• The cryptographic module shall either include environmental failure protection EFP features or
undergo environmental failure testing EFT as specified in Section 4.5.5.
4.5.2 Single-Chip Cryptographic Modules
In addition to the general security requirements specified in Section 4.5.1, the following requirements are specific to single-chip cryptographic modules.
SECURITY LEVEL 1 There are no additional Security Level 1 requirements for single-chip cryptographic modules.
SECURITY LEVEL 2 In addition to the requirements for Security Level 1, the following requirements shall apply to single-chip
cryptographic modules for Security Level 2.
• The cryptographic module shall be covered with a tamper-evident coating e.g., a tamper-evident
passivation material or a tamper-evident material covering the passivation or contained in a tamper-evident enclosure to deter direct observation, probing, or manipulation of the module and to
provide evidence of attempts to tamper with or remove the module.
• The tamper-evident coating or tamper-evident enclosure shall be opaque within the visible
spectrum. SECURITY LEVEL 3
In addition to the requirements for Security Levels 1 and 2, the following requirements shall apply to single-chip cryptographic modules for Security Level 3.
Either
• the cryptographic module shall be covered with a hard opaque tamper-evident coating e.g., a hard
opaque epoxy covering the passivation or
• the enclosure shall be implemented so that attempts at removal or penetration of the enclosure shall
have a high probability of causing serious damage to the cryptographic module i.e., the module will not function.
SECURITY LEVEL 4 In addition to the requirements for Security Levels 1, 2, and 3, the following requirements shall apply to
single-chip cryptographic modules for Security Level 4.
• The cryptographic module shall be covered with a hard, opaque removal-resistant coating with
hardness and adhesion characteristics such that attempting to peel or pry the coating from the module will have a high probability of resulting in serious damage to the module i.e., the module
will not function.
• The removal-resistant coating shall have solvency characteristics such that dissolving the coating
will have a high probability of dissolving or seriously damaging the module i.e., the module will not function.
23
4.5.3 Multiple-Chip Embedded Cryptographic Modules