SECURITY GUIDELINES
FOR
CERTIFICATION AUTHORITIES
4.10 Cryptographic engineering
4.10.1 The cryptographic processes for the CA operations shall be performed in a hardware cryptographic module that minimally conforms to FIPS 140-1 Security Level 3 or FIPS 140-2 Security Level 3.
4.10.2 If the RA’s operations are separate from the CA, its cryptographic processes shall minimally conform to FIPS 140-1 Security Level 2 or FIPS 140-2 Security Level 2.
4.10.3 The cryptographic processes for the subscriber’s operations shall minimally conform to FIPS 140-1 Security Level 1 or FIPS 140-2 Security Level 1.
4.10.4 All cryptographic algorithms, protocols and their implementations shall be reviewed by a suitably qualified independent party to ensure that the cryptographic components are sufficiently secure and correctly implemented. The components that require certification include all modules and components involved in key generation, key storage, key transport and key usage.
FOR
CERTIFICATION AUTHORITIES
4.10 Cryptographic engineering
4.10.1 The cryptographic processes for the CA operations shall be performed in a hardware cryptographic module that minimally conforms to FIPS 140-1 Security Level 3 or FIPS 140-2 Security Level 3.
4.10.2 If the RA’s operations are separate from the CA, its cryptographic processes shall minimally conform to FIPS 140-1 Security Level 2 or FIPS 140-2 Security Level 2.
4.10.3 The cryptographic processes for the subscriber’s operations shall minimally conform to FIPS 140-1 Security Level 1 or FIPS 140-2 Security Level 1.
4.10.4 All cryptographic algorithms, protocols and their implementations shall be reviewed by a suitably qualified independent party to ensure that the cryptographic components are sufficiently secure and correctly implemented. The components that require certification include all modules and components involved in key generation, key storage, key transport and key usage.
