Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Cryptographic Algorithm Validation Program

CST Lab Transition

FY 2020 Transition from CAVS to ACVTS Testing

Transition Summary

NIST CAVP sent the email “CAVS retirement and transition to ACVTS in FY2020” to all accredited CST laboratories on 18 October 2019:

 

Dear CSTLs,

In response to questions and requests from some of you, as well as a further review of our internal transition process, NIST CAVP have decided on the following:

 

  1. The CAVS retirement date is 30 June 2020.  No algorithm validations will be issued for CAVS test results submitted after 11:59 PM Eastern Time on 30 June 2020.  See below for additional requirements on using CAVS for validations.
     
  2. The Automated Cryptographic Validation Test System (ACVTS), i.e., NIST CAVP algorithm validation testing using the Automated Cryptographic Validation Protocol (ACVP), is operational now and is the recommended path for obtaining algorithm validations.  Starting 1 July 2020, ACVTS will be the only means of doing so.
     
  3. Upon reviewing the terms of the CRADA, we have determined that it only specifies cost recovery billing for ACVP vector sets, not for CAVS.  Therefore, NIST CAVP will not do any cost recovery billing for CAVS for the remainder of its lifetime.  In other words, CAVS testing will remain free.
     
  4. Be advised that CAVS will not be actively maintained and, as a result, the ACVTS will support testing for Approved (FIPS-approved and NIST recommended) algorithms that CAVS does not.  If an implementation has an Approved algorithm the ACVTS Prod server supports (that CAVS does not support), it must be tested using ACVTS.  Two clarifications:
     
    1. If a CAVS submission would require special processing, e.g., a request from the vendor/lab that failing test results be ignored because the implementation under test does not support certain input parameter lengths, but ACVTS handles the case natively, ACVTS must be used.
       
    2. If a FIPS 140-2 IG indicates that vendor affirmation is applicable for a particular Approved algorithm (and the IG transition end date has not passed), the vendor may choose either to test using ACVTS or vendor affirm.
       
  1. Because we recommend algorithm validation testing using the ACVTS and wish to encourage its use as early as possible, we have decided:
     
    1. To move the start date for cost recovery billing for ACVTS to 1 July 2020.  That is, algorithm validations using ACVTS will be free up until the CAVS retirement date.
       
    2. From 1 January 2020 until 30 June 2020, CAVS submissions will only be accepted from CST labs that have valid credentials on the ACVTS Prod server.  CST labs should go through the process of obtaining ACVTS Prod server credentials as soon as possible.  To summarize the phases of CAVS test submission:
       
      1. Until 31 Dec 2019:                    CAVS submissions accepted
      2. 1 Jan 2020 to 30 Jun 2020:   CAVS submissions accepted only if submitting lab has ACVTS Prod server credentials
      3. Beginning 1 Jul 2020:             CAVS submissions not accepted

Please let me know if you have questions on any of the above.

Best regards,
Tim Hall, CAVP Program Manager

 

 

ACVTS Testing for Algorithms not Supported by CAVS

As ACVP testing continues active development, testing for Approved algorithms (i.e., security functions) that are not supported by CAVS will become available.  Per (4.) above, if the ACVTS Prod server supports testing for an Approved algorithm that CAVS does not support, then any IUT that implements that Approved algorithm must be tested using ACVTS.  Per (4.b.), this requirement does not override or take precedence over a current FIPS 140-2 Implementation Guidance (IG) that allows for vendor affirmation of an Approved algorithm for the purposes of FIPS 140-2 module validation.

The table below lists algorithms not supported by CAVS for which ACVP testing is available on the ACVTS Prod server.  It indicates if there is a FIPS 140-2 IG that allows vendor affirmation or not.

Algorithm Name
(FIPS or NIST SP)
ACVTS Demo ACVTS Prod Vendor Affirmation
(IG #)
Notes
AES-CBC-CS (Addendum to NIST SP 800-38A) YES YES YES
(IG A.12)
 
PBKDF (NIST SP 800-132) YES YES YES
(IG D.6)
 
AES FF1 (NIST SP 800-38G) YES YES YES
(IG A.10)
 
cSHAKE, TupleHash, ParallelHash, KMAC (NIST SP 800-185) YES YES YES
(IG A.15)
 
RSA 4096 bit modulus (FIPS 186-4, NIST SP 800-131A rev2) YES YES

NO

FIPS 186-2 4096-bit RSA tests in CAVS  (see IG G.18)
ANS X9.42-2001 KDF (NIST SP 800-135, rev1) YES YES NO

May use ANS X9.63-2001 KDF testing in CAVS (is equivalent)

DSA SigGen Component (FIPS 186-4) YES YES NO Not an Approved security function
Randomized hashing for digital signatures (NIST SP 800-106) YES YES NO Not recognized as a security function.  Allowed per IG 1.23
ECDSA, EdDSA, RSA (Draft FIPS 186-5, Request for Comment) YES NO NO NIST-recommended elliptic curves in Draft NIST SP 800-186
KAS IFC (NIST SP 800-56B, rev2) YES NO

YES
(IG D.4)

 

Created October 05, 2016, Updated November 22, 2019