iv
5.4. Interoperability........................................................................................ 46
5.5. Minimum Interoperability Specification for PKI Components (MISPC) ... 47
5.6. Federal PKI Architecture ........................................................................ 48
5.6.1. Architecture Components................................................................. 49
5.6.2. Operational Concept ........................................................................ 51
5.6.3. Federal PKI (FPKI) Steering Committee .......................................... 52
6. TESTING...................................................................................................... 53
6.1. Cryptographic Module Validation Program (CMVP) ............................... 55
6.1.1. Background...................................................................................... 55
6.1.2. FIPS PUB 140-1 Requirements ....................................................... 58
6.1.3. Validated Modules List ..................................................................... 60
6.1.4. Effective Use of FIPS PUB 140-1..................................................... 60
6.2. National Voluntary Laboratory Accreditation Program (NVLAP) ............ 60
6.3. Industry and Standards Organizations ................................................... 60
6.3.1. National Information Assurance Partnership (NIAP) ........................ 61
6.4. Certification and Management Authorization.......................................... 61
7. SELECTING CRYPTOGRAPHY - THE PROCESS..................................... 63
7.1. Planning Phase...................................................................................... 67
7.1.1. Security Policies............................................................................... 67
7.1.2. Risk Assessment.............................................................................. 71
7.1.3. Security Objectives........................................................................... 73
7.2. Definition Phase..................................................................................... 74
7.2.1. Security Requirements/Specifications.............................................. 75
7.2.2. Cryptographic Method Example....................................................... 83
7.2.3. Selecting Cryptographic Countermeasures...................................... 84
7.3. Acquisition Phase................................................................................... 94
7.3.1. Implementation Approach ................................................................ 95
7.4. Operations Phase .................................................................................. 97
7.4.1. Training and Documentation ............................................................ 97
7.4.2. Life Cycle Management of Cryptographic Components ................... 97
8. PUTTING IT ALL TOGETHER - EXAMPLES............................................... 99
8.1. Key Recovery Demonstration Project (KRDP) ....................................... 99
8.1.1. Department of Energy: EZ_ERA32 and the KRDP.......................... 99
8.1.2. U.S. Electronic Grants.................................................................... 103
8.2. Army Corps of Engineers ..................................................................... 106
8.2.1. ESS Architecture............................................................................ 107
8.2.2. Key Management ........................................................................... 108
8.2.3. Signature Generation and Verification............................................ 109
8.3. Treasury Electronic Certification System.............................................. 109
8.3.1. Program History ............................................................................. 109
8.3.2. ECS Process.................................................................................. 110
8.3.3. Future Plans: Windows-Based ECS (WECS)................................. 111
9. WHAT’S NEXT?......................................................................................... 112
9.1. Advanced Encryption Standard (AES) ................................................. 112
9.1.1. Minimum Acceptability Requirements ............................................ 112
9.1.2. Evaluation Criteria.......................................................................... 112
