VE 01: Difference between revisions

Jump to navigation Jump to search

VE 01 (view source)

Revision as of 23:27, 22 July 2005

382,307 bytes removed ,  22 July 2005
no edit summary
No edit summary
 
No edit summary
Line 1: Line 1:
<html><head>
<meta http-equiv="CONTENT-TYPE" content="text/html; charset=windows-1252"><title></title>
<meta name="GENERATOR" content="StarOffice 7  (Win32)">
<meta name="CREATED" content="20050722;15152389">
<meta name="CHANGEDBY" content="Glen Beasley">
<meta name="CHANGED" content="20050722;16143066">
<style>
<!--
@page { size: 8.5in 11in; margin-left: 0.79in; margin-right: 1in; margin-top: 0.5in; margin-bottom: 0.5in }
P { margin-bottom: 0.08in }
-->
</style></head>


<body dir="ltr" lang="en-US">
<p style="margin-top: 0.04in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="4"><i><b>SECTION
1: CRYPTOGRAPHIC MODULE SPECIFICATION</b></i></font></font></font></p>
<p style="margin-top: 0.19in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.01.01</font></b>The
cryptographic module shall be a set of hardware, software, </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">firmware,
or some combination thereof that implements cryptographic </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">functions
or processes, including cryptographic algorithms and, </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">optionally,
key generation, and is contained within a defined </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">cryptographic
boundary.</font></font></font></p>
<p style="margin-top: 0.17in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.01.02</font></b>The
cryptographic module shall implement at least one Approved </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">security
function used in an Approved mode of operation.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Note:
This assertion is tested as part of AS01.12.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.01.03</font></b>The
operator shall be able to determine when an Approved mode of </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">operation
is selected.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><a href="#VE.01.03.01"><b><font size="4">VE.01.03.01</font></b></a>The
vendor provided nonproprietary security policy shall provide a </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">description
of the Approved mode of operation.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><a href="#VE.01.03.02"><b><font size="4">VE.01.03.02</font></b></a>The
vendor provided non-proprietary security policy shall provide </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">instructions
for invoking the Approved mode of operation.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.01.05</font></b>The
cryptographic boundary shall consist of an explicitly defined </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">perimeter
that establishes the physical bounds of the cryptographic </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">module.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.01.06</font></b>If
the cryptographic module consists of software or firmware </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">components,
the cryptographic boundary shall contain the processor(s) </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">and
other hardware components that store and protect the software and</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">firmware
components.</font></font></font></p>
<p style="margin-top: 0.55in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.01.06.01</font></b>For
each processor in the module, the vendor shall identify, by major </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">services,
the software or firmware that are executed by the processor, </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">and
the memory devices that contain the executable code and data.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.01.06.02</font></b>For
each processor, the vendor shall identify any hardware with which </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">the
processor interfaces.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.01.07</font></b>The
following documentation requirements shall apply to all </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">security-specific
hardware, software, and firmware contained within the</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">cryptographic
module.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Note:
This assertion is not separately tested.</font></font></font></p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.01.08</font></b>Documentation
shall specify the hardware, software, and firmware </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">components
of the cryptographic module, specify the cryptographic </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">boundary
surrounding these components, and describe the physical </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">configuration
of the module.</font></font></font></p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.01.08.01</font></b>All
hardware, software, and firmware components of the cryptographic </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">module
shall be identified in the vendor documentation. Components </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">to
be listed shall include, as applicable, all of the following:</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">1.
Integrated circuits, including processors, memory, and (semi-) </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">custom
integrated circuits</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">2.
Other active electronic circuit elements</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">3.
Power inputs and outputs, and internal power supplies or </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">converters</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">4.
Physical structures, including circuit boards or other mounting </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">surfaces,
enclosures, and connectors</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">5.
Software and firmware modules</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">6.
Other component types not listed above</font></font></font></p>
<p style="margin-top: 0.02in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.01.08.02</font></b>The
above list of components shall be consistent with the information </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">provided
for all other assertions of this section.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.2in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.01.08.03</font></b>The
vendor documentation shall specify the module's cryptographic </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">boundary.
The cryptographic boundary shall be an explicitly defined, </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">contiguous
perimeter that establishes the physical bounds of the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">cryptographic
module. The boundary definition shall specify module </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">components
and connections (ports), and also module information </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">flows,
processing, and input/output data.</font></font></font></p>
<p style="margin-top: 0.17in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.01.08.04</font></b>The
cryptographic boundary shall include any hardware or software </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">that
inputs, processes, or outputs important security parameters that </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">could
lead to the compromise of sensitive information if not properly </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.01.08.05</font></b>The
vendor documentation shall specify the physical embodiments of </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">the
module ( single-chip cryptographic module, multiple-chip embedded</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">cryptographic
module, or multiple-chip standalone cryptographic </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">module,
as defined in Section 4.5 of FIPS PUB 140-2.</font></font></font></p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.01.08.06</font></b>The
vendor's documentation shall indicate the internal layout and </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">assembly
methods (e.g., fasteners and fittings) of the module, including </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">drawings
that are at least approximately to scale. The interior of </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">integrated
circuits need not be shown.</font></font></font></p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.01.08.07</font></b>The
vendor's documentation shall describe the primary physical </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">parameters
of the module, including descriptions of the enclosure, </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">access
points, circuit boards, location of power supply, interconnection </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">wiring
runs, cooling arrangements, and any other significant parameters.</font></font></font></p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.01.09</font></b>Documentation
shall specify any hardware, software, or firmware </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">components
of the cryptographic module that are excluded from the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">security
requirements of this standard and explain the rationale for the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">exclusion.</font></font></font></p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.01.09.01</font></b>All
components that are to be excluded from the security requirements </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">shall
be explicitly listed in the vendor documentation.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.02in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.2in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.01.09.02</font></b>The
rationale for excluding each of the components listed in response to</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">requirement
VE01.09.01 shall be provided in the vendor </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">documentation.
The vendor shall show that each component, even if </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">malfunctioning
or misused, cannot cause a compromise under any </font></font></font>
</p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.01.10</font></b>Documentation
shall specify the physical ports and logical interfaces </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">and
all defined input and output paths of the cryptographic module.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Note:
This assertion is tested as part of AS02.01.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.01.11</font></b>Documentation
shall specify the manual or logical controls of the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">cryptographic
module, physical or logical status indicators, and their </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">physical,
logical, and electrical characteristics. </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Note:
This assertion is tested as part of AS02.01.</font></font></font></p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.01.12</font></b>Documentation
shall list all security functions, both Approved and </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">non-Approved,
that are employed by the cryptographic module and </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">shall
specify all modes of operation, both Approved and non-Approved.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.01.12.01</font></b>The
vendor shall provide a validation certificate for all Approved </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">cryptographic
algorithms.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.01.12.02</font></b>The
vendor shall provide a list of all non-Approved security functions.</font></font></font></p>
<p style="margin-top: 0.23in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.01.13</font></b>Documentation
shall specify a block diagram depicting all of the major </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">hardware
components of the cryptographic module and their </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">interconnections,
including any microprocessors, input/output buffers, </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">plaintext/ciphertext
buffers, control buffers, key storage, working </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">memory,
and program memory.</font></font></font></p>
<p style="margin-top: 0.17in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.01.13.01</font></b>The
vendor documentation shall include a block diagram showing the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">hardware
components and their interconnections. Components to be </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">included
in the block diagram shall include, as applicable:</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">1.
Microprocessors</font></font></font></p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">2.
Input/output buffers</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">3.
Plaintext/ciphertext buffers</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">4.
Control buffers</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">5.
Key storage</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">6.
Working memory</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">7.
Program memory</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">8.
Other components types not listed above</font></font></font></p>
<p style="margin-top: 0.27in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.01.13.02</font></b>The
block diagram shall also include any (semi-) custom integrated </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">circuits
(e.g., gate arrays, field programmable gate arrays, or other </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">programmable
logic).</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.01.13.03</font></b>The
block diagram shall show interconnections among major </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">components
of the module and between the module and equipment or </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">components
outside of the cryptographic boundary.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.01.13.04</font></b>The
block diagram shall show the cryptographic boundary of the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">module.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.01.14</font></b>Documentation
shall specify the design of the hardware, software, and </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">firmware
components of the cryptographic module. High-level </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">specification
languages for software/firmware or schematics for </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">hardware
shall be used to document the design.</font></font></font></p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.01.14.01</font></b>The
vendor shall provide a detailed specification of the design of the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">hardware,
software, and/or firmware contained in the module. This </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">documentation
shall include, the finite state model and description </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">referred
to in Section 4.4 of FIPS PUB 140-2. If the relationship </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">between
the finite state model and the design specification is not clear, </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">the
vendor shall provide additional documentation that describes this </font></font></font>
</p>
<p style="margin-top: 0.17in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.01.15</font></b>Documentation
shall specify all security-related information, including </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">secret
and private cryptographic keys (both plaintext and encrypted), </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">authentication
data (e.g., passwords, PINs), CSPs, and other protected </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">information
(e.g., audited events, audit data) whose disclosure or </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">modification
can compromise the security of the cryptographic module.</font></font></font></p>
<p style="margin-top: 0.17in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.2in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.01.15.01</font></b>The
vendor shall provide documentation specifying all security-related </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">information,
including secret and private cryptographic keys (both </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">plaintext
and encrypted), authentication data (e.g., passwords, PINs), </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">CSPs,
and other protected information (e.g., audited events, audit data)</font></font></font></p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">whose
disclosure or modification can compromise the security of the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">cryptographic
module.</font></font></font></p>
<p style="margin-top: 0.17in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.01.16</font></b>Documentation
shall specify the cryptographic module security policy. </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">The
security policy shall include the rules derived from the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">requirements
of this standard and the rules derived from any additional </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">requirements
imposed by the vendor.</font></font></font></p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.01.16.01</font></b>The
vendor shall provide a separate nonproprietary security policy. </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">The
security policy is defined in Appendix C of FIPS PUB 140-2.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.02in; margin-bottom: 0in; page-break-before: always;" align="left">
<br>
</p>
<p style="margin-top: 0.04in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="4"><i><b>SECTION
2: MODULE PORTS AND INTERFACES</b></i></font></font></font></p>
<p style="margin-top: 0.19in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.02.01</font></b>The
cryptographic module shall restrict all information flow and </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">physical
access points to physical ports and logical interfaces that define</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">all
entry and exit points to and from the module.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.02.01.01</font></b>Vendor
documentation shall specify each of the physical ports and </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">logical
interfaces of the cryptographic module, including the:</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">1.
Physical ports and their pin assignments </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">2.
