Critical Security Parameter

What Does Critical Security Parameter Mean?

A critical security parameter (CSP) is data using a cryptography module to process encryption functions. Data includes passwords, security codes, cryptographic keys, personal identification numbers (PIN) and any other unprotected security information.


Established information security rules protect CSPs, which are only accessible from authorized computer systems. CSPs obtained by unauthorized users pose security threats.

Techopedia Explains Critical Security Parameter

The Federal Information Processing Standards (FIPS) 140 series are computer security specifications and requirements for cryptography modules. In May 2001, the most recent version was issued as FIPS 140-2.

FIPS 140-2 is comprised of four security levels, as follows:

  • Level 1: Has limited cryptographic module security requirements but no physical security
  • Level 2: Dictates physical security, e.g., tamper-resistant measures and plain text evidence for cryptographic keys and CSPs
  • Level 3: Adds physical security to prevent CSP access within the cryptographic module, as well as CSP zeroization after opening the module
  • Level 4: Provides the most robust cryptographic module security

Related Terms

Margaret Rouse

Margaret is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages.