ISO/IEC 19790:2012 specifies the security requirements for a cryptographic module utilised within a security system protecting sensitive information in computer and telecommunication systems. ISO/IEC 19790:2012 defines four security levels for cryptographic modules to provide for a wide spectrum of data sensitivity (e.g. low value administrative data, million dollar funds transfers, life protecting data, personal identity information, and sensitive information used by government) and a diversity of application environments (e.g. a guarded facility, an office, removable media, and a completely unprotected location). ISO/IEC 19790:2012 specifies four security levels for each of 11 requirement areas with each security level increasing security over the preceding level.
ISO/IEC 19790:2012 specifies security requirements specified intended to maintain the security provided by a cryptographic module and compliance to this ISO/IEC 19790:2012 is not sufficient to ensure that a particular module is secure or that the security provided by the module is sufficient and acceptable to the owner of the information that is being protected.
Document published on: 2012-08-15 Edition: 2 (Monolingual) ICS: 35.040 Status: Published Stage: 60.60 (2012-08-09) TC/SC: ISO/IEC JTC 1/SC 27 Number of Pages: 71
Revises: ISO/IEC 19790:2006
Revises: ISO/IEC 19790:2006/Cor 1:2008