Physical covers, doors or openings</font></font></font></p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">3.
Logical interfaces (e.g., APIs and all other data/control/status </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">signals)
and the signal names and functions</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">4.
Manual controls (e.g., buttons or switches) for applicable physical </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">control
inputs</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">5.
Physical status indicators (e.g., lights or displays) for applicable </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">physical
status outputs</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">6.
Mapping of the logical interfaces to the physical ports, manual </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">controls,
and physical status indicators of the cryptographic module</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">7.
Physical, logical, and electrical characteristics, as applicable, of
the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">above
ports and interfaces</font></font></font></p>
<p style="margin-top: 0.24in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.02.01.02</font></b>Vendor
documentation shall specify the information flows and physical </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">access
points of the cryptographic module by highlighting or annotating </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">copies
of the block diagrams, design specifications and/or source code </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">and
schematics provided in Sections 1 and 10. The vendor shall also </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">provide
any other documentation necessary to clearly specify the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">relationship
of the information flows and physical access points to the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">physical
ports and logical interfaces.</font></font></font></p>
<p style="margin-top: 0.18in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.02.01.03</font></b>For
each physical or logical input to the cryptographic module, or </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">physical
and logical output from the module, vendor documentation </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">shall
specify the logical interface to which the physical input or output </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">belongs,
and the physical entry/exit port. The specifications provided </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">shall
be consistent with the specifications of the cryptographic module </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">components
provided under sections 1 and 10, and the specifications of</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">the
logical interfaces provided in assertions AS02.03 to AS02.09 of this</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">section.</font></font></font></p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><i><font color="#000080">Assessment:</font></i></b><font color="#000000">
</font></font></font>
</p>
<p style="margin-top: 0.06in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.02.02</font></b>The
cryptographic module interfaces shall be logically distinct from </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">each
other although they may share one physical port (e.g., input data </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">may
enter and output data may exit via the same port) or may be </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">distributed
over one or more physical ports (e.g., input data may enter </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">via
both a serial and a parallel port).</font></font></font></p>
<p style="margin-top: 0.17in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.02.02.01</font></b>The
vendor's design shall separate the cryptographic module interfaces </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">into
logically distinct and isolated categories, using the categories
listed </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">in
assertion AS02.03, and, if applicable, AS02.09 in this section. This </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">information
shall be consistent with the specification of the logical </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">interfaces
and physical ports provided in AS02.01 in this section.</font></font></font></p>
<p style="margin-top: 0.17in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.02.02.02</font></b>Vendor
documentation shall provide a mapping of each category of </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">logical
interface to a physical port of the cryptographic module. A </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">logical
interface may be physically distributed across more than one </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">physical
port, or two or more logical interfaces may share one physical </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">port
as long as the information flows are kept logically separate. If two </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">or
more logical interfaces share the same physical port, vendor </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">documentation
shall specify how the information from the different </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">interface
categories is kept logically separate.</font></font></font></p>
<p style="margin-top: 0.19in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.02.03</font></b>The
cryptographic module shall have the following four logical </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">interfaces
("input" and "output" are indicated from the
perspective of </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">the
module):</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">*
Data input interface</font></font></font></p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">*
Data output interface</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">*
Control input interface</font></font></font></p>
<p style="margin-top: 0.17in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.02.03.01</font></b>Vendor
documentation shall specify that the following four logical </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">interfaces
have been designed within the cryptographic module ("input"
</font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">and
"output" are indicated from the perspective of the module):</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">*
data input interface (for the entry of data as specified in AS02.04),</font></font></font></p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">*
data output interface (for the output of data as specified in </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">AS02.05),</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">*
control input interface (for the entry of commands as specified in </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">AS02.07),
and </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">*
status output interface (for the output of status information as </font></font></font>
</p>
<p style="margin-top: 0.19in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.2in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.02.04</font></b>All
data (except control data entered via the control input interface)
that</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">is
input to and processed by the cryptographic module (including </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">plaintext
data, ciphertext data, cryptographic keys and CSPs, </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">authentication
data, and status information from another module) shall enter via the
"data input" interface.</font></font></font></p>
<p style="margin-top: 0.17in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.02.04.01</font></b>The
cryptographic module shall have a data input interface. All data </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">(except
control data entered via the control input interface) that is to be </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">input
to and processed by the cryptographic module shall enter via the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">data
input interface, including:</font></font></font></p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">1.
Plaintext data</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">2.
Ciphertext or signed data</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">3.
Cryptographic keys and other key management data (plaintext or </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">encrypted)</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">4.
Authentication data (plaintext or encrypted)</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">5.
Status information from external sources</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">6.
Any other input data</font></font></font></p>
<p style="margin-top: 0.22in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.02.04.02</font></b>If
applicable, vendor documentation shall specify any external input </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">devices
to be used with the cryptographic module for the entry of data </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">into
the data input interface, such as smart cards, tokens, keypads, key </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">loaders,
and/or biometric devices.</font></font></font></p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.02.05</font></b>All
data (except status data output via the status output interface) that
is</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">output
from the cryptographic module (including plaintext data, </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">ciphertext
data, cryptographic keys and CSPs, authentication data, and </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">control
information for another module) shall exit via the "data output"
</font></font></font>
</p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.02.05.01</font></b>The
cryptographic module shall have a data output interface. All data </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">(except
status data output via the status output interface) that has been </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">processed
and is to be output by the cryptographic module shall exit via</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">the
data output interface, including:</font></font></font></p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">1.
Plaintext data</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">2.
Ciphertext data and digital signatures</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">3.
Cryptographic keys and other key management data (plaintext or </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">encrypted)</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">4.
Control information to external targets</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">5.
Any other output data</font></font></font></p>
<p style="margin-top: 0.21in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.2in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.02.05.02</font></b>If
applicable, vendor documentation shall specify any external output </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">devices
to be used with the cryptographic module for the output of data</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">from
the data output interface, such as smart cards, tokens, displays, </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">and/or
other storage devices.</font></font></font></p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.02.06</font></b>All
data output via the data output interface shall be inhibited when an </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">error
state exists and during self-tests.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.02.06.01</font></b>Vendor
documentation shall specify how the cryptographic module </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">ensures
that all data output via the data output interface is inhibited </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">whenever
the module is in an error state (error states are covered in </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Section
4). Status information may be allowed from the status output </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">interface
to identify the type of error, as long as no CSPs, plaintext </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">data,
or other information that if misused could lead to a compromised.</font></font></font></p>
<p style="margin-top: 0.17in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.02.06.02</font></b>Vendor
documentation shall specify how the design of the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">cryptographic
module ensures that all data output via the data output </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">interface
is inhibited whenever the module is in a self-test condition </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">(self-tests
are covered in Section 9). Status information to display the </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">results
of the self-tests may be allowed from the status output interface,</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">as
long as no CSPs, plaintext data, or other information that if misused
</font></font></font>
</p>
<p style="margin-top: 0.17in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.02.07</font></b>All
input commands, signals, and control data (including calls and </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">manual
controls such as switches, buttons, and keyboards) used to </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">control
the operation of the cryptographic module shall enter via the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">"control
input" interface.</font></font></font></p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.02.07.01</font></b>The
cryptographic module shall have a control input interface. All </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">commands,
signals, and control data (except data entered via the data </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">input
interface) used to control the operation of the cryptographic </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">module
shall enter via the control input interface, including:</font></font></font></p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">1.
Commands input logically via an API (e.g., for the software and </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">firmware
components of the cryptographic module)</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">2.
Signals input logically or physically via one or more physical ports </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">(e.g.,
for the hardware components of the cryptographic module)</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">3.
Manual control inputs (e.g., using switches, buttons, or a keyboard)</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">4.
Any other input control data</font></font></font></p>
<p style="margin-top: 0.01in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.22in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.02.07.02</font></b>If
applicable, vendor documentation shall specify any external input </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">devices
to be used with the cryptographic module for the entry of </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">commands,
signals, and control data into the control input interface, </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">such
as smart cards, tokens, or keypads.</font></font></font></p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.02.08</font></b>All
output signals, indicators, and status data (including return codes </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">and
physical indicators such as Light Emitting Diodes and displays) </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">used
to indicate the status of the cryptographic module shall exit via the
</font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">"status
output" interface.</font></font></font></p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.02.08.01</font></b>The
cryptographic module shall have a status output interface. All </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">status
information, signals, logical indicators, and physical indicators </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">used
to indicate or display the status of the module shall exit via the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">status
output interface, including: </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">1.
Status information output logically via an API </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">2.
Signals output logically or physically via one or more physical </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">3.
Manual status outputs (e.g., using LEDs, buzzers, or a display)</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">4.
