Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST Requests Public Comments on SP 800-38B and SP 800-38C | CMAC and CCM Block Cipher Modes of Operation
June 14, 2024

NIST maintains its cryptography standards and guidelines using a periodic review process.  

Currently, we are reviewing the following publications:

NIST requests feedback on all aspects of these publications. Additionally, NIST would appreciate feedback on the guidance for CMAC and CCM authentication tag lengths.  Currently, both publications recommend a minimum tag length of 64 bits.

  • Should these publications require that the authentication tags for CMAC and CCM meet a minimum threshold, such as 64 bits or more?
  • If not, what conditions/requirements on implementations should be specified for the use of shorter authentication tags for CMAC and CCM?

The public comment period is open through September 13, 2024. Comments may address the concerns raised in this announcement or other issues around security, implementation, clarity, risk, or relevance to current applications.

Send comments to with “Comments on SP 800-38B" or “Comments on SP 800-38C” in the subject. 

Comments received in response to this request will be posted on the Crypto Publication Review Project site after the due date. Submitters’ names and affiliations (when provided) will be included, while contact information will be removed. See the project site for additional information about the review process.

Related Topics

Security and Privacy: authentication, encryption

Activities and Products: standards development

Created June 14, 2024