Levels and Standards of Physical Security for Electronic Hardware

Government Standards

Related Information:
NSA IAP
CESG CAPS
FIPS 140-2 Standard

Commercial Standards

The Common Criteria Project

The Common Criteria structure provides great flexibility in the specification of secure products. Consumers and other parties can specify the security functionality of a product in terms of standard protection profiles, and independently select the evaluation assurance level from a defined set of seven increasing Evaluation Assurance Levels, from EAL1 up to EAL7.

The Seven EALs are as follows:

• EAL1 - functionally tested
• EAL2 - structurally tested
• EAL3 - methodically tested and checked
• EAL4 - methodically designed, tested and reviewed
• EAL5 - semiformally designed and tested
• EAL6 - semiformally verified design and tested
• EAL7 - formally verified design and tested

Read more about the Common Criteria Project >

VISA / Payment Card Industry (PCI) Standards

To gain approval from VISA, vendors of Point of Sale PIN Entry Devices (POS PED’s) must demonstrate compliance to the PCI Encrypting PIN Pad Security Requirements.

Effective October 1, 2005, all newly deployed Encrypting PIN pads, including replacements or those in newly deployed ATMs, must have passed testing by a PCI-recognized laboratory and have been approved by VISA. PCI’s POS PIN Entry Device Security Requirements 1.x is currently in effect. Version 2 will become effective and mandatory to use for new evaluations beginning April 1, 2008.