Any other output status information</font></font></font></p>
<p style="margin-top: 0.19in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.02.08.02</font></b>If
applicable, vendor documentation shall specify any external output </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">devices
to be used with the cryptographic module for the output of </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">status
information, signals, logical indicators, and physical indicators via</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">the
status output interface, such as smart cards, tokens, displays, </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">and/or
other storage devices.</font></font></font></p>
<p style="margin-top: 0.17in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.02.09</font></b>All
external electrical power that is input to the cryptographic module </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">(including
power from an external power source or batteries) shall enter</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">via
a power port.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.02.09.01</font></b>If
the cryptographic module requires or provides power to/from other </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">devices
external to the boundary (e.g., a power supply or a external </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">battery),
vendor documentation shall specify a power interface and a </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">corresponding
physical port. All power entering or exiting the </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">cryptographic
module to/from other devices external to the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">cryptographic
boundary shall pass through the specified power </font></font></font>
</p>
<p style="margin-top: 0.17in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.02in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.2in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.02.10</font></b>The
cryptographic module shall distinguish between data and control </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">for
input and data and status for output.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.02.10.01</font></b>Vendor
documentation shall specify how the cryptographic module </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">distinguishes
between data and control for input and data and status for </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">output,
and how the physical and logical paths followed by the input </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">data
and control information entering the module via the applicable </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">input
interfaces are logically or physically disconnected from the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">physical
and logical paths followed by the output data and status </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">information
exiting the module via the applicable output interfaces.</font></font></font></p>
<p style="margin-top: 0.18in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.02.11</font></b>All
input data entering the cryptographic module via the "data
input" </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">interface
shall only pass through the input data path.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.02.11.01</font></b>Vendor
documentation shall specify the physical and logical paths used </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">by
all major categories of input data entering the cryptographic module </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">via
the data input interface and the applicable physical ports. The </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">documentation
shall include a specification of the applicable paths (e.g.,</font></font></font></p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">by
highlighted or annotated copies of the schematics, block diagrams, </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">or
other information provided under AS01.08, AS01.09, and AS01.13).</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">All
input data entering the cryptographic module via the data input </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">interface
shall only use the specified paths while being processed or </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">stored
by each physical or logical sub-section of the module.</font></font></font></p>
<p style="margin-top: 0.19in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.02.12</font></b>All
output data exiting the cryptographic module via the "data
output" </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">interface
shall only pass through the output data path.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.02.12.01</font></b>Vendor
documentation shall specify the physical and logical paths used </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">by
all major categories of output data exiting the cryptographic module </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">via
the data output interface and the applicable physical ports. The </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">documentation
shall include a specification of the applicable paths (e.g.,</font></font></font></p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">by
highlighted or annotated copies of the schematics, block diagrams, </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">or
other information provided under AS01.08, AS01.09, and AS01.13).</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">All
output data exiting the cryptographic module via the data output </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">interface
shall only use the specified paths.</font></font></font></p>
<p style="margin-top: 0.19in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.02in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.2in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.02.13</font></b>The
output data path shall be logically disconnected from the circuitry </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">and
processes while performing key generation, manual key entry, or </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">key
zeroization.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.02.13.01</font></b>Vendor
documentation shall specify how the physical and logical paths </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">used
by all major categories of output data exiting the cryptographic </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">module
are logically or physically disconnected from the processes </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">performing
key generation, manual key entry, and zeroization of </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">cryptographic
keys and CSPs. The cryptographic module shall not </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">allow
the specified key processes to pass key/CSP information to the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">output
data path, and shall not allow output data exiting the module to </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">interfere
with the key processes.</font></font></font></p>
<p style="margin-top: 0.19in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.02.14</font></b>To
prevent the inadvertent output of sensitive information, two </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">independent
internal actions shall be required to output data via any </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">output
interface through which plaintext cryptographic keys or CSPs or </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">sensitive
data are output (e.g., two different software flags are set, one </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">of
which may be user initiated; or two hardware gates are set serially </font></font></font>
</p>
<p style="margin-top: 0.17in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.02.14.01</font></b>If
the cryptographic module allows plaintext cryptographic key </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">components
or other unprotected CSPs to be output on one or more </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">physical
ports, two independent internal actions shall be performed by </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">the
module before the plaintext cryptographic key components or other </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">unprotected
CSPs may be output. Vendor documentation shall specify </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">the
two independent internal actions performed and how the two </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">independent
internal actions protect against the inadvertent release of </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">the
plaintext cryptographic key components or other unprotected CSPs.</font></font></font></p>
<p style="margin-top: 0.19in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.02.15</font></b>Documentation
shall specify the physical ports and logical interfaces </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">and
all defined input and output data paths.Note: This assertion is not </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">separately
tested. Verification of vendor documentation is performed </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">under
assertions AS02.01 to AS02.14 and AS02.16 to AS02.18.</font></font></font></p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.02in; margin-bottom: 0in; page-break-before: always;" align="left">
<br>
</p>
<p style="margin-top: 0.04in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="4"><i><b>SECTION
3: ROLES, SERVICES, AND AUTHENTICATION</b></i></font></font></font></p>
<p style="margin-top: 0.19in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.03.01</font></b>The
cryptographic module shall support authorized roles for operators </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">and
corresponding services within each role.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Note:
This assertion is not separately tested.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.03.02</font></b>If
the cryptographic module supports concurrent operators, then the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">module
shall internally maintain the separation of the roles assumed by </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">each
operator and the corresponding services.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.03.02.01</font></b>The
vendor documentation shall specify whether multiple concurrent </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">operators
are allowed. The vendor shall describe the method by which </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">separation
of the authorized roles and services performed by each </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">operator
is achieved. The vendor documentation shall also describe </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">any
restrictions on concurrent operators (e.g., one operator in a </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">maintenance
role and another in a user role simultaneously is not </font></font></font>
</p>
<p style="margin-top: 0.17in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.03.03</font></b>The
cryptographic module shall support the following authorized roles </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">for
operators:</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">User
Role. The role assumed to perform general security services, </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">including
cryptographic operations and other Approved security </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">functions.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Crypto
Officer Role: The role assumed to perform a set of </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">cryptographic
initialization or management functions (e.g., module </font></font></font>
</p>
<p style="margin-top: 0.18in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.03.03.01</font></b>In
the documentation required to satisfy VE03.06.01, the vendor shall </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">include
at least one user role and one crypto-officer role.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.03.04</font></b>If
the cryptographic module allows operators to perform maintenance </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">services,
then the module shall support the following authorized role:</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">*
Maintenance Role: The role assumed to perform physical maintenance
and/or logical maintenance services (e.g., hardware/software
diagnostics).</font></font></font></p>
<p style="margin-top: 0.2in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.01in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.03.04.01</font></b>If
the module has a maintenance interface, the vendor documentation </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">shall
explicitly state a maintenance role is supported. The </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">documentation
shall completely specify the role by name and allowed </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.03.05</font></b>All
plaintext secret and private keys and unprotected CSPs shall be </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">zeroized
when entering or exiting the maintenance role.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.03.05.01</font></b>The
vendor documentation shall specify how the module's plaintext </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">secret
and private keys and other unprotected critical security </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">parameters,
as defined in Section 2.1 of FIPS PUB 140-2, are actively </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">zeroized
when the maintenance role is entered or exited.</font></font></font></p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.03.06</font></b>Documentation
shall specify all authorized roles supported by the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">cryptographic
module.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.03.06.01</font></b>Vendor
documentation shall specify each distinct authorized role, </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">including
its name and the services that are performed in the role.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.03.07</font></b>Services
shall refer to all of the services, operations, or functions that </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">can
be performed by the cryptographic module.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Note:
This assertion is not separately tested.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.03.08</font></b>Service
inputs shall consist of all data or control inputs to the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">cryptographic
module that initiate or obtain specific services, </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">operations,
or functions. </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.03.09</font></b>Service
outputs shall consist of all data and status outputs that result </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">from
services, operations, or functions initiated or obtained by service </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">inputs.
</font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.2in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.03.10</font></b>Each
service input shall result in a service output.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Note:
This assertion is not separately tested.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.03.11</font></b>The
cryptographic module shall provide the following services to </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">operators:</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Show
Status. Output the current status of the cryptographic module.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Perform
Self-Tests. Initiate and run the self-tests as specified in </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Section
4.9.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Perform
Approved Security Function. Perform at least one Approved</font></font></font></p>
<p style="margin-top: 0.18in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.03.11.01</font></b>The
vendor documentation shall describe the output of the current </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">status
of the module and the initiation and running of user callable </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">self-tests,
along with other services as specified by VE03.14.01 and </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.03.12</font></b>If
a cryptographic module implements a bypass capability, where </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">services
are provided without cryptographic processing (e.g., </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">transferring
plaintext through the module without encryption), then two </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">independent
internal actions shall be required to activate the capability </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">to
prevent the inadvertent bypass of plaintext data due to a single
error </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">(e.g.,
two different software or hardware flags are set, one of which </font></font></font>
</p>
<p style="margin-top: 0.17in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.03.12.01</font></b>If
the module implements a bypass capability, the vendor </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">documentation
shall describe the bypass service as specified in </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">AS03.12.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.03.12.02</font></b>The
finite state model and other vendor documentation shall indicate, </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">for
all transitions into an exclusive or alternating bypass state, two </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">independent
internal actions that are required to transition into each </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.03.13</font></b>If
the cryptographic module implements a bypass capability, where </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">services
are provided without cryptographic processing (e.g., </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">transferring
plaintext through the module without encryption), then the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">module
shall show status to indicate whether </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">1)
the bypass capability is not activated, and the module is exclusively
</font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">providing
services with cryptographic processing (e.g., the plaintext is </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">encrypted),</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">2)
the bypass capability is activated and the module is exclusively
providing services without cryptographic processing (e.g., plaintext
data is not encrypted), or</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">3)
the bypass capability is alternately activated and deactivated and
the</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">module
is providing some services with cryptographic processing and </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">some
services without cryptographic processing (e.g., for modules with </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">multiple
communication channels, plaintext data is or is not encrypted </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">depending
on each channel configuration).</font></font></font></p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.03.13.01</font></b>The
vendor documentation for the "Show Status" service shall
indicate </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">bypass
status.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.03.14</font></b>Documentation
shall specify:</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">*
the services, operations, or functions provided by the cryptographic </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">module,
both Approved and non-Approved, and</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">*
for each service provided by the module, the service inputs, </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">corresponding
service outputs, and the authorized role(s) in which the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">service
can be performed.</font></font></font></p>
<p style="margin-top: 0.17in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.03.14.01</font></b>The
vendor documentation shall describe each service including </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">purpose
and function.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.03.14.02</font></b>The
vendor documentation shall specify for each service, the service </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">inputs,
corresponding service outputs, and the authorized role or roles </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">in
which the service can be performed. Service inputs shall consist of </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">all
data or control inputs to the module that initiate or obtain specific
</font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">services,
operations, or functions. Service outputs shall consist of all </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">data
and status outputs that result from services, operations or functions</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">initiated
or obtained by service inputs.</font></font></font></p>
<p style="margin-top: 0.18in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.03.15</font></b>Documentation
shall specify any services provided by the cryptographic</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">module
for which the operator is not required to assume an authorized </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">role,
and how these services do not modify, disclose, or substitute </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">cryptographic
keys and CSPs, or otherwise affect the security of the </font></font></font>
</p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.2in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.03.15.01</font></b>The
vendor documentation shall describe each service, including its </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">purpose
and function.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.03.15.02</font></b>The
vendor documentation shall specify, for each service, the service </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">inputs
and corresponding service outputs. Service inputs shall consist </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">of
all data or control inputs to the module that initiate or obtain
specific </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">services,
operations, or functions. Service outputs shall consist of all </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">data
and status outputs that result from the services, operations, or </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">functions
initiated or obtained by service inputs.</font></font></font></p>
<p style="margin-top: 0.17in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.03.21</font></b>When
the cryptographic module is powered off and subsequently </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">powered
on, the results of previous authentications shall not be retained</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">and
the module shall require the operator to be re-authenticated.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.03.21.01</font></b>The
vendor documentation shall describe how the results of previous </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">authentications
are cleared when the module is powered off.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.03.23</font></b>If
the cryptographic module does not contain the authentication data </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">required
to authenticate the operator for the first time the module is </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">accessed,
then other authorized methods (e.g., procedural controls or </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">use
of factory-set or default authentication data) shall be used to
control</font></font></font></p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">access
to the module and initialize the authentication mechanisms.</font></font></font></p>
<p style="margin-top: 0.17in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.03.23.01</font></b>The
vendor documentation shall specify means to control access to the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">module
before it is initialized.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.03.29</font></b>Documentation
shall specify:</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">*
the authentication mechanisms supported by the cryptographic </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">module,</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">*
the types of authentication data required by the module to </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">implement
the supported authentication mechanisms,</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">*
the authorized methods used to control access to the module for the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">first
time and initialize the authentication mechanisms, and</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">*
the strength of the authentication mechanisms supported by the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">module.</font></font></font></p>
<p style="margin-top: 0.2in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.01in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.03.30</font></b>If
authentication mechanisms are not supported by the cryptographic </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">module,
the module shall require that one or more roles either be </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">implicitly
or explicitly selected by the operator.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.03.30.01</font></b>The
vendor shall document the type of authentication performed for the</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">module.
