LESIJ NO. XVII, VOL. 2/2010
NEW TRENDS IN IT&C SECURITY EVALUATION
Cristian Teodor P;UN*
This paper focuses on the link between information security and cryptography
represented by National Institute of Standards and Technology (NIST) cryptographic standards,
Federal Information Processing Standard FIPS 140-2 (Security requirements for cryptographic
modules) standard and Common Criteria for Information Technologies Security Evaluation (ISO
15408) standard. Information security is the science of protecting information and information
systems from unauthorized access, use, disclosure, disruption, modification or destruction.
Cryptography deals with design, implementation and evaluating cryptographic algorithms (e.g.
NIST AES selection process, SHA-3 completion etc.) in order to be used by products (software
and/or hardware) which are intended to protect information or information systems. Before using
in information systems those cryptographic products need to be tested and evaluated also. One
evaluation standard is FIPS 140-2. After this evaluation is obtained, from an accredited
Laboratory, the system itself needs to be evaluated in order to have a image of the assurance level
obtained. Usually these evaluation is made using ISO 15408 (Common Criteria for Information
Technology Systems) standard.
Keywords: cryptographic algorithms, FIPS 140-2, ISO 15408, crypto modules, security
INFOSEC domain covers the following areas:
Figure 1: INFOSEC standards stratification
Physical security describes both measures that prevent or deter attackers from accessing a
facility, resource, or information stored on a physical media and guidance on how to design
structures to resist various hostile acts.