Reference Guide

4 Crypto-C ME Cryptographic Toolkit

RSA BSAFE Crypto-C Micro Edition 4.1.4 Security Policy Level 1

with Level 2 Roles, Services and Authentication

1.1 Cryptographic Module

Crypto-C ME is classified as a multi-chip standalone cryptographic module for the

purposes of FIPS 140-2. As such, Crypto-C ME must be tested on a specific operating

system and computer platform. The cryptographic boundary includes Crypto-C ME

running on selected platforms running selected operating systems while configured in

“single user” mode. Crypto-C ME is validated as meeting FIPS 140-2 Security Level

2 for Roles, Services and Authentication, Security Level 3 for Design Assurance, and

Security Level 1 for overall security requirements.

Crypto-C ME is packaged as a set of dynamically loaded shared libraries containing

the module's entire executable code. The Crypto-C ME toolkit relies on the physical

security provided by the hosting general purpose computer (GPC) in which it runs. A

Level 2 hosting GPC operational environment should incorporate a Common Criteria

Evaluation Assurance Level 2 (EAL2) operating system and the enclosure should be

at least opaque and be either lockable or tamper evident.

The following table lists the certification levels sought for Crypto-C ME for each

section of the FIPS 140-2 specification.

Table 1 Certification Levels

Section of the FIPS 140-2 Specification Level

Cryptographic Module Specification 3

Cryptographic Module Ports and Interfaces 1

Roles, Services, and Authentication 2

Finite State Model 1

Physical Security N/A

Operational Environment 1

Cryptographic Key Management 1

EMI/EMC 1

Self-Tests 1

Design Assurance 3

Mitigation of Other Attacks 1

Overall 1