The vendor shall document the mechanisms used to perform </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">the
implicit or explicit selection of a role or set of roles and the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">authentication
of the operator to assume the role(s).</font></font></font></p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.03.30.02</font></b>The
vendor provided nonproprietary security policy shall provide a </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">description
of the roles, either implicit or explicit, that the operator can </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">assume.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.03.30.03</font></b>The
vendor provided non-proprietary security policy shall provide </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">instructions
for the operator to assume either the implicit or explicit </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">roles.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.04in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="4"><i><b>SECTION
4: FINITE STATE MODEL</b></i></font></font></font></p>
<p style="margin-top: 0.19in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.04.01</font></b>The
operation of the cryptographic module shall be specified using a </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">finite
state (or equivalent) represented by a state transition diagram </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">and/or
a state transition table. (The state transition diagram and/or state </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">transition
table includes all operational and error states of the </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">cryptographic
module, the corresponding transitions from one state to </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">another,
the input events that cause transitions from one state to </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">another,
and the output events resulting from transitions from one state </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">to
another.)</font></font></font></p>
<p style="margin-top: 0.19in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.04.02</font></b>The
cryptographic module shall include the following operational and </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">error
states:</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Power
on/off states. States for primary, secondary, or backup power.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">These
states may distinguish between power sources being applied to </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">the
cryptographic module.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Crypto
officer states. States in which the crypto officer services are </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">performed
(e.g., cryptographic initialization and key management).</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Key/CSP
entry states. States for entering cryptographic keys and </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">CSPs
into the cryptographic module.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">User
states. States in which authorized users obtain security services, </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">perform
cryptographic operations, or perform other Approved or </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">non-Approved
functions.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Self-test
states. States in which the cryptographic module is </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">performing
self-tests.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Error
states. States when the cryptographic module has encountered </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">an
error (e.g., failed a self-test or attempted to encrypt when missing </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">operational
keys or CSPs). Error states may include "hard" errors that </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">indicate
an equipment malfunction and that may require maintenance, </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">service
or repair of the cryptographic module, or recoverable "soft"
</font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">errors
that may require initialization or resetting of the module.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Note:
This assertion is tested as part of AS04.05.</font></font></font></p>
<p style="margin-top: 0.29in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.04.03</font></b>Recovery
from error states shall be possible except for those caused by </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">hard
errors that require maintenance, service, or repair of the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">cryptographic
module.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.2in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.04.04</font></b>If
the cryptographic module contains a maintenance role, then a </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">maintenance
state shall be included.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Note:
This assertion is tested as part of AS04.05.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.04.05</font></b>Documentation
shall include a representation of the finite state (or </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">equivalent)
using a state transition diagram and/or state transition table </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">that
shall specify:</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">*
all operational and error states of the cryptographic module,</font></font></font></p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">*
the corresponding transitions from one state to another,</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">*
the input events, including data inputs and control inputs, that
cause </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">transitions
from one state to another, and</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">*
the output events, including internal module conditions, data </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">outputs,
and status outputs resulting from transitions from one state to </font></font></font>
</p>
<p style="margin-top: 0.19in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.04.05.01</font></b>The
vendor shall provide a description of the finite state model. This </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">description
shall contain the identification and description of all states of</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">the
module, and a description of all corresponding state transitions. </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">The
descriptions of the state transitions shall include internal module </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">conditions,
data inputs and control inputs that cause transitions from </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">one
state to another, data outputs and status outputs resulting from </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">transitions
from one state to another.</font></font></font></p>
<p style="margin-top: 0.18in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.04in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="4"><i><b>SECTION
5: PHYSICAL SECURITY</b></i></font></font></font></p>
<p style="margin-top: 0.04in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.04in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="4"><i><b>N/A</b></i></font></font></font></p>
<p style="margin-top: 0.04in; margin-bottom: 0in; page-break-before: always;" align="left">
<br>
</p>
<p style="margin-top: 0.02in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="4"><i><b>SECTION
6: OPERATIONAL ENVIRONMENT</b></i></font></font></font></p>
<p style="margin-top: 0.19in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.06.01</font></b>If
the operational environment is a modifiable operational environment, </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">the
operating system requirements in Section 4.6.1 shall apply.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Note:
This assertion is not separately tested.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b>Passed</b></font></font></font></p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.06.03</font></b>The
following requirements shall apply to operating systems for </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Security
Level 1.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Note:
This assertion is tested as part of AS06.04 through AS06.08.</font></font></font></p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.06.04</font></b>The
operating system shall be restricted to a single operator mode of </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">operation
(i.e., concurrent operators are explicitly excluded).</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Note:
This requirement cannot be enforced by administrative documentation
and procedures, but must be enforced by the cryptographic module
itself.</font></font></font></p>
<p style="margin-top: 0.17in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.06.04.01</font></b>The
vendor shall provide a description of the mechanism used to ensure</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">that
only one user at a time can use the cryptographic module.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.06.05</font></b>The
cryptographic module shall prevent access by other processes to </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">plaintext
private and secret keys, CSPs, and intermediate key </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">generation
values during the time the cryptographic module is </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">executing/operational.Note:
This requirement cannot be enforced by administrative documentation
and procedures, but must be enforced by </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">the
cryptographic module itself. Processes that are spawned by the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">cryptographic
module are owned by the module and are not owned by </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">external
processes/operators.</font></font></font></p>
<p style="margin-top: 0.26in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.06.05.01</font></b>The
vendor shall provide a description of the mechanism used to ensure</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">that
no other process can access private and secret keys, intermediate </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">key
generation values, and other CSPs, while the cryptographic process</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">is
in use.</font></font></font></p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.06.06</font></b>Non-cryptographic
processes shall not interrupt the cryptographic </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">module
during execution.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.06.06.01</font></b>The
vendor shall provide a description of the mechanism used to ensure</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">that
no other process can interrupt the cryptographic module during </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">execution.</font></font></font></p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.06.07</font></b>All
cryptographic software and firmware shall be installed in a form that</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">protects
the software and firmware source and executable code from </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">unauthorized
disclosure and modification.</font></font></font></p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.06.07.01</font></b>The
vendor shall provide a list of the cryptographic software and </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">firmware
that are stored on the cryptographic module and shall provide </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">a
description of the protection mechanisms used to prevent </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">unauthorized
disclosure and modification.</font></font></font></p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.06.08</font></b>A
cryptographic mechanism using an Approved integrity technique </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">(e.g.,
an Approved message authentication code or digital signature </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">algorithm)
shall be applied to all cryptographic software and firmware </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">components
within the cryptographic module.</font></font></font></p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.06.08.01</font></b>The
vendor shall provide documentation that identifies the technique </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">used
to maintain the integrity of the cryptographic software and </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">firmware
components.</font></font></font></p>
<p style="margin-top: 0.2in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-bottom: 0in; page-break-before: always;" align="left"><br>
</p>
<p style="margin-top: 0.04in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="4"><i><b>SECTION
7: CRYPTOGRAPHIC KEY MANAGEMENT</b></i></font></font></font></p>
<p style="margin-top: 0.19in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.07.01</font></b>Secret
keys, private keys, and CSPs shall be protected within the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">cryptographic
module from unauthorized disclosure, modification, and </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">substitution.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.07.01.01</font></b>The
vendor documentation shall describe the protection of all secret </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">keys,
private keys, and CSPs internal to the module. Protection shall </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">include
the implementation of mechanisms that protect against </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">unauthorized
disclosure, unauthorized modification, and unauthorized </font></font></font>
</p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.07.02</font></b>Public
keys shall be protected within the cryptographic module against </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">unauthorized
modification and substitution.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.07.02.01</font></b>The
vendor documentation shall describe the protection of all public </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">keys
against unauthorized modification and substitution.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.07.03</font></b>Documentation
shall specify all cryptographic keys, cryptographic key </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">components,
and CSPs employed by the cryptographic module.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.07.03.01</font></b>The
vendor documentation shall provide a list all cryptographic keys, </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">cryptographic
key components, and CSPs used by the module.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.07.04</font></b>If
a cryptographic module employs Approved or non-Approved RNGs </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">in
an Approved mode of operation, the data output from the RNG shall </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">pass
the continuous random number generator test as specified in </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Section
4.9.2.</font></font></font></p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.28in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.07.05</font></b>There
are no requirements for this assertion number.</font></font></font></p>
<p style="margin-top: 0.23in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.07.06</font></b>Approved
deterministic RNGs shall be subject to the cryptographic </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">algorithm
test in Section 4.9.1.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Note:
This assertion is tested in AS09.13</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.07.07</font></b>Nondeterministic
RNGs shall comply with all applicable RNG </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">requirements
of this standard.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Note:
This assertion is not separately tested.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.07.08</font></b>An
Approved RNG shall be used for the generation of cryptographic </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">keys
used by an Approved security function.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.07.08.01</font></b>The
vendor shall provide documentation stating that an Approved RNG</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">is
used to generate keys. Approved RNGs can be found in Annex C to</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">FIPS
PUB 140-2.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.07.09</font></b>The
seed and seed key shall not have the same value.</font></font></font></p>
<p style="margin-top: 0.23in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.07.09.01</font></b>The
vendor shall provide documentation describing the method that </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">ensures
that the seed and seed key input to the Approved RNG do not </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">have
