Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Cryptographic Algorithm Validation Program

CST Lab Transition

FY 2020 Transition from CAVS to ACVTS Testing

Transition Summary

NIST CAVP sent the email “CAVS retirement and transition to ACVTS in FY2020” to all accredited CST laboratories on 18 October 2019:

UPDATE 09 March 2020: There is a change to 5.a. below.  NIST CAVP will not do any cost recovery billing for ACVTS in FY 2020.  Algorithm validations using ACVTS will be free of charge until 01 October 2020.

 

Dear CSTLs,

In response to questions and requests from some of you, as well as a further review of our internal transition process, NIST CAVP have decided on the following:

 

  1. The CAVS retirement date is 30 June 2020.  No algorithm validations will be issued for CAVS test results submitted after 11:59 PM Eastern Time on 30 June 2020.  See below for additional requirements on using CAVS for validations.
     
  2. The Automated Cryptographic Validation Test System (ACVTS), i.e., NIST CAVP algorithm validation testing using the Automated Cryptographic Validation Protocol (ACVP), is operational now and is the recommended path for obtaining algorithm validations.  Starting 1 July 2020, ACVTS will be the only means of doing so.
     
  3. Upon reviewing the terms of the CRADA, we have determined that it only specifies cost recovery billing for ACVP vector sets, not for CAVS.  Therefore, NIST CAVP will not do any cost recovery billing for CAVS for the remainder of its lifetime.  In other words, CAVS testing will remain free.
     
  4. Be advised that CAVS will not be actively maintained and, as a result, the ACVTS will support testing for Approved (FIPS-approved and NIST recommended) algorithms that CAVS does not.  If an implementation has an Approved algorithm the ACVTS Prod server supports (that CAVS does not support), it must be tested using ACVTS.  Two clarifications:
     
    1. If a CAVS submission would require special processing, e.g., a request from the vendor/lab that failing test results be ignored because the implementation under test does not support certain input parameter lengths, but ACVTS handles the case natively, ACVTS must be used.
       
    2. If a FIPS 140-2 IG indicates that vendor affirmation is applicable for a particular Approved algorithm (and the IG transition end date has not passed), the vendor may choose either to test using ACVTS or vendor affirm.
       
  1. Because we recommend algorithm validation testing using the ACVTS and wish to encourage its use as early as possible, we have decided:
     
    1. To move the start date for cost recovery billing for ACVTS to 1 July 2020.  That is, algorithm validations using ACVTS will be free up until the CAVS retirement date.  SEE UPDATE AT TOP OF PAGE
       
    2. From 1 January 2020 until 30 June 2020, CAVS submissions will only be accepted from CST labs that have valid credentials on the ACVTS Prod server.  CST labs should go through the process of obtaining ACVTS Prod server credentials as soon as possible.  To summarize the phases of CAVS test submission:
       
      1. Until 31 Dec 2019:                    CAVS submissions accepted
      2. 1 Jan 2020 to 30 Jun 2020:   CAVS submissions accepted only if submitting lab has ACVTS Prod server credentials
      3. Beginning 1 Jul 2020:             CAVS submissions not accepted

Please let me know if you have questions on any of the above.

Best regards,
Tim Hall, CAVP Program Manager

 

 

ACVTS Testing for Algorithms not Supported by CAVS

As ACVP testing continues active development, testing for Approved algorithms (i.e., security functions) that are not supported by CAVS will become available.  Per (4.) above, if the ACVTS Prod server supports testing for an Approved algorithm that CAVS does not support, then any IUT that implements that Approved algorithm must be tested using ACVTS.  Per (4.b.), this requirement does not override or take precedence over a current FIPS 140-2 Implementation Guidance (IG) that allows for vendor affirmation of an Approved algorithm for the purposes of FIPS 140-2 module validation.

The table below lists algorithms not supported by CAVS for which ACVP testing is available on the ACVTS Prod server.  It indicates if there is a FIPS 140-2 IG that allows vendor affirmation or not.

Algorithm Name
(FIPS or NIST SP)
ACVTS Demo ACVTS Prod Vendor Affirmation
(IG #)
Notes
AES-CBC-CS (Addendum to NIST SP 800-38A) YES YES YES
(IG A.12)
 
PBKDF (NIST SP 800-132) YES YES YES
(IG D.6)
 
AES FF1 (NIST SP 800-38G) YES YES YES
(IG A.10)
 
cSHAKE, TupleHash, ParallelHash, KMAC (NIST SP 800-185) YES YES YES
(IG A.15)
 
RSA 4096 bit modulus (FIPS 186-4, NIST SP 800-131A Rev. 2) YES YES

NO

FIPS 186-2 4096-bit RSA tests in CAVS  (see IG G.18)
ANS X9.42-2001 KDF (NIST SP 800-135 Rev. 1) YES YES NO

May use ANS X9.63-2001 KDF testing in CAVS (is equivalent)

ECDSA, EdDSA, RSA (Draft FIPS 186-5, Request for Comment) YES NO NO NIST-recommended elliptic curves in Draft NIST SP 800-186
KAS IFC (NIST SP 800-56B Rev. 2) YES YES

YES
(IG D.4)

 
KAS-SSC FFC/ECC (NIST SP 800-56A Rev. 3) YES YES

YES

(IG D.1-rev3)

 
Key-Derivation Methods in Key-Establishment Schemes (NIST SP 800-56C Rev. 1) YES YES

YES

(IG D.10)

KDFs used with schemes in 56A Rev. 3 and 56B Rev. 2.

Created October 05, 2016, Updated March 20, 2020