4.7.5 Key Storage

Cryptographic keys stored within a cryptographic module shall be stored either in plaintext form or encrypted form. Plaintext secret and private keys shall not be accessible from outside the cryptographic module to unauthorized operators. A cryptographic module shall associate a cryptographic key secret, private, or public stored within the module with the correct entity e.g., person, group, or process to which the key is assigned. Documentation shall specify the key storage methods employed by a cryptographic module.

4.7.6 Key Zeroization

A cryptographic module shall provide methods to zeroize all plaintext secret and private cryptographic keys and CSPs within the module. Zeroization of encrypted cryptographic keys and CSPs or keys otherwise physically or logically protected within an additional embedded validated module meeting the requirements of this standard is not required. Documentation shall specify the key zeroization methods employed by a cryptographic module. 4.8 Electromagnetic InterferenceElectromagnetic Compatibility EMIEMC Cryptographic modules shall meet the following requirements for EMIEMC. Radios are explicitly excluded from these requirements but shall meet all applicable FCC requirements. Documentation shall include proof of conformance to EMIEMC requirements. SECURITY LEVELS 1 AND 2 For Security Levels 1 and 2, a cryptographic module shall at a minimum conform to the EMIEMC requirements specified by 47 Code of Federal Regulations, Part 15, Subpart B, Unintentional Radiators, Digital Devices, Class A i.e., for business use. SECURITY LEVELS 3 AND 4 For Security Levels 3 and 4, a cryptographic module shall at a minimum conform to the EMIEMC requirements specified by 47 Code of Federal Regulations, Part 15, Subpart B, Unintentional Radiators, Digital Devices, Class B i.e., for home use. 4.9 Self-Tests A cryptographic module shall perform power-up self-tests and conditional self-tests to ensure that the module is functioning properly. Power-up self-tests shall be performed when the cryptographic module is powered up. Conditional self-tests shall be performed when an applicable security function or operation is invoked i.e., security functions for which self-tests are required. A cryptographic module may perform other power-up or conditional self-tests in addition to the tests specified in this standard. If a cryptographic module fails a self-test, the module shall enter an error state and output an error indicator via the status output interface. The cryptographic module shall not perform any cryptographic operations while in an error state. All data output via the data output interface shall be inhibited when an error state exists. 33 Documentation shall specify: the self-tests performed by a cryptographic module, including power-up and conditional tests, • • • • • • the error states that a cryptographic module can enter when a self-test fails, and the conditions and actions necessary to exit the error states and resume normal operation of a cryptographic module i.e., this may include maintenance of the module, or returning the module to the vendor for servicing.

4.9.1 Power-Up Tests