Dedicated Security Component – A FIPS Module in the CC World (C23a)
Cryptography underpinning data confidentiality and integrity is evident not only in the high demand for cryptographic module validation but also in the Dedicated Security Component collaborative Protection Profile (DSC cPP). In this talk, the latest DSC cPP specification will be introduced and compared to requirements from FIPS 140-3. Security Data Objects/Elements (SDOs/SDEs) needing protection in the DSC cPP world are counterparts of Sensitive Security Parameters (SSPs) in the FIPS realm. DSC TOE services managing SDOs/SDEs via novel terminology largely overlap with a FIPS module’s SSP management services. The talk will also provide a brief overview of NIAP, the U.S. implementation of Common Criteria, and analyze how a FIPS-compliant hardware module could complete a DSC cPP evaluation under NIAP.