the same value.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.07.10</font></b>Documentation
shall specify each RNG (Approved and non-Approved) </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">employed
by a cryptographic module.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.07.10.01</font></b>The
vendor documentation shall specify all RNGs (Approved and </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">non-Approved)
used in the cryptographic module, their type (Approved</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">or
non-Approved) and how each RNG (Approved and non-Approved) </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">is
used within the cryptographic module.</font></font></font></p>
<p style="margin-top: 0.29in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.07.11</font></b>Cryptographic
keys generated by the cryptographic module for use by </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">an
Approved algorithm or security function shall be generated using an </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Approved
key generation method.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.07.11.01</font></b>The
vendor shall provide documentation stating that an Approved key </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">generation
method is used to generate keys.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.07.12</font></b>If
an Approved key generation method requires input from a RNG, </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">then
an Approved RNG that meets the requirements specified in </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Section
4.7.1 shall be used.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Note:
This assertion is tested as part of AS07.04-AS07.08 and </font></font></font>
</p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.07.13</font></b>Compromising
the security of the key generation method (e.g., guessing</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">the
seed value to initialize the deterministic RNG) shall require as
least </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">as
many operations as determining the value of the generated key.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.07.13.01</font></b>The
vendor shall provide documentation that provides rationale stating </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">how
compromising the security of the key generation method (e.g., </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">guessing
the seed value to initialize the deterministic RNG) shall require </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">as
least as many operations as determining the value of the generated </font></font></font>
</p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.07.14</font></b>If
a seed key is entered during the key generation process, entry of the
</font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">key
shall meet the key entry requirements specified in Section 4.7.4.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Note:
This assertion is tested as part of AS07.23.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.07.15</font></b>If
intermediate key generation values are output from the cryptographic </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">module
upon completion of the key generation process, the values shall </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">be
output either 1) in encrypted form or 2) under split knowledge </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.07.15.01</font></b>Vendor
documentation shall indicate whether any intermediate key </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">generation
values are output from the module upon completion of the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">key
generation process.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.26in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.07.15.02</font></b>If
intermediate key generation values are output from the cryptographic </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">module
upon the completion of the key generation process, then the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">documentation
shall specify that the values are output either 1) in </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">encrypted
form or 2) under split knowledge procedures.</font></font></font></p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.07.16</font></b>Documentation
shall specify each of the key generation methods </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">(Approved
and non-Approved) employed by the cryptographic module.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.07.16.01</font></b>The
vendor shall provide documentation stating the key generation </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">methods
(Approved and non-Approved) employed by the cryptographic</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">module.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.07.17</font></b>If
key establishment methods are employed by the cryptographic </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">module,
only Approved key establishment techniques shall be used.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.07.17.01</font></b>The
vendor shall provide documentation stating that an Approved key </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">establishment
technique is used. Approved key establishment </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">techniques
can be found in Annex D to FIPS PUB 140-2.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.07.18</font></b>If,
in lieu of an Approved key establishment technique, a radio </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">communications
cryptographic module implements </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Over-The-Air-Rekeying
(OTAR), it shall be implemented as specified </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">in
the TIA/EIA Telecommunications Systems Bulletin, APCO Project </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">25,
Over-The-Air-Rekeying (OTAR) Protocol, New Technology </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Standards
Project, Digital Radio Technical Standards, TSB102.AACA, </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">January,
1996, Telecommunications Industry Association.</font></font></font></p>
<p style="margin-top: 0.18in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.07.18.01</font></b>Vendor
documentation shall indicate whether the cryptographic module </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">is
used for radio communications. If so, and the module implements </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">the
OTAR Protocol, the vendor shall provide documentation stating </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">that
the OTAR implementation complies with APCO Project 25, </font></font></font>
</p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="center"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font style="font-size: 9pt;" size="2"><i>SECTION
7: CRYPTOGRAPHIC KEY MANAGEMENT</i></font></font></font></p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="center"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font style="font-size: 8pt;" size="1"><i><b>Page
32 of 59</b></i></font></font></font></p>
<p style="margin-top: 0.02in; margin-bottom: 0in; page-break-before: always;" align="left">
<br>
</p>
<p style="margin-top: 0.2in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.07.19</font></b>Compromising
the security of the key establishment method (e.g., </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">compromising
the security of the algorithm used for key establishment) </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">shall
require as many operations as determining the value of the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">cryptographic
key being transported or agreed upon.</font></font></font></p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.07.19.01</font></b>The
vendor shall provide documentation that provides rationale stating </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">how
compromising the security of the key establishment method (e.g., </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">compromising
the security of the algorithm used for key establishment) </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">shall
require as many operations as determining the value of the </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">cryptographic
key being transported or agreed upon.</font></font></font></p>
<p style="margin-top: 0.17in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.07.20</font></b>If
a key transport method is used, the cryptographic key being </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">transported
shall meet the key entry/output requirements of Section </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">4.7.4.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.07.21</font></b>Documentation
shall specify the key establishment methods employed </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">by
the cryptographic module.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.07.21.01</font></b>The
vendor shall provide documentation stating the key establishment </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">methods
employed by the cryptographic module.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.07.22</font></b>If
cryptographic keys are entered into or output from the cryptographic </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">module,
the entry or output of keys shall be performed using either </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">manual
(e.g., via a keyboard) or electronic methods (e.g., smart </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">cards/tokens,
PC cards, or other electronic key loading devices).</font></font></font></p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Note:
This assertion is tested in AS07.28.</font></font></font></p>
<p style="margin-top: 0.17in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.07.23</font></b>A
seed key, if entered during key generation, shall be entered in the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">same
manner as cryptographic keys.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.07.23.01</font></b>The
key management documentation shall describe the entry of the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">seed
key.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.07.24</font></b>All
encrypted secret and private keys, entered into or output from the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">cryptographic
module and used in an Approved mode of operation, </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">shall
be encrypted using an Approved algorithm.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.07.24.01</font></b>The
vendor shall supply documentation specifying the Approved </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">algorithms
used to encrypt secret and private keys entered into or </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">output
from the cryptographic module.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.07.25</font></b>The
cryptographic module shall associate a key (secret, private, or </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">public)
entered into or output from the module with the correct entity </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">(i.e.,
person, group, or process) to which the key is assigned.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.07.25.01</font></b>The
documented key entry/output procedures shall describe the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">mechanisms
or procedures used to ensure that each key is associated </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">with
the correct entity.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.07.26</font></b>Manually-entered
cryptographic keys (keys entered using manual </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">methods)
shall be verified during entry into the cryptographic module </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">for
accuracy using the manual key entry test specified in Section 4.9.2.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.07.27</font></b>If
encrypted cryptographic keys or key components are manually </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">entered
into the cryptographic module, then the plaintext values of the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">cryptographic
keys or key components shall not be displayed.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.07.27.01</font></b>The
documented key entry procedures shall preclude the display of </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">plaintext
secret or private keys that result from the entry of encrypted </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">keys
or key components.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.07.28</font></b>Documentation
shall specify the key entry and output methods </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">employed
by the cryptographic module.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.2in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.07.28.01</font></b>The
vendor documentation shall specify the key entry and output </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">methods
employed by the cryptographic module.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.07.29</font></b>For
Security Levels 1 and 2, secret and private keys established using </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">automated
methods shall be entered into and output from a </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">cryptographic
module in encrypted form.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.07.29.01</font></b>The
vendor documentation shall specify keys that are established using </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">automated
methods. The vendor documentation shall state whether </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">these
keys are entered into and output in encrypted form.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.07.37</font></b>Cryptographic
keys stored within the cryptographic module shall be </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">stored
either in plaintext form or encrypted form.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Note:
This assertion is tested under AS07.40.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.07.38</font></b>Plaintext
secret and private keys shall not be accessible from outside the</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">cryptographic
module to unauthorized operators.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Note:
This assertion is tested under AS07.01.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.07.39</font></b>The
cryptographic module shall associate the cryptographic key (secret,</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">private,
or public) stored within the module with the correct entity </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">(e.g.,
person, group, or process) to which the key is assigned.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.07.39.01</font></b>Vendor
documentation on key storage shall describe the mechanisms or</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">procedures
used to ensure that each key is associated with the correct </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">entity.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.07.40</font></b>Documentation
shall specify the key storage methods employed by the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">cryptographic
module.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.07.40.01</font></b>The
vendor documentation shall specify the following information for </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">each
stored key:</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">a.
Type and identifier</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">b.
Storage location </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">c.
The form in which the key is stored (plaintext, encrypted form, under
split knowledge procedures). If the keys are stored in encrypted
form, specify the Approved algorithm used to encrypt the keys.</font></font></font></p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.07.41</font></b>The
cryptographic module shall provide methods to zeroize all plaintext </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">secret
and private cryptographic keys and CSPs within the module.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.07.41.01</font></b>The
vendor documentation shall specify the following plaintext secret </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">and
private cryptographic keys and CSPs zeroization information:</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">a.
Zeroization techniques </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">b.
Restrictions when plaintext secret and private cryptographic keys </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">and
CSPs can be zeroized</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">c.
Plaintext secret and private cryptographic keys and CSPs that are </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">zeroized
</font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">d.
Plaintext secret and private cryptographic keys and CSPs that are </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">not
zeroized and rationale</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">e.
