ISO/IEC TS 20540:2025

Information security, cybersecurity and privacy protection — Testing cryptographic modules in their field

Apstrakt

This document provides recommendations, requirements and checklists which can be used to support the specification and field testing of cryptographic modules in their field within an organization’s security system. The cryptographic modules have an overall security rating commensurate with the four security levels defined in ISO/IEC 19790:2025, to provide for:
—     a wide spectrum of data sensitivity (e.g. low-value administrative data, million-dollar funds transfers, life-protecting data, personal identity information, and sensitive information used by government), and
—     a diversity of application environments (e.g. a guarded facility, an office, removable media, and a completely unprotected location).
This document is limited to the security related to the cryptographic module. It does not include assessing the security of the field or application environment. It does not define techniques for the identification, assessment and acceptance of the organization’s operational risk.
This document applies to the field testers who perform the field testing for the cryptographic modules in their field and the authorizing officials of cryptographic modules.