1. Home
  2. Moldova standards
  3. STM
  4. St ISO IEC 24759-2025

ISO IEC 24759-2025 PDF

St ISO IEC 24759-2025

Name in English:
St ISO IEC 24759-2025

Name in Russian:
Ст ISO IEC 24759-2025

Description in English:

Original standard ISO IEC 24759-2025 in PDF full version. Additional info + preview on request

Description in Russian:
Оригинальный стандарт ISO IEC 24759-2025 в PDF полная версия. Дополнительная инфо + превью по запросу
Document status:
Active
Format:
Electronic (PDF)
Delivery time (for English version):
1 business day
Delivery time (for Russian version):
365 business days
SKU:
stiso25832
Choose Document Language:
€25

Full title and description

St ISO IEC 24759-2025 — Information security, cybersecurity and privacy protection — Test requirements for cryptographic modules. This International Standard specifies methods and vendor evidence requirements used by testing laboratories to verify that cryptographic modules conform to the security requirements defined for cryptographic modules.

Abstract

This document defines objective, repeatable test methods for laboratories to assess cryptographic modules against the security requirements specified in ISO/IEC 19790:2025. It also specifies the supporting information vendors must provide to demonstrate conformity and can be used by vendors for self‑verification prior to formal testing.

General information

  • Status: Published.
  • Publication date: February 2025 (ISO listing: 2025-02).
  • Publisher: ISO (joint technical work under ISO/IEC JTC 1/SC 27).
  • ICS / categories: 35.030 (Information technology — Security techniques).
  • Edition / version: Edition 4 (2025).
  • Number of pages: 182 pages (ISO catalogue listing).

Scope

Specifies test methods for use by accredited testing laboratories to determine whether a cryptographic module meets the security requirements given in ISO/IEC 19790:2025. The standard prescribes vendor evidence and documentation required for testing, and provides a consistent, objective framework to support repeatable conformance testing and certification activities. It is intended to be used alongside ISO/IEC 19790 (security requirements) and complementary testing documents for specific attack classes.

Key topics and requirements

  • Defined, repeatable laboratory test methods to verify conformance to ISO/IEC 19790 security requirements.
  • Vendor documentation and evidence requirements to support each assertion used during testing (design, implementation, operational environment, key management, etc.).
  • Objective pass/fail criteria and test procedures intended to ensure consistency across testing laboratories.
  • Alignment with specific attack‑class testing standards (e.g., non‑invasive attack metrics) and guidance for how those test metrics are applied in module evaluation.
  • Provisions accommodating national/regional validation programs (for example, interaction with CMVP/FIPS validation practices and related NIST guidance).

Typical use and users

Primary users are accredited testing laboratories, conformity assessment bodies, cryptographic module vendors preparing submissions for evaluation, and procurement/security teams that require validated cryptographic modules. Certification authorities and national validation programs (e.g., CMVP) and security evaluators use this standard as part of formal module evaluation and certification workflows.

Related standards

Closely related standards include ISO/IEC 19790:2025 (Security requirements for cryptographic modules), ISO/IEC 17825 (testing methods for mitigation of non‑invasive attacks), and national/sector guidance such as FIPS 140‑3 / CMVP processes and NIST publications (for example SP 800‑140D which affects certain testing/parameter requirements). Earlier editions of ISO/IEC 24759 (2017, 2014, etc.) were withdrawn and replaced by this 2025 edition.

Keywords

cryptographic module testing, conformance testing, ISO/IEC 24759, ISO/IEC 19790, test methods, vendor evidence, CMVP, FIPS, non‑invasive testing, security levels.

FAQ

Q: What is this standard?

A: ISO/IEC 24759:2025 specifies laboratory test methods and vendor evidence requirements to assess whether cryptographic modules meet the security requirements defined in ISO/IEC 19790:2025. It provides objective, repeatable procedures for conformance testing.

Q: What does it cover?

A: It covers test procedures, pass/fail criteria, and the types of vendor documentation and supporting evidence required for each assertion used in testing. The aim is consistent, objective testing across laboratories and jurisdictions.

Q: Who typically uses it?

A: Accredited testing laboratories, conformity assessment bodies, cryptographic module vendors, security evaluators, and certification programs (including national validation authorities) use it for module evaluation and certification.

Q: Is it current or superseded?

A: As of its publication in February 2025, ISO/IEC 24759:2025 is the current edition and supersedes earlier editions such as ISO/IEC 24759:2017 and ISO/IEC 24759:2014, which have been withdrawn.

Q: Is it part of a series?

A: Yes — it is part of the family of cryptographic module standards that includes ISO/IEC 19790 (security requirements) and companion testing standards such as ISO/IEC 17825 (non‑invasive attack testing). It is maintained by ISO/IEC JTC 1/SC 27.

Q: What are the key keywords?

A: Cryptographic module, test requirements, conformance testing, vendor evidence, ISO/IEC 19790, non‑invasive testing, security levels, CMVP/FIPS.