ISO/IEC 19790

{{Short description|Standard for security requirements for cryptographic modules}}

ISO/IEC 19790 is an ISO/IEC standard for security requirements for cryptographic modules. It addresses a wide range of issues regarding their implementation, including specifications, interface definitions, authentication, operational and physical security, configuration management, testing, and life-cycle management.{{Cite web |title=Preview of ISO/IEC 19790:2012(en) Information technology — Security techniques — Security requirements for cryptographic modules |url=https://www.iso.org/obp/ui/en/#iso:std:iso-iec:19790:ed-2:v2:en |access-date=2023-09-24 |website=www.iso.org}} The first version of ISO/IEC 19790 was derived from the U.S. government computer security standard FIPS 140-2, Security Requirements for Cryptographic Modules.{{Cite web |date= |title=Standards - Cryptographic Module Validation Program |url=https://csrc.nist.gov/Projects/cryptographic-module-validation-program/Standards |archive-url=https://web.archive.org/web/20171115184427/https://csrc.nist.gov/Projects/cryptographic-module-validation-program/Standards |archive-date=2017-11-15 |access-date=2023-09-24 |website=csrc.nist.gov}}

{{As of|2025|March}}, the current version of the standard is ISO/IEC 19790:2025{{Cite web |title=ISO/IEC 19790:2025 |url=https://www.iso.org/standard/82423.html |website=ISO}} that replaced the previous versions, ISO/IEC 19790:2012{{Cite web |title=ISO/IEC 19790:2012 |url=https://www.iso.org/standard/52906.html |access-date=2023-09-24 |website=ISO |language=en}} and ISO/IEC 19790:2006,{{Cite web |last= |title=ISO/IEC 19790:2006 |url=https://www.iso.org/standard/33928.html |access-date=2023-09-24 |website=ISO |language=en}} which are now obsolete.

Use of ISO/IEC 19790 is referenced in the U.S. government standard FIPS 140-3.{{Cite web |last=Computer Security Division |first=Information Technology Laboratory |date=2016-10-11 |title=CMVP FIPS 140-3 Related References - Cryptographic Module Validation Program {{!}} CSRC {{!}} CSRC |url=https://csrc.nist.gov/Projects/cryptographic-module-validation-program/fips-140-3-standards |access-date=2023-09-24 |website=CSRC {{!}} NIST |language=EN-US}} As an ISO/IEC standard, access to it requires payment, typically on a per-user basis.

ISO/IEC 24759 is a related standard for the testing of cryptographic modules,{{Cite web |last=stevevi |date=2023-06-12 |title=Federal Information Processing Standard (FIPS) 140 - Azure Compliance |url=https://learn.microsoft.com/en-us/azure/compliance/offerings/offering-fips-140-2 |access-date=2023-09-24 |website=learn.microsoft.com |language=en-us}} the first version of which derived from NIST's Derived Test Requirements for FIPS PUB 140-2, Security Requirements for Cryptographic Modules.