According to the IBM/Ponemon Institute report, the average total cost of data breaches in 2024 was $4.88 million. Data breaches in the healthcare industry were the costliest at $9.77 million, on average, versus $6.08 million for financial services. A lack of security threatens to expose data and data models to breaches. Fortunately, when implementing cryptographic models, businesses can secure communication and information in transit, preventing it from being read by untrusted parties. ISO/IEC 19790:2025—Information security, cybersecurity and privacy protection – Security requirements for cryptographic modules establishes security requirements for cryptographic modules.
Importance of Cryptographic Mechanisms
In information technology, there is an ever-increasing need to use cryptography: the practice of coding information to ensure that only the person that the message was intended for can read and process that information. Cryptography uses algorithms and mathematical concepts to transform messages into difficult-to-decipher codes through techniques like cryptographic keys and digital signing to protect data privacy, credit card transactions, email, and web browsing.
Cryptographic mechanisms refer to methods that use encryption techniques to protect data and ensure secure communication by making information unreadable without the correct key. Cryptographic mechanisms are paramount in not only safeguarding the confidentiality, integrity, reliability, and authenticity of data from unauthorized access but also retaining customers. The “Hiscox Cyber Readiness Report 2024” showed that 43% of organizations lost existing customers because of cyberattacks.
The security and reliability of such mechanisms are directly dependent on the cryptographic modules in which they are implemented, and as such, ISO/IEC 19790:2025 provides the security requirements for implementing cryptographic modules.
ISO/IEC 19790:2025 specifies the security requirements for a cryptographic module utilized within a security system protecting sensitive information in Information and Communication Technologies (ICT). This international standard provides four increasing qualitative levels of security requirements intended to cover a wide range of potential applications and environments. The security requirements cover areas relative to the design and implementation of a cryptographic module. These areas include:
Cryptographic module specification
Cryptographic module interfaces
Roles, services, and authentication
Software/firmware security
Operational environment
Physical security
Non-invasive security
Sensitive security parameter management
Self-tests
Life-cycle assurance
Mitigation of other attacks
Conformity with ISO/IEC 19790:2025is not sufficient to assure that a module is secure or that the security provided by the module is sufficient and acceptable to the owner of the information that is being protected.
Information Security Requirements
Information security requirements include encryption, risk management, vulnerability management, and more. These requirements are intended to protect the confidentiality, integrity, and availability of data. Information security requirements vary for different applications. As such, organizations should identify their information resources and determine the sensitivity to and the potential impact of a loss by implementing appropriate controls.
ISO/IEC 19790:2025 specifies that controls include, but are not limited to:
Physical and environmental controls
Access controls
System security maintenance and patch management
Backup and contingency plans
Information and data controls.
The standard notes that these controls are only as effective as the administration of appropriate security policies and procedures within the operational environment.
The homes of the first American settlers of the mid-1600s were almost completely built from logs. These early dwellings had an open-plan interior, and a single fireplace served as a heater and a stove. Today’s homes have drastically advanced from log cabins in terms of building, plumbing, mechanical, fuel gas, and electrical requirements. As such, the 2024 International Residential Code (ICC IRC-2024) exists to set the requirements for building, plumbing, mechanical, fuel gas, energy conservation, and electrical of one- and two-family dwellings and townhouses up to three stories.
What Is the International Residential Code (IRC)?
The IRC was created to serve as a complete, comprehensive code regulating the construction of single-family houses, two-family houses (duplexes) and buildings consisting of three or more townhouse units. This code is used as the basis for laws and regulations in many communities in the US and other countries. The IRC is intended to be adopted in accordance with the laws and procedures of a governmental jurisdiction. As a model code, the IRC is adopted in 48 states.
The IRC is founded on broad-based principles that make possible the use of new materials and new building designs. All buildings within the scope of the IRC are limited to three stories above grade plane. For example, a four-story single-family house would fall within the scope of the International Building Code (IBC), not the IRC.
The 2024 International Residential Code (ICC-IRC 2024) establishes requirements for one- and two-family dwellings and townhouses using prescriptive provisions. This code details the minimum requirements to provide a reasonable level of safety, health and general welfare through affordability, structural strength, means of egress, stability, sanitation, light and ventilation, energy conservation, and safety to life and property from fire and other hazards and to provide a reasonable level of safety to firefighters and emergency responders during emergency operations.
As such, ICC-IRC 2024 contains coverage for all components of a house or townhouse, including structural components, fireplaces and chimneys, thermal insulation, mechanical systems, fuel gas systems, plumbing systems, and electrical systems. This document is available to anyone, including architects, builders, engineers, and code official. This digital version of the code makes it easy for users to see any technical revisions: a QR code is placed at the beginning of any section that has undergone technical revision, and if there no QR code, there are no technical changes to that section. The use of QR codes allow users to identify changes more precisely.
The International Code Council (ICC) is a leading organization dedicated to developing a single set of comprehensive, coordinated national model construction codes. The ICC develops model codes that are widely adopted by local jurisdictions to ensure the construction of safe, sustainable, and affordable buildings. Essentially, the ICC provides a consistent set of regulations for building construction, promoting public safety through standardized codes and practices.
How Does the ICC Develop Codes?
The code development process regularly provides an international forum for building professionals to discuss requirements for building design, construction methods, safety, performance, technological advances and new products. As such, the ICC has developed partnerships with key industry segments that support the ICC’s important public safety mission, ensuring that organizations with a direct and material interest in the codes have a voice in the code development process. Here are some the ICC’s industry partners:
American Gas Association (AGA)
American Institute of Architects (AIA)
American Society of Plumbing Engineers (ASPE)
International Association of Fire Chiefs (IAFC)
National Association of Home Builders (NAHB)National Association of State Fire Marshals (NASFM)
National Council of Structural Engineers Association (NCSEA)
National Multifamily Housing Council (NMHC)
Plumbing Heating and Cooling Contractors (PHCC)
Pool and Hot Tub Alliance (PHTA), formerly The Association of Pool and Spa Professionals (APSP)
