Defining a sample template for governmental procurements of cryptographic products

Abstract

It is a well-known truth that nobody can easily find a law, act, directive, code or a publicly available technical specification which describe crytopgraphic-based security systems and/or cryptographic modules in Turkey. Besides that, from the international aspect, the only government released standarts take place in the "Federal Information Standarts Publication (FIPS) 140-2", published by United States "National Institute of Standarts and Technology (NIST)" on May 25th, 2001 (which became the international standart after Final Commitee Document accepted as "ISO/IEC 19790:2006" on March 9th, 2006) which specifies the security requirements that should be satisfied by a cryptographic module.Since the protection of sensitive and valuable (sometimes lifecritical) data transfered via critical governmental cryptographic systems is very important and requires high confidentiality, the need for defining a sample template technical specification of those cryptographic systems is that much high.The sample template specification which is made up in this study aims to be a starting point or initiative for preparing a cryptographic module specification in governmental procurements.