Documentation shall specify: the self-tests performed by a cryptographic module, including power-up and conditional tests, • • • • • • the error states that a cryptographic module can enter when a self-test fails, and the conditions and actions necessary to exit the error states and resume normal operation of a cryptographic module i.e., this may include maintenance of the module, or returning the module to the vendor for servicing.

4.9.1 Power-Up Tests

Power-up tests shall be performed by a cryptographic module when the module is powered up after being powered off, reset, rebooted, etc.. The power-up tests shall be initiated automatically and shall not require operator intervention. When the power-up tests are completed, the results i.e., indications of success or failure shall be output via the “status output” interface. All data output via the data output interface shall be inhibited when the power-up tests are performed. In addition to performing the power-up tests when powered up, a cryptographic module shall permit operators to initiate the tests on demand for periodic testing of the module. Resetting, rebooting, and power cycling are acceptable means for the on-demand initiation of power-up tests. A cryptographic module shall perform the following power-up tests: cryptographic algorithm test, softwarefirmware integrity test, and critical functions test. Cryptographic algorithm test . A cryptographic algorithm test using a known answer shall be conducted for all cryptographic functions e.g., encryption, decryption, authentication, and random number generation of each Approved cryptographic algorithm implemented by a cryptographic module. A known-answer test involves operating the cryptographic algorithm on data for which the correct output is already known and comparing the calculated output with the previously generated output the known answer. If the calculated output does not equal the known answer, the known-answer test shall fail. Cryptographic algorithms whose outputs vary for a given set of inputs e.g., the Digital Signature Algorithm shall be tested using a known-answer test or shall be tested using a pair-wise consistency test specified below. Message digest algorithms shall have an independent known-answer test or the known- answer test shall be included with the associated cryptographic algorithm test e.g., the Digital Signature Standard. If a cryptographic module includes two independent implementations of the same cryptographic algorithm, then: the known-answer test may be omitted, the outputs of two implementations shall be continuously compared, and if the outputs of two implementations are not equal, the cryptographic algorithm test shall fail. Softwarefirmware integrity test . A softwarefirmware integrity test using an error detection code EDC or Approved authentication technique e.g., an Approved message authentication code or digital signature algorithm shall be applied to all validated software and firmware components within a cryptographic module when the module is powered up. The softwarefirmware integrity test is not required for any software and firmware components excluded from the security requirements of this standard refer to 34 Section 4.1. If the calculated result does not equal the previously generated result, the softwarefirmware test shall fail. If an EDC is used, the EDC shall be at least 16 bits in length. Critical functions test . Other security functions critical to the secure operation of a cryptographic module shall be tested when the module is powered up as part of the power-up tests. Other critical security functions performed under specific conditions shall be tested as conditional tests. Documentation shall specify all security functions critical to the secure operation of a cryptographic module and shall identify the applicable power-up tests and conditional tests performed by the module.

4.9.2 Conditional Tests