VE 04
SECTION 4: FINITE STATE MODEL
AS.04.01The operation of the cryptographic module shall be specified using a
finite state (or equivalent) represented by a state transition diagram
and/or a state transition table. (The state transition diagram and/or state
transition table includes all operational and error states of the
cryptographic module, the corresponding transitions from one state to
another, the input events that cause transitions from one state to
another, and the output events resulting from transitions from one state
to another.)
Assessment:
AS.04.02The cryptographic module shall include the following operational and
error states:
Power on/off states. States for primary, secondary, or backup power.
These states may distinguish between power sources being applied to
the cryptographic module.
Crypto officer states. States in which the crypto officer services are
performed (e.g., cryptographic initialization and key management).
Key/CSP entry states. States for entering cryptographic keys and
CSPs into the cryptographic module.
User states. States in which authorized users obtain security services,
perform cryptographic operations, or perform other Approved or
non-Approved functions.
Self-test states. States in which the cryptographic module is
performing self-tests.
Error states. States when the cryptographic module has encountered
an error (e.g., failed a self-test or attempted to encrypt when missing
operational keys or CSPs). Error states may include "hard" errors that
indicate an equipment malfunction and that may require maintenance,
service or repair of the cryptographic module, or recoverable "soft"
errors that may require initialization or resetting of the module.
Note: This assertion is tested as part of AS04.05.
Assessment:
AS.04.03Recovery from error states shall be possible except for those caused by
hard errors that require maintenance, service, or repair of the
cryptographic module.
Assessment:
AS.04.04If the cryptographic module contains a maintenance role, then a
maintenance state shall be included.
Note: This assertion is tested as part of AS04.05.
Assessment:
AS.04.05Documentation shall include a representation of the finite state (or
equivalent) using a state transition diagram and/or state transition table
that shall specify:
* all operational and error states of the cryptographic module,
* the corresponding transitions from one state to another,
* the input events, including data inputs and control inputs, that cause
transitions from one state to another, and
* the output events, including internal module conditions, data
outputs, and status outputs resulting from transitions from one state to
Assessment:
VE.04.05.01
VE.04.05.01The vendor shall provide a description of the finite state model. This
description shall contain the identification and description of all states of
the module, and a description of all corresponding state transitions.
The descriptions of the state transitions shall include internal module
conditions, data inputs and control inputs that cause transitions from
one state to another, data outputs and status outputs resulting from
transitions from one state to another.