Back to the Future – A Look Into ISO/IEC 19790 Physical Security Requirements (K32c)
If ISO/IEC 19790 is adopted as FIPS 140-3, what will it bring to the field of physical security? What changes will be necessary for us to remain compliant to the new standard? Will my FIPS 140-2 certificate be moot once the new standard is published? Who stole the cookie from the cookie jar? In an attempt to prepare vendors for the future of FIPS with regards to physical security, this presenter will try to answer those questions and many more!
The presentation will start by looking back at the historical changes that led us to the current stage. The presenter will compare the transitions made from FIPS 140-1 to FIPS 140-2 as a guide to vendor’s expectations during the transitionary period. After setting the background the presenter will move into reviewing what is currently known in the ISO/IEC 19790 standard as a guide of what to expect will be found in the FIPS 140-3 publication. The presenter will review the different aspects of physical security that may be relevant to future compliance. The subjects discussed will include changes in FCC compliance requirements, specifications of physical security levels, and even touch on expectations with regards to testing for Side-Channel Analysis (SCA).
The presenter’s goal is to make the audience aware of the expected changes so that they can be better prepared for the changes to come. By the end of the presentation, it is the presenter’s desire that the audience is well informed with the necessary information to start thinking and possibly developing solutions to meet future compliance requirements.