ISO/IEC 19790

ISO/IEC 19790 is an ISO/IEC standard for security requirements for cryptographic modules. It addresses a wide range of issues regarding their implementation, including specifications, interface definitions, authentication, operational and physical security, configuration management, testing, and life-cycle management.^[1] The first version of ISO/IEC 19790 was derived from the U.S. government computer security standard FIPS 140-2, Security Requirements for Cryptographic Modules.^[2]

As of March 2025^[update], the current version of the standard is ISO/IEC 19790:2025^[3] that replaced the previous versions, ISO/IEC 19790:2012^[4] and ISO/IEC 19790:2006,^[5] which are now obsolete.

Use of ISO/IEC 19790 is referenced in the U.S. government standard FIPS 140-3.^[6] As an ISO/IEC standard, access to it requires payment, typically on a per-user basis.^[6]

ISO/IEC 24759 is a related standard for the testing of cryptographic modules,^[7] the first version of which derived from NIST's Derived Test Requirements for FIPS PUB 140-2, Security Requirements for Cryptographic Modules.^[2]