This International Standard specifies the security requirements for a cryptographic module utilized within a
security system protecting sensitive information in computer and telecommunication systems. This
International Standard defines four security levels for cryptographic modules to provide for a wide spectrum of
data sensitivity (e.g., low value administrative data, million dollar funds transfers, and life protecting data) and
a diversity of application environments (e.g., a guarded facility, an office, and a completely unprotected
location). Four security levels are specified for each of 10 requirement areas. Each security level offers an
increase in security over the preceding level.
While the security requirements specified in this International Standard are intended to maintain the security
provided by a cryptographic module, compliance to this International Standard is not sufficient to ensure that a
particular module is secure or that the security provided by the module is sufficient and acceptable to the
owner of the information that is being protected.
ISO/IEC 19790:2006 history
2015ISO/IEC 19790:2012/Cor 1:2015 Information technology.Security technology.Security requirements for cryptographic modulesTechnical corrigendum 1
2012ISO/IEC 19790:2012 Information technology - Security techniques - Security requirements for cryptographic modules
2008ISO/IEC 19790:2006/Cor 1:2008 Information technology - Security techniques - Security requirements for cryptographic modules; Technical Corrigendum 1
2006ISO/IEC 19790:2006 Information technology - Security techniques - Security requirements for cryptographic modules