Critical security parameter

(also CSP)

Critical security parameter definition

A critical security parameter is data that is essential to the secure operation of a cryptographic module.

The loss, compromise, or unauthorized disclosure of a CSP weakens the security of a cryptographic module, so CSPs require stringent protection.

Cryptographic keys. Private keys, public keys, and symmetric keys. They are used in encryption, decryption, digital signatures, and other cryptographic operations.
Seed values. These initial values generate a sequence of random or pseudorandom numbers used for generating cryptographic keys.
PINs. PINs authenticate users in various systems, especially common in banking.
Passwords and passphrases. Used for accessing cryptographic modules, encrypting keys, or authenticating users.
Secret and private key components. Parts of a cryptographic key that — when combined — reconstruct the original key.
Digital certificates. Used in public key infrastructure (PKI), these certificates verify the ownership of a public key.
Security policies configuration data. Configuration settings that control the operation of a cryptographic module: algorithms, key lengths, and modes of operation.
Cryptographic seed material. Used to derive keys and other cryptographic parameters.
Initialization vectors (IVs) and nonces. Used in certain encryption modes to ensure that the same plaintext will not result in the same ciphertext when encrypted multiple times.
Biometric templates. Systems that use biometrics for authentication consider stored biometric data a CSP.