Cryptographic Module Validation Program CMVP

Implementation Guidance Announcements

2020

 

[08-26-2020] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • New Guidance:
    • IG 7.19 Interpretation of SP 800-90B Requirements
  • Updated Guidance
    • Incorporated algorithm transition dates where testing is now supported by the CAVP (IGs G.20, A.12, A.15, D.1rev2, D.1rev3, D.6, D.8, D.9, D.10)

[08-12-2020] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • New Guidance:
    • IG G.20: Tracking the Component Validation List
  • Updated Guidance:
    • IG G.13 Instructions for Validation Information FormattingAdded approved Key Agreement examples for compliance to SP 800-56Brev2 or SP 800-56Arev3.  Added additional non-approved but allowed MQV examples.  Added an example and two notes for the tested KDA (SP 800-56C Rev1/Rev2).  Moved a paragraph from the top of Section 10 to the middle as it fits more logically.  Small changes to footnotes for additional clarity.
    • IG 7.8 The Use of Post-Processing in Key Generation MethodsMinor update to address the second revision of SP 800-133.
    • IG A.10 Requirements for Vendor Affirmation of SP 800-38GRemoved the allowance to vendor affirm the FF3 mode.  Added a paragraph in the Background to explain the FF3 vulnerability and the draft of SP 800-38Grev1.  Added a transition end date for vendor affirming to FF1.  Moved two additional comments into the Resolution section.  Added two additional comments (4, 5) to address FF1 testing (4) and what happens when SP 800-38Grev1 is published (5).
    • IG D.1rev3 CAVP Requirements for Vendor Affirmation to SP 800-56A Rev3 and the Transition from the Validation to the Earlier Versions of This StandardRevised with new SP 800-56Arev3 transition schedule.
    • IG D.8 Key Agreement MethodsRevised with new SP 800-56Arev3 transition schedule.  Specified transition rules when complying to the original SP 800-56B.  Updated with guidance on CAVP testing options, self-test requirements, and documentation requirements when implementing SP 800-56Arev3 (scenario X1) or SP 800-56Brev2 (scenario 2) key agreement schemes.
    • IG D.9 Key Transport MethodsClarified the self-test description based on lab comments. 
    • IG D.12 Requirements for Vendor Affirmation to SP 800-133Updated to address the second revision of SP 800-133.  Updated Additional Comment #1 to account for the case where post processing is applied.

 

[06-29-2020] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • Updated Guidance:

 

  • IG G.8 Revalidation Requirements – Made it clear in the Resolution that all scenarios must be processed and submitted to the CMVP by a CST Laboratory.  Modified Scenario 1 to prevent allowing security relevant functions or services that were not tested but testing was available during the original validation (this should be a 3sub). Added language to Scenario 1 indicating a no-cost ECR may be applicable.  Added a requirement to include an up-to-date entropy report for Scenario 1 (4) - adding new OE’s to the module certificate - after November 7, 2020.  Added a new requirement to Scenario 2 to submit an IG summary table as part of the change letter.  Added language to make it clear that an up-to-date entropy report is required for Scenario 2 submissions, if applicable per IG 7.14. 
  • IG G.13 Instructions for Validation Information Formatting – Added missing KMAC and SHA-3-Customized (IG A.15) to the list of approved algorithms with footnotes to explain each of them.  Added approved algorithm examples for compliance to SP 800-56Brev2.
  • IG 9.4 Known Answer Tests for Cryptographic Algorithms – Added bullet #3 under the RSA algorithm to address IG D.9 self-test requirements.
  • IG A.5 Key/IV Pair Uniqueness Requirements from SP 800-38D – Introduced Scenario 5 which allows the vendor to extend the industry protocol-specific cases of Scenario 1.  Added version numbers to the protocol references mentioned throughout this IG.
  • IG D.9 Transport Methods – Introduced support for compliance to SP 800-56Brev2 and provided transition rules for compliance to the original SP 800-56B or non-compliance to any version of SP 800-56B.  Clarified self-test requirements for SP 800-56Br2 compliance.
  •  

Back to Top


2019

 

