hogan Lovells’ Chronicle of Data Protection