1. Home
  2. Moldova standards
  3. STM
  4. St ISO IEC 19790-2025

ISO IEC 19790-2025 PDF

St ISO IEC 19790-2025

Name in English:
St ISO IEC 19790-2025

Name in Russian:
Ст ISO IEC 19790-2025

Description in English:

Original standard ISO IEC 19790-2025 in PDF full version. Additional info + preview on request

Description in Russian:
Оригинальный стандарт ISO IEC 19790-2025 в PDF полная версия. Дополнительная инфо + превью по запросу
Document status:
Active
Format:
Electronic (PDF)
Delivery time (for English version):
1 business day
Delivery time (for Russian version):
365 business days
SKU:
stiso25173
Choose Document Language:
€25

Full title and description

ISO/IEC 19790:2025 — Information security, cybersecurity and privacy protection — Security requirements for cryptographic modules. This International Standard specifies security requirements for cryptographic modules used within information and communication technology (ICT) systems, defining security objectives, design and operational controls to protect sensitive information processed or protected by such modules.

Abstract

The standard defines up to four increasing security levels across multiple requirement areas to cover a wide spectrum of data sensitivity and application environments. It sets requirements for module specification, interfaces, authentication and roles, physical and operational security, cryptographic key management, self-tests, design assurance and mitigation of attacks, among other topics. The document provides a basis for objective evaluation of cryptographic modules.

General information

  • Status: Published
  • Publication date: 26 February 2025.
  • Publisher: ISO/IEC (ISO/IEC JTC 1/SC 27 — Information security, cybersecurity and privacy protection)
  • ICS / categories: 35.030
  • Edition / version: Edition 3 (2025)
  • Number of pages: 80.

Scope

Specifies security requirements for a cryptographic module utilized within a security system protecting sensitive information in ICT. The standard applies to modules across a variety of environments (from guarded facilities to unprotected locations) and establishes up to four security levels for each of the defined requirement areas to address differing threat, sensitivity and deployment scenarios.

Key topics and requirements

  • Definition of up to four security levels to accommodate a range of data sensitivity and environments.
  • Eleven requirement areas covering module specification, ports and interfaces, roles/services/authentication, finite state model, physical security, operational environment, cryptographic key management, self-tests, design assurance, mitigation of other attacks, and configuration/maintenance controls.
  • Requirements for secure design, implementation and lifecycle management of cryptographic modules.
  • Controls for physical and logical separation, tamper evidence/response, and secure key handling.
  • Self-test, diagnostic and failure-handling requirements to ensure ongoing module integrity.

Typical use and users

Vendors and developers of cryptographic modules, certification and testing laboratories, product security evaluators, integrators of secure systems, and government or regulated organizations that require validated cryptographic components for protection of sensitive data. The standard is used as a baseline for product development, conformity assessment and procurement specifications.

Related standards

ISO/IEC 24759:2025 — Test requirements for cryptographic modules (methods used by testing laboratories to verify conformity with ISO/IEC 19790:2025) and ISO/IEC TS 20540:2025 — guidance for field testing of cryptographic modules are closely related and used together in evaluation programs. The standard lineage includes earlier editions ISO/IEC 19790:2012 and 2006; ISO/IEC 19790:2025 supersedes those earlier editions.

Keywords

cryptographic module, security levels, key management, physical security, self-test, module validation, cryptographic boundary, conformity assessment, ISO/IEC JTC 1/SC 27

FAQ

Q: What is this standard?

A: ISO/IEC 19790:2025 is an international standard specifying security requirements for cryptographic modules used to protect sensitive information in ICT systems.

Q: What does it cover?

A: It covers functional and assurance requirements across multiple areas (interfaces, roles, physical security, key management, self-tests, mitigation of attacks, design assurance, etc.) and defines up to four security levels that increase protection as requirements grow more stringent.

Q: Who typically uses it?

A: Module vendors and designers, testing and certification laboratories, evaluators, system integrators, procurement teams and regulatory or government bodies that require validated cryptographic modules.

Q: Is it current or superseded?

A: ISO/IEC 19790:2025 is the current (published) edition and supersedes earlier editions such as ISO/IEC 19790:2012.

Q: Is it part of a series?

A: It is part of a family of standards for cryptographic module assurance and testing; the companion testing standard ISO/IEC 24759:2025 and related technical specifications (for example ISO/IEC TS 20540:2025) are typically used alongside ISO/IEC 19790 for conformity assessment and field testing.

Q: What are the key keywords?

A: cryptographic module, security requirements, security levels, key management, module testing, conformity assessment, physical security, self-tests.