Rationale explaining how the zeroization technique is performed in a</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">time
that is not sufficient to compromise plaintext secret and private </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">keys
and CSPs</font></font></font></p>
<p style="margin-top: 0.22in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.07.42</font></b>Documentation
shall specify the key zeroization methods employed by </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">a
cryptographic module.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Note:
This assertion is tested under AS07.41.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.04in; margin-bottom: 0in; page-break-before: always;" align="left">
<font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="4"><i><b>SECTION
8: EMI/EMC</b></i></font></font></font></p>
<p style="margin-top: 0.19in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.08.01</font></b>Cryptographic
modules shall meet the following requirements for </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">EMI/EMC.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Note:
This assertion is not separately tested.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.08.02</font></b>Radios
are explicitly excluded from these requirements but shall meet all</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">applicable
FCC requirements. </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Note:
The phrase "these requirements" refers to the requirements
in </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">FIPS
PUB 140-2.</font></font></font></p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.08.02.01</font></b>The
vendor shall provide the name of the FCC Accredited Laboratory.</font></font></font></p>
<p style="margin-top: 0.23in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.08.02.02</font></b>The
vendor shall provide the FCC ID number for the cryptographic </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">module.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.08.03</font></b>Documentation
shall include proof of conformance to EMI/EMC </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">requirements.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Note:
This assertion is tested as part of AS08.04 and AS08.05.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.08.04</font></b>The
cryptographic module shall (at a minimum) conform to the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">EMI/EMC
requirements specified by 47 Code of Federal Regulations, </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Part
15, Subpart B, Unintentional Radiators, Digital Devices, Class A </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.08.04.01</font></b>The
vendor shall provide evidence and documentation that indicates the</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">cryptographic
module conforms to the EMI/EMC requirements </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">specified
by 47 Code of Federal Regulations, Part 15, Subpart B, </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Unintentional
Radiators, Digital Devices, Class A (i.e., for business </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">use):</font></font></font></p>
<p style="margin-top: 0.2in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.04in; margin-bottom: 0in; page-break-before: always;" align="left">
<br>
</p>
<p style="margin-top: 0.04in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="4"><i><b>SECTION
9: SELF-TESTS</b></i></font></font></font></p>
<p style="margin-top: 0.19in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.09.01</font></b>The
cryptographic module shall perform power-up self-tests and </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">conditional
self-tests to ensure that the module is functioning properly.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.09.02</font></b>Power-up
self-tests shall be performed when the cryptographic module </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">is
powered up.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Note:
This assertion is tested as part of AS09.07.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.09.03</font></b>Conditional
self-tests shall be performed when an applicable security </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">function
or operation is invoked (i.e., security functions for which </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">self-tests
are required).</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Note:
This assertion is tested as part of AS09.07.</font></font></font></p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.09.04</font></b>If
the cryptographic module fails a self-test, the module shall enter an
</font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">error
state and output an error indicator via the status output interface.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.09.04.01</font></b>The
vendor shall document all error states associated with each self-test</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">and
shall indicate for each error state the expected error indicator.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.09.05</font></b>The
cryptographic module shall not perform any cryptographic </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">operations
while in an error state.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.09.05.01</font></b>See
VE02.06.01 for the vendor design requirement. The vendor design</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">shall
ensure that cryptographic operations cannot be performed while </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">the
module is in the error state.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.2in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.09.06</font></b>All
data output via the data output interface shall be inhibited when an </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">error
state exists.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.09.06.01</font></b>See
VE02.06.01 for the vendor design requirement. The vendor design</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">shall
ensure that cryptographic operations cannot be performed while </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">the
module is in an error state.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.09.07</font></b>Documentation
shall specify:</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">*
the self-tests performed by the cryptographic module, including </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">power-up
and conditional tests,</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">*
the error states that the cryptographic module can enter when a </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">self-test
fails, and</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">*
the conditions and actions necessary to exit the error states and </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">resume
normal operation of the cryptographic module (i.e., this may </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">include
maintenance of the module, or returning the module to the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">vendor
for servicing.)</font></font></font></p>
<p style="margin-top: 0.19in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.09.07.01</font></b>The
vendor shall provide a list of all self-tests that the module can </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">perform.
This list shall include both power-up tests and conditional </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">tests.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.09.07.02</font></b>For
each error condition, the vendor documentation shall provide the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">condition
name, the events that can produce the condition, and the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">actions
necessary to clear the condition and resume normal operation.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.09.08</font></b>Power-up
tests shall be performed by the cryptographic module when </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">the
module is powered up (after being powered off, reset, rebooted, </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">etc.).</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.09.09</font></b>The
power-up tests shall be initiated automatically and shall not require
</font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">operator
intervention.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.2in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.09.09.01</font></b>The
vendor documentation shall require that the running of power-up </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">self-tests
not involve any inputs from or actions by the operator.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.09.10</font></b>When
the power-up tests are completed, the results (i.e., indications of </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">success
or failure) shall be output via the "status output"
interface.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.09.10.01</font></b>The
vendor shall document the indicator that the module outputs upon </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">successful
completion of the power-up self-tests.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.09.11</font></b>All
data output via the output interface shall be inhibited when the
tests </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">are
performed.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Note:
This assertion is tested as part of AS02.06.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.09.12</font></b>In
addition to performing the power-up tests when powered up, the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">cryptographic
module shall permit operators to initiate the tests on </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">demand
for periodic testing of the module.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.09.12.01</font></b>The
vendor shall describe the procedure by which an operator can </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">initiate
the power-up self-tests on demand. All of the power-up </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">self-tests
must be included.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.09.13</font></b>The
cryptographic module shall perform the following power-up tests: </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">cryptographic
algorithm test, software/firmware integrity test, and </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">critical
functions test.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.09.13.01</font></b>See
VE09.07.01 for the vendor requirement.</font></font></font></p>
<p style="margin-top: 0.23in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.09.16</font></b>A
cryptographic algorithm test using a known answer shall be </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">conducted
for all cryptographic functions (e.g., encryption, decryption, </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">authentication
and random number generation) of each Approved </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">cryptographic
algorithm implemented by the cryptographic module.</font></font></font></p>
<p style="margin-top: 0.2in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.09.16.01</font></b>See
VE09.07.01 for the vendor requirement.</font></font></font></p>
<p style="margin-top: 0.23in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.09.17</font></b>If
the calculated output does not equal the known answer, the
known-answer test shall fail.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.09.17.01</font></b>The
vendor documentation shall specify the method used to compare </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">the
calculated output with the known answer.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.09.17.02</font></b>The
documentation shall show the transition into an error state and </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">output
of an error indicator when the two outputs are not equal.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.09.18</font></b>Cryptographic
algorithms whose outputs vary for a given set of inputs </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">(e.g.,
the Digital Signature Algorithm) shall be tested using a </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">known-answer
test or shall be tested using a pair-wise consistency test.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.09.18.01</font></b>See
VE09.07.01 for the vendor requirement.</font></font></font></p>
<p style="margin-top: 0.23in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.09.18.02</font></b>The
vendor documentation shall specify and describe the test(s) which </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">is
implemented.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.09.19</font></b>Message
digest algorithms shall have an independent known-answer test</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">or
the known-answer test shall be included with the associated </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">cryptographic
algorithm test (e.g., the Digital Signature Standard).</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.2in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.09.19.01</font></b>See
VE09.07.01 for the vendor requirement.</font></font></font></p>
<p style="margin-top: 0.23in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.09.19.02</font></b>The
vendor documentation shall specify and describe the test(s) which </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">is
implemented.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.09.20</font></b>If
the cryptographic module includes two independent implementations </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">of
the same cryptographic algorithm, then the outputs of two </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">implementations
shall be continuously compared.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.09.20.01</font></b>See
VE09.07.01 for the vendor requirement.</font></font></font></p>
<p style="margin-top: 0.23in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.09.20.02</font></b>The
vendor shall specify whether a known answer test or the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">comparison
of the output of two independent cryptographic algorithm </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">implementations
(compared answer test) is used to test the module's </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">cryptographic
algorithm. If the compared answer test is used, the </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">vendor
shall document this fact.</font></font></font></p>
<p style="margin-top: 0.17in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.09.21</font></b>If
the cryptographic module includes two independent implementations </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">of
the same cryptographic algorithm then, if the outputs of two </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">implementations
are not equal, the cryptographic algorithm test shall </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">fail.</font></font></font></p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.09.22</font></b>A
software/firmware integrity test using an error detection code (EDC) </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">or
Approved authentication technique (e.g., an Approved message </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">authentication
code or digital signature algorithm) shall be applied to all </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">validated
software and firmware components within the cryptographic </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">module
when the module is powered up.</font></font></font></p>
<p style="margin-top: 0.17in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.09.22.01</font></b>The
vendor documentation shall specify whether an error detection </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">code
(EDC) or a Approved authentication technique (e.g., an Approved</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">message
authentication code or digital signature algorithm) is implemented as
an integrity test for all software and firmware components.</font></font></font></p>
<p style="margin-top: 0.2in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment</b></i></font></font></font></p>
<p style="margin-top: 0.2in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.01in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.09.22.02</font></b>The
documentation shall describe the implemented integrity </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">mechanism.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.09.22.03</font></b>If
the module implements an Approved authentication technique:</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">(1)
The vendor shall provide a validation certificate as specified in </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">VE01.12.01.
</font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">or</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">(2)
In the absence of a CMVP algorithm validation certificate issuing </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">process,
the vendor organization shall provide a written affirmation </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">asserting
that the authentication technique implemented in the module is</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Approved.</font></font></font></p>
<p style="margin-top: 0.19in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.09.23</font></b>If
the calculated result does not equal the previously generated result,
</font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">the
software/firmware test shall fail.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Note:
This assertion is tested as part of AS09.22.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.09.24</font></b>If
an EDC is used, the EDC shall be at least 16 bits in length.</font></font></font></p>
<p style="margin-top: 0.23in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.09.24.01</font></b>If
the module implements EDCs for software/firmware integrity, the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">vendor
documentation shall indicate that the EDC is at least 16 bits in </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">length.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.09.25</font></b>Other
security functions critical to the secure operation of the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">cryptographic
module shall be tested when the module is powered up as</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">part
of the power-up tests.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Note:
This assertion is tested as part of AS09.27.</font></font></font></p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.09.26</font></b>Other
critical security functions performed under specific conditions </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">shall
be tested as conditional tests.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Note:
This assertion is tested as part of AS09.27.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.2in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.09.27</font></b>Documentation
shall specify all security functions critical to the secure </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">operation
of the cryptographic module and shall identify the applicable </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">power-up
tests and conditional tests performed by the module.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Note:
Critical functions are defined as those functions that, upon failure,</font></font></font></p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">could
lead to the disclosure of CSPs. Examples of critical functions </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">include
but not limited to random number generation, operation of the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">cryptographic
algorithm, and cryptographic bypass.</font></font></font></p>
<p style="margin-top: 0.18in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.09.27.01</font></b>The
vendor shall provide documentation of all critical functions. For </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">each
critical function, the vendor shall indicate:</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">1.
The purpose of the critical function</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">2.
Which critical functions are tested by which power-up tests</font></font></font></p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">3.
