Navigate to content

New International Standard from INCITS to Specify Cryptographic Modules

INCITS
Contact: Maryann Karinch
Karinch Communications
pr@karinch.com
650.726.7020

New International Standard from INCITS to Specify Cryptographic Modules
First-Ever Joint US-Canadian Standards Effort in IT Security Techniques

Washington, D.C. October 30, 2002 - The InterNational Committee for Information Technology Standards (INCITS) and the Communications Security Establishment of the Government of Canada have jointly produced a new work item proposal to serve as a basis for producing an international standard specifying security requirements for cryptographic modules at one of four different levels of security. INCITS Technical Committee T4 and the Communications Security Establishment of the Government of Canada will each supply a co-editor for this international project.

The proposed initial Working Draft for the standard is a rewritten version of a National Institute of Standards and Technology (NIST) document called "Security Requirements for Cryptographic Modules." Among the modifications are the addition of ISO terms, definitions, and references, including references to existing ISO standards.

"In IT, there is an ever-increasing need to use cryptographic mechanisms for the protection of data against unauthorized disclosure or modification, for entity authentication, and for non-repudiation functions," said Dr. Rowena Chester Research Professor at the University of Tennessee and Chair of T4. "The security and reliability of such mechanisms are directly dependent on the cryptographic modules in which they are implemented."

The international standard will be used to specify cryptographic-based security mechanisms for the protection of sensitive or valuable data. The security requirements cover areas related to the secure design and implementation of a cryptographic module.

These areas include

  • Cryptographic module specification;
  • Cryptographic module ports and interfaces;
  • Roles, services, and authentication;
  • Finite state model; physical security;
  • Operational environment;
  • Cryptographic key management;
  • Self-tests;
  • Design assurance; and
  • Mitigation of other attacks.

"The cooperation between T4 and our Canadian counterpart represents an unprecedented cooperative effort in the area of IT security techniques," said Kate McMillan, director of the INCITS Secretariat.

About INCITS
The InterNational Committee for Information Technology Standards (INCITS) is the venue of choice for information technology developers, producers and users for the creation and maintenance of formal IT standards. INCITS is accredited by, and operates under rules approved by, the American National Standards Institute (ANSI). These rules are designed to ensure that voluntary standards are developed by the consensus of directly and materially affected interests. Contact: INCITS Secretariat, Information Technology Industry Council (ITIC), 1250 Eye St. NW, Suite 200, Washington, DC 20005   (www.incits.org) .