F2009VE 04

SECTION 4: FINITE STATE MODEL

AS.04.01The operation of the cryptographic module shall be specified using a

finite state (or equivalent) represented by a state transition diagram

and/or a state transition table. (The state transition diagram and/or state

transition table includes all operational and error states of the

cryptographic module, the corresponding transitions from one state to

another, the input events that cause transitions from one state to

another, and the output events resulting from transitions from one state

to another.)

Assessment:

AS.04.02The cryptographic module shall include the following operational and

error states:

Power on/off states. States for primary, secondary, or backup power.

These states may distinguish between power sources being applied to

the cryptographic module.

Crypto officer states. States in which the crypto officer services are

performed (e.g., cryptographic initialization and key management).

Key/CSP entry states. States for entering cryptographic keys and

CSPs into the cryptographic module.

User states. States in which authorized users obtain security services,

perform cryptographic operations, or perform other Approved or

non-Approved functions.

Self-test states. States in which the cryptographic module is

performing self-tests.

Error states. States when the cryptographic module has encountered

an error (e.g., failed a self-test or attempted to encrypt when missing

operational keys or CSPs). Error states may include "hard" errors that

indicate an equipment malfunction and that may require maintenance,

service or repair of the cryptographic module, or recoverable "soft"

errors that may require initialization or resetting of the module.

Note: This assertion is tested as part of AS04.05.

Assessment:

AS.04.03Recovery from error states shall be possible except for those caused by

hard errors that require maintenance, service, or repair of the

cryptographic module.

Assessment:

AS.04.04If the cryptographic module contains a maintenance role, then a

maintenance state shall be included.

Note: This assertion is tested as part of AS04.05.

Assessment:

AS.04.05Documentation shall include a representation of the finite state (or

equivalent) using a state transition diagram and/or state transition table

that shall specify:

* all operational and error states of the cryptographic module,

* the corresponding transitions from one state to another,

* the input events, including data inputs and control inputs, that cause

transitions from one state to another, and

* the output events, including internal module conditions, data

outputs, and status outputs resulting from transitions from one state to

Assessment:

VE.04.05.01

VE.04.05.01The vendor shall provide a description of the finite state model. This

description shall contain the identification and description of all states of

the module, and a description of all corresponding state transitions.

The descriptions of the state transitions shall include internal module

conditions, data inputs and control inputs that cause transitions from

one state to another, data outputs and status outputs resulting from

transitions from one state to another.