Which critical functions are tested by which conditional tests</font></font></font></p>
<p style="margin-top: 0.17in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.09.28</font></b>Note:
There are no requirements for this assertion number.</font></font></font></p>
<p style="margin-top: 0.23in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.09.28.01</font></b>Note:
There are no requirements for this assertion number.</font></font></font></p>
<p style="margin-top: 0.23in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.09.29</font></b>Conditional
tests shall be performed by the cryptographic module when </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">the
conditions specified for the following tests occur: pair-wise </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">consistency
test, software/firmware load test, manual key entry test, </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">continuous
random number generator test, and bypass test.Note: This </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">assertion
is not separately tested.</font></font></font></p>
<p style="margin-top: 0.17in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.09.30</font></b>If
the cryptographic module generates public or private keys, then the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">following
pair-wise consistency tests for public and private keys shall be</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">performed.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Note:
This assertion is tested as part of AS09.31, and AS09.33.</font></font></font></p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.09.31</font></b>If
the keys are used to perform an approved key transport method, then</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">the
public key shall encrypt a plaintext value. The resulting ciphertext </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">value
shall be compared to the original plaintext value. If the two </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">values
are equal, then the test shall fail. If the two values differ, then </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">the
private key shall be used to decrypt the ciphertext and the resulting
</font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">value
shall be compared to the original plaintext value. If the two values
are not equal, the test shall fail.</font></font></font></p>
<p style="margin-top: 0.02in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.09.31.01</font></b>If
the keys are used to perform an approved key transport method, the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">cryptographic
module shall test for pairwise consistency by applying the</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">public
key to a plaintext value. The resulting ciphertext shall be </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">compared
to the original plaintext to verify that they differ.</font></font></font></p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">*
If the two values are equal, then the cryptographic module shall </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">enter
an error state and output an error indicator via the status
interface.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">*
If the two values differ, then the private key shall be applied to
the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">ciphertext
and the result shall be compared to the original plaintext.</font></font></font></p>
<p style="margin-top: 0.19in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.09.32</font></b>Note:
There are no requirements for this assertion number.</font></font></font></p>
<p style="margin-top: 0.23in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.09.32.01</font></b>Note:
There are no requirements for this assertion number.</font></font></font></p>
<p style="margin-top: 0.23in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.09.33</font></b>If
the keys are used to perform the calculation and verification of
digital</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">signatures,
then the consistency of the keys shall be tested by the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">calculation
and verification of a digital signature. If the digital signature </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">cannot
be verified, the test shall fail.</font></font></font></p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.09.33.01</font></b>If
the public and private keys are to be used only for the calculation </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">and/or
verification of digital signatures, then the cryptographic module </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">shall
test for pairwise consistency by calculation and verification of a </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">signature.
If the signature cannot be verified, the test shall fail.</font></font></font></p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.09.34</font></b>If
software or firmware components can be externally loaded into the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">cryptographic
module, then the following software/firmware load tests </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">shall
be performed.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Note:
This assertion is tested as part of AS09.34, AS09.35, and </font></font></font>
</p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.2in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.09.35</font></b>An
Approved authentication technique (e.g., an Approved message </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">authentication
code, digital signature algorithm, or HMAC) shall be </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">applied
to all validated software and firmware components when the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">components
are externally loaded into the cryptographic module.</font></font></font></p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.09.35.01</font></b>The
vendor documentation shall describe the Approved authentication </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">technique
used to protect the integrity of all externally loaded software </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">and
firmware components.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.09.35.02</font></b>If
the module implements an Approved authentication technique:</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">(1)
The vendor shall provide a validation certificate as specified in </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">VE01.12.01.
</font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">or</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">(2)
In the absence of a CMVP algorithm validation certificate issuing </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">process,
the vendor organization shall provide a written affirmation </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">asserting
that the authentication technique implemented in the module is</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Approved.</font></font></font></p>
<p style="margin-top: 0.19in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.09.36</font></b>The
calculated result shall be compared with a previously generated </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">result.
If the calculated result does not equal the previously generated </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">result,
the software/firmware integrity test shall fail.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Note:
This assertion is tested as part of AS09.35.</font></font></font></p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.09.37</font></b>If
cryptographic keys or key components are manually entered into the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">cryptographic
module, then the following manual key entry tests shall </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">be
performed.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Note:
This assertion is not separately tested.</font></font></font></p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.09.38</font></b>The
cryptographic key or key components shall have an EDC applied, </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">or
shall be entered using duplicate entries.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Note:
This assertion is tested as part of AS09.40.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.09.39</font></b>If
an EDC is used, the EDC shall be at least 16 bits in length.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Note:
This assertion is tested as part of AS09.40.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.2in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.09.40</font></b>If
the EDC cannot be verified, or the duplicate entries do not match, </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">the
test shall fail.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.09.40.01</font></b>The
vendor shall document the manual key entry test. Depending on </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">whether
error detection codes or duplicate key entries are used, the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">manual
key entry test shall include the following:</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">1.
Error detection codes (EDCs):</font></font></font></p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">*
Description of EDC calculation algorithm</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">*
Description of verification process</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">*
Expected outputs for success or failure of test</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">2.
Duplicate key entries:</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">*
Description of verification process</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">*
Expected outputs for success or failure of test</font></font></font></p>
<p style="margin-top: 0.21in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.09.40.02</font></b>If
EDCs are associated with keys, then the vendor documentation that </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">describes
the format of the cryptographic keys (see AS07.03) shall </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">include
fields for the error detection codes.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.09.41</font></b>If
a cryptographic module employs Approved or non-Approved RNGs </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">in
an Approved mode of operation, the module shall perform the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">following
continuous random number generator test on each RNG that </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">tests
for failure to a constant value.</font></font></font></p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Note:
This assertion is tested as part of AS09.42 and AS09.43.</font></font></font></p>
<p style="margin-top: 0.17in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.09.42</font></b>If
each call to a RNG produces blocks of n bits (where n &gt; 15), the
first</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">n-bit
block generated after power-up, initialization, or reset shall not be</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">used,
but shall be saved for comparison with the next n-bit block to be </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">generated.
Each subsequent generation of an n-bit block shall be </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">compared
with the previously generated block. The test shall fail if any</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">two
compared n-bit blocks are equal.</font></font></font></p>
<p style="margin-top: 0.17in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.09.42.01</font></b>If
the module implements a random number generator, the vendor shall </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">document
the continuous random number generator test.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.2in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.09.43</font></b>If
each call to a RNG produces fewer than 16 bits, the first n bits </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">generated
after power-up, initialization, or reset (for some n &gt; 15) shall </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">not
be used, but shall be saved for comparison with the next n </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">generated
bits. Each subsequent generation of n bits shall be compared </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">with
the previously generated n bits. The test fails if any two compared</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">n-bit
sequences are equal.</font></font></font></p>
<p style="margin-top: 0.17in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.09.43.01</font></b>If
the module implements a random number generator, the vendor shall </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">document
the continuous random number generator test.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.09.44</font></b>If
the cryptographic module implements a bypass capability where the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">services
may be provided without cryptographic processing (e.g., </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">transferring
plaintext through the module), then the following bypass </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">tests
shall be performed to ensure that a single point of failure of </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">module
components will not result in the unintentional output of </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">plaintext.</font></font></font></p>
<p style="margin-top: 0.17in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.09.45</font></b>The
cryptographic module shall test for the correct operation of the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">services
providing cryptographic processing when a switch takes place </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">between
an exclusive bypass service and an exclusive cryptographic </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.09.45.01</font></b>If
the cryptographic module implements a bypass service, then the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">vendor
shall implement a bypass test to verify the correct operation of </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">the
cryptographic service when a switch takes place between an </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">exclusive
bypass and an exclusive cryptographic service.</font></font></font></p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.09.45.02</font></b>The
vendor shall provide a description of the test as defined in </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">AS09.48.
The bypass test shall demonstrate that, when switched to an </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">exclusive
cryptographic service, the module does not output plaintext </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">information
as defined in AS09.47. The test fails if the cryptographic </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">module
outputs plaintext information.</font></font></font></p>
<p style="margin-top: 0.17in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.09.46</font></b>If
the cryptographic module can automatically alternate between a </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">bypass
service and a cryptographic service, providing some services </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">with
cryptographic processing and some services without cryptographic </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">processing,
then the module shall test for the correct operation of the </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">services
providing cryptographic processing when the mechanism </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">governing
the switching procedure is modified (e.g., an IP address
source/destination table).</font></font></font></p>
<p style="margin-top: 0.22in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.09.46.01</font></b>If
the cryptographic module is designed to automatically alternate </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">between
a bypass service and a cryptographic service, then the vendor </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">shall
implement a bypass test to verify the correct operation of the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">cryptographic
service when the mechanism governing the switching </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">procedure
is modified.</font></font></font></p>
<p style="margin-top: 0.17in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.09.46.02</font></b>The
vendor shall provide a description of the test as defined in </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">AS09.48.
The bypass test shall demonstrate that when the mechanism </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">governing
the switching procedure is modified:</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">1.
The mechanism is verified not to have been altered since the last </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">modification.
If the mechanism has been altered, the cryptographic </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">module
shall enter an error state and output an error indicator to the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">status
interface.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">2.
The correct operation of the cryptographic service is verified by </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">demonstrating
that the module does not output plaintext information as </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">defined
in AS09.47. The test fails if the module outputs plaintext </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">information.</font></font></font></p>
<p style="margin-top: 0.01in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.09.47</font></b>No
single point of failure shall result in the unintentional output of </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">plaintext.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Note:
This assertion is tested as part of AS09.45 and AS09.46.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.09.48</font></b>Documentation
shall specify the mechanism or logic governing the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">switching
procedure.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Note:
This assertion is tested as part of AS09.45 and AS09.46.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.03in; margin-bottom: 0in; page-break-before: always;" align="left">
<br>
</p>
<p style="margin-top: 0.04in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="4"><i><b>SECTION
10: DESIGN ASSURANCE</b></i></font></font></font></p>
<p style="margin-top: 0.19in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.10.01</font></b>A
configuration management system shall be implemented for the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">cryptographic
module and module components within the cryptographic</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">boundary,
and for associated module documentation.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.10.01.01</font></b>The
vendor documentation shall describe the configuration management</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">(CM)
system for the cryptographic module, module components, and </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">associated
module documentation.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.10.02</font></b>Each
version of each configuration item (e.g., cryptographic module, </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">module
components, user guidance, security policy, and operating </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">system)
that comprises the module and associated documentation shall </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">be
assigned and labeled with a unique identification number.</font></font></font></p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.10.02.01</font></b>The
vendor CM documentation shall include a configuration list of all </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">configuration
items. The CM documentation shall describe the method </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">used
to uniquely identify the configuration items.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.10.02.02</font></b>The
vendor documentation shall describe the method used to uniquely </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">identify
the version of each configuration item being validated.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.10.03</font></b>Documentation
shall specify the procedures for secure installation, </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">initialization,
and startup of the cryptographic module.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.10.03.01</font></b>The
vendor documentation shall describe the steps necessary for the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">secure
installation, initialization, and start-up of the cryptographic </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">module.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.2in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.10.05</font></b>The
following requirements shall apply to cryptographic modules for </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Security
Level 1.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Note:
This assertion is tested as part of AS10.06 and AS10.07.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.10.06</font></b>Documentation
shall specify the correspondence between the design of </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">the
hardware, software, and firmware components of the cryptographic</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">module
and the cryptographic module security policy.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.10.06.01</font></b>The
vendor documentation shall describe how the hardware, software, </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">and
firmware design(s) corresponds to the security policy (rules of </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">operation)
of the cryptographic module.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.10.07</font></b>If
the cryptographic module contains software or firmware components,</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">documentation
shall specify the source code for the software and </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">firmware
components, annotated with comments that clearly depict the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">correspondence
of the components to the design of the module.</font></font></font></p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.10.07.01</font></b>The
vendor shall supply a list of the names of all the software and </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">firmware
components contained in the cryptographic module.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.10.07.02</font></b>The
vendor shall supply an annotated source listing of each software </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">and
firmware component contained in the cryptographic module.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.10.08</font></b>If
the cryptographic module contains hardware components, </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">documentation
shall specify the schematics and/or Hardware </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Description
Language (HDL) listings for the hardware components.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.10.08.01</font></b>The
vendor shall supply a list of the hardware components contained in</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">the
cryptographic module.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.2in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.10.21</font></b>Crypto
officer guidance shall specify the administrative functions, </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">security
events, security parameters (and parameter values, as </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">appropriate),
physical ports, and logical interfaces of the cryptographic </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">module
available to the crypto officer.</font></font></font></p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Note:
This assertion is tested as part of AS10.23.</font></font></font></p>
<p style="margin-top: 0.17in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.10.22</font></b>Crypto
officer guidance shall specify procedures on how to administer </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">the
cryptographic module in a secure manner.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Note:
This assertion is tested as part of AS10.23.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.10.23</font></b>Crypto
officer guidance shall specify assumptions regarding user </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">behavior
that is relevant to the secure operation of the cryptographic </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">module.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.10.23.01</font></b>The
vendor documentation shall include the information listed in </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">AS10.21,
AS10.22 and AS10.23.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.10.23.02</font></b>The
crypto officer nonproprietary guidance shall be available to the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">crypto
officer.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.10.24</font></b>User
guidance shall specify the Approved security functions, physical </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">ports,
and logical interfaces available to the users of the cryptographic </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">module</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Note:
This assertion is tested as part of AS10.25.</font></font></font></p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.10.25</font></b>User
guidance shall specify all user responsibilities necessary for the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">secure
operation of the cryptographic module.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.10.25.01</font></b>The
vendor documentation shall include the information listed in </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">AS10.24
and AS10.25.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.2in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.10.25.02</font></b>The
user nonproprietary guidance shall be available to the user.</font></font></font></p>
<p style="margin-top: 0.23in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in; page-break-before: always;" align="left"><br>
</p>
<p style="margin-top: 0.04in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="4"><i><b>SECTION
11: MITIGATION OF OTHER ATTACKS</b></i></font></font></font></p>
<p style="margin-top: 0.19in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.11.01</font></b>If
the cryptographic module is designed to mitigate one or more specific</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">attacks,
then the module's security policy shall specify the security </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">mechanisms
employed by the module to mitigate the attack(s).</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b>Not
Applicable</b></font></font></font></p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.11.01.01</font></b>The
vendor provided nonproprietary security policy shall specify </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">whether
the cryptographic module is designed to mitigate specific </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">attacks.