[12-03-2019] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • Updated Guidance:
  • IG G.8 Revalidation Requirements – Removed “rev1” from a reference to SP 800-131A to apply to any revision of this standard.
  • IG G.13 Instructions for Validation Information Formatting – Added KAS-SSC (IG D.8) and KDA (IG D.10) to the list of approved algorithms with footnotes to explain each of them.  Added a KTS example and footnote for AES that uses different certificate numbers for encryption and authentication.  Added footnotes in the Allowed algorithms section to explain the reference to SP 800-56C and SP 800-56C Rev1.  A footnote for the EC DiffieHellman entry has been clarified to reference IG D.8 applicable scenarios.
  • IG G.18 Limiting the Use of FIPS 186-2 – Extended the transition date to two months after ACVP Transition Date.  Clarified which modules will be moved to the historical list, and the methods to remain on (or be moved back to) the active list.
  • IG 7.16 Acceptable Algorithms for Protecting Stored Keys and CSPs – Added an Additional Comment about the general SP 800-131A notation.
  • IG 7.18 Entropy Estimation and Compliance with SP 800-90B  – Updated to explain the validation rules for the modules which receive their entropy from an embedded module.
  • IG 9.8 Continuous Random Number Generator Tests  – Small formatting corrections and updated for consistency with SP 800-90B.
  • IG 9.9 Pair-Wise Consistency Self-Test When Generating a Key Pair – Cleaned up wording when referencing individual sections in each version of SP 800-56A.
  • IG A.2 Use of non-NIST-Recommended Asymmetric Key Sizes and Elliptic Curves – Introduced SP 800-56A Rev3 and scenario X2 of IG D.8.
  • IG A.5 Key/IV Pair Uniqueness Requirements from SP 800-38D  – Introduced compliance methods for SSH protocol AES GCM IV generation.  Added a reference to SP 800-52 Rev 2 in the TLS protocol IV generation section.
  • IG A.8 Use of Truncated HMAC – Changed the IG title: removing a reference to HMACSHA-1, as this IG also applies to other forms of HMAC.  Added an Additional Comment about the general SP 800-131A notation.
  • IG A.14 Approved Modulus Sizes for RSA Digital Signature and Other Approved Public Key Algorithms – Accounted for the existence of the different revisions of SP 800-56A (older revisions perform the key agreement while the newer revisions only a shared secret computation).  Accommodated SP 800-131A Rev2.  Addressed an approval of all RSA key transport modulus sizes ≥ 2048 bits.  Changed the non-approved elliptic curve reference from FIPS 186-4 to IG A.2.
  • D.1-rev3 CAVP Requirements for Vendor Affirmation to SP 800-56A Rev3 and the Transition from the Validation to the Earlier Versions of This Standard  – Removed “to be published soon” from SP 800-131 rev1 reference.
  • D.2 Acceptable Key Establishment Protocols  – Changed a reference for the key generation methods from IG 7.8 to SP 800-133.
  • D.3 Assurance of the Validity of a Public Key for Key Establishment  – Updated outdated text and provisions.  Added additional comment 1 and 3 for clarity on newer standard revisions for SP 800-56A and SP 800-56B.  Additional comments: removed unnecessary text and turned remaining text into additional comment 2.
  • D.12 Requirements for Vendor Affirmation to SP 800-133  – Updated to the new revision of SP 800-133. Updated language to clarify when CKG terminology is applicable.
  • D.13 Elliptic Curves and the MODP Groups in Support of Industry Protocols – Reworked the Resolution section to say that the use of safe primes is now approved.  Explained that in each safe-prime triple (p, q, g) currently used in the IETF protocols, g is equal to 2.  Changed additional comment reference from SP 800-56A Rev2 to Rev3.  Eliminated altogether a reference to SP 800-131A

 

[10-23-2019] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • ​​​​New Guidance:
    • IG G.19 Operational Equivalency Testing for HW Modules

[08-16-2019] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • ​​​​New Guidance:
    • IG G.18 Limiting the Use of FIPS 186-2
    • IG D.1-rev3 CAVP Requirements for Vendor Affirmation to SP 800-56A Rev3 and the Transition from the Validation to the Earlier Versions of This Standard
  • Updated Guidance:
    • IG G.8 Revalidation Requirements – Updated Scenario 3A to permit a 3A submission to incorporate a Scenario 1 (non-security relevant) changes to be submitted as a single package.
    • IG 9.4 Known Answer Tests for Cryptographic Algorithms - Added a requirement in the symmetric-key algorithms section to self-test the forward and inverse cipher functions (if implemented by the module). Corrected the authenticated encryption mode hierarchy since item 2 (AES KW) testing should not cover item 3 (Triple-DES KW). Clarified how to meet the requirements of the bullets #1-#4 and how they relate to each other. Updated the Additional Comments paragraph to clarify when the PCT applies for an asymmetric key generation implementation.
    • IG D.8 Key Agreement Methods – Incorporated vendor affirmation to SP 800-56Arev3 and the new IG D.1rev3 into this IG.
    • IG D.10 Requirements for Vendor Affirmation of SP 800-56C - Updated to allow for vendor affirming to SP 800-56Crev1.

[05-07-2019] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • ​​​​New Guidance:
    • IG 7.18 - Entropy Estimation and Compliance with SP 800-90B
  • Updated Guidance:
    • IG G.13 - Instructions for Validation Information Formatting - Added the new "ENT" entry for 90B compliant modules per IG 7.18 Entropy Estimation and Compliance with SP 800-90B.
    • IG 7.14 - Entropy Caveats - Added additional comment #5 to address the caveat required when a module generates random strings that are not keys, or generates both strings and keys. Added additional comment #6 to address the case where two entropy caveats can be applied, but only the stronger caveat is required.
    • IG 7.15 - Entropy Assessment - Added a reference to the IG 7.18 Entropy Estimation and Compliance with SP 800-90B.

 

[02-07-2019] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • Updated Guidance:
    • IG 2.1 - Updated to allow enforcement of the Trusted Path by applying cryptographic protection.  Updated to explain the applicability of FIPS 140-2 Sections 4.2 and 4.7 to the input and output requirements for keys and CSPs. Updated documentation requirements when claiming the Trusted Path.

For older announcements, see the FIPS 140-2 Announcements Archive.

Back to Top

Created October 11, 2016, Updated October 16, 2020