The vendor shall specify in the nonproprietary security policy </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b>Not
Applicable</b>the security mechanism(s) implemented by the
cryptographic module to</font></font></font></p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">mitigate
the attack(s).</font></font></font></p>
<p style="margin-top: 0.17in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.11.01.02</font></b>The
vendor provided nonproprietary security policy shall indicate how </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">the
implemented mechanism(s) were shown to mitigate the attack(s).</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b>Not
Applicable</b></font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.04in; margin-bottom: 0in; page-break-before: always;" align="left">
<br>
</p>
<p style="margin-top: 0.04in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="4"><i><b>C:
CRYPTOGRAPHIC MODULE SECURITY POLICY</b></i></font></font></font></p>
<p style="margin-top: 0.19in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.14.01</font></b>The
cryptographic module security policy shall be included in the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">documentation
provided by the vendor.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.14.01</font></b>A
diagram or image of the physical cryptographic module (if </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">appropriate)
shall be included in the security policy. The image may be</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">used
to indicate the security relevant features of the cryptographic </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">module
(e.g., tamper evidence, status indicator(s), user interface(s), </font></font></font>
</p>
<p style="margin-top: 0.25in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.14.02</font></b>The
cryptographic module security policy shall consist of: a </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">specification
of the security rules, under which the cryptographic </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">module
shall operate, including the security rules derived from the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">requirements
of the standard and the additional security rules imposed </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">by
the vendor.</font></font></font></p>
<p style="margin-top: 0.17in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.14.03</font></b>The
specification shall be sufficiently detailed to answer the following </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">questions:
</font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">*
What access does operator X, performing service Y while in role Z, </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">have
to security-relevant data item W for every role, service, and </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">security-relevant
data item contained in the cryptographic module? </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">*
What physical mechanisms are implemented to protect the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">cryptographic
module and what actions are required to ensure that the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">physical
security of the module is maintained?</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">*
What security mechanisms are implemented in the cryptographic </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">module
to mitigate against attacks for which testable requirements are </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">not
defined in the standard? </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Note:
This assertion is tested as part of AS14.05-AS14.09.</font></font></font></p>
<p style="margin-top: 0.22in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.14.04</font></b>The
cryptographic module security policy shall be expressed in terms of</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">roles,
services, and cryptographic keys and CSPs. At a minimum, the</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">following
shall be specified:</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">*
an identification and authentication (I&amp;A) policy,</font></font></font></p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">*
an access control policy,* a physical security policy, and</font></font></font></p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">*
a security policy for mitigation of other attacks.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Note:
This assertion is tested as part of AS14.05-AS14.09.</font></font></font></p>
<p style="margin-top: 0.05in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.14.05</font></b>The
cryptographic module security policy shall specify an identification </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">and
authentication policy, including </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">*
all roles (e.g., user, crypto officer, and maintenance) and
associated </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">type
of authentication (e.g., identity-based, role-based, or none) and</font></font></font></p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">*
the authentication data required of each role or operator (e.g., </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">password
or biometric data) and the corresponding strength of the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">authentication
mechanism.</font></font></font></p>
<p style="margin-top: 0.18in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.14.05.01</font></b>The
vendor shall specify all roles that may be assumed by an operator </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">of
the cryptographic module. This list shall include the User Role and </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">the
Crypto Officer Role (see AS03.03). If the cryptographic module </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">allows
for maintenance, the list shall include a Maintenance Role (see </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">AS03.04).
All other authorized roles shall be specified (see AS03.06).</font></font></font></p>
<p style="margin-top: 0.17in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.14.05.02</font></b>For
Security Levels 2, 3, and 4, the vendor shall specify whether the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">type
of authentication is identity-based or role-based for each of the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">roles
listed in VE14.05.01. The vendor shall specify the authentication </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">data
required for each role (see AS03.17, AS03.19 and AS03.23). The</font></font></font></p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">vendor
shall specify the strength of corresponding authentication </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">mechanisms
(see AS03.24, AS03.25, and AS03.28).</font></font></font></p>
<p style="margin-top: 0.17in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.14.05.03</font></b>The
vendor shall utilize the tabular formats specified in Appendix C of </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">FIPS
PUB 140-2.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.14.06</font></b>The
cryptographic module shall specify an access control policy. The </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">specification
shall be of sufficient detail to identify the cryptographic </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">keys
and CSPs the operator has access to while performing a service, </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">and
the type(s) of access the operator has to these parameters.</font></font></font></p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Note:
This assertion is not separately tested.</font></font></font></p>
<p style="margin-top: 0.17in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.14.07</font></b>The
security policy shall specify:</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">*
all roles supported by the cryptographic module,</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">*
all services provided by the cryptographic module, </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">*
all cryptographic keys and CSPs employed by the cryptographic </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">module,
including</font></font></font></p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">-
secret, private, and public cryptographic keys (both plaintext and </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">encrypted),</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">-
authentication data such as passwords or PINs, and</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">-
other security-relevant information (e.g., audited events and audit </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">data),</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">*
for each role, the services an operator is authorized to perform </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">within
that role, and</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">*
for each service within each role, the type(s) of access to the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">cryptographic
keys and CSPs.</font></font></font></p>
<p style="margin-top: 0.1in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.14.07.01</font></b>The
vendor shall specify all services that are provided to an authorized </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">role.
This list must include the Show Status Service and all Self-Test </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">Services
(see AS03.11). All other authorized roles shall be specified </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.14.07.02</font></b>For
each provided service within each authorized role, the vendor shall </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">specify
the allowed type(s) of access to security-related information, </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">including
secret and private cryptographic keys (both plaintext and </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">encrypted),
authentication data CSPs, and other protected information </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">(see
AS01.15).</font></font></font></p>
<p style="margin-top: 0.17in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.14.07.03</font></b>The
vendor shall utilize the tabular format specified in Appendix C in </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">FIPS
PUB 140-2.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.14.08</font></b>The
cryptographic module security policy shall specify a physical </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">security
policy, including: </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">*
the physical security mechanisms that are implemented in the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">cryptographic
module (e.g., tamper-evident seals, locks, tamper </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">response
and zeroization switches, and alarms) and</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">*
the actions required by the operator(s) to ensure that physical </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">security
is maintained (e.g., periodic inspection of tamper-evident seals </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">and
zeroization switches).</font></font></font></p>
<p style="margin-top: 0.19in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.14.08.01</font></b>The
vendor shall specify the physical security mechanisms that are </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">implemented
in the cryptographic module.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.2in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.14.08.02</font></b>The
vendor shall specify the actions required by the operator(s) to </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">ensure
that physical security is maintained.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">AS.14.09</font></b>The
cryptographic module security policy shall specify a security policy</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">for
mitigation of other attacks, including the security mechanisms </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">implemented
to mitigate the attacks.</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-top: 0.03in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.14.09.01</font></b>The
vendor shall specify the security mechanisms of the cryptographic </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">module
that are designed to mitigate specific attacks. This specification</font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">shall
indicate how the implemented mechanism(s) were shown to </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">mitigate
the attack(s) and shall describe any limitations of these </font></font></font>
</p>
<p style="margin-top: 0.08in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">mechanisms
(i.e., specific conditions or circumstances under which the </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">mechanisms
are known to be ineffective).</font></font></font></p>
<p style="margin-top: 0.17in; margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-top: 0.11in; margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3"><b><font size="4">VE.14.09.02</font></b>The
vendor shall utilize the tabular format specified in Appendix C in </font></font></font>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000000"><font face="Times New Roman, Times New Roman, serif"><font size="3">FIPS
PUB 140-2.</font></font></font></p>
<p style="margin-top: 0.09in; margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="left"><font color="#000080"><font face="Times New Roman, Times New Roman, serif"><font size="3"><i><b>Assessment:</b></i></font></font></font></p>
<p style="margin-bottom: 0in;" align="left"><br>
</p>
<p style="margin-bottom: 0in;" align="center"><br>
</p>
</body></html>
Glen
219

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/10563"

Navigation menu