Cryptographic Module Validation Program CMVP

Programmatic Transitions

Algorithm Related Transitions

Algorithm/Scheme

Standard

Relevant IG(s)[1]

ACVTS Prod Date[2]

Submission Date[3]

AES-CBC-CS

Addendum to SP 800-38A

FIPS 140-2: A.12

Prior to June 30, 2020

September 1, 2020

AES FF1

SP 800-38G

FIPS 140-2: A.10

Prior to June 30, 2020

September 1, 2020

cSHAKE, TupleHash, ParallelHash, KMAC

SP 800-185

FIPS 140-2: A.15

Prior to June 30, 2020

September 1, 2020

RSA 4096 bit modulus[4]

FIPS 186-4SP 800-131A Rev. 2

FIPS 140-2: G.18

Prior to June 30, 2020

September 1, 2020

Higher level algorithms using FIPS 202 functions[5]

 

FIPS 140-2: A.11

FIPS 140-3: C.C

Prior to June 30, 2020

September 1, 2020

ANS X9.42-2001 KDF

SP 800-135 Rev. 1

FIPS 140-2: G.20

FIPS 140-3: 2.4.B

Prior to June 30, 2020

September 1, 2020

ENT

SP 800-90B

FIPS 140-2: 7.18, 7.19

FIPS 140-3: D.J, D.K

N/A

November 7, 2020[6]

PBKDF

SP 800-132

FIPS 140-2: D.6

FIPS 140-3: D.N

Prior to June 30, 2020

December 31, 2020

KAS-RSA or KAS-RSA-SSC IFC

SP 800-56B Rev. 2

FIPS 140-2: D.8

FIPS 140-3: D.F

September 30, 2020

December 31, 2020

KTS-RSA IFC

SP 800-56B Rev. 2

FIPS 140-2: D.9

FIPS 140-3: D.G

September 30, 2020

December 31, 2020

KAS or KAS-SSC DLC (FFC or ECC)

SP 800-56A Rev. 3

FIPS 140-2: D.1-rev3, D.8

FIPS 140-3: D.F

September 30, 2020

December 31, 2020

KDA[7]

SP 800-56C Rev. 1 (Withdrawn), SP 800-56C Rev. 2

FIPS 140-2: D.10

September 30, 2020

December 31, 2020

TLS 1.3 KDF

RFC 8446 - Sections 4.4.1 and 7.1

FIPS 140-2: G.20

FIPS 140-3: 2.4.B

Still on Demo

December 31, 2020

ECDSA, EdDSA, RSA

FIPS 186-5 (RFC), SP 800-186 (Draft)

TBD

Still on Demo

TBD

 

[1] Most algorithm self-test requirements are in IG 9.4 (for FIPS 140-2) and IG 10.3.A (for FIPS 140-3).

[2] Date in which the algorithm was moved onto the ACVTS production server.

[3] After this date, module submissions that modify or add the sunset date must CAVP test the applicable algorithm(s) that are used in an approved mode and perform the required self-tests.  For FIPS 140-3 submissions, algorithms that show a Submission Date on or before December 31, 2020 are immediately transitioned rather than following the date listed in this table.

[4] This entry represents an addition of the RSA 4096-bit modulus testing to FIPS 186-4 (e.g. KeyGen, SigGen, SigVer).

[5] Not all higher-level algorithms support CAVP testing using FIPS 202 functions.  Therefore, this table may need to be updated in the future.

[6] SP 800-90B compliance is required after November 7, 2020 for FIPS 140-2.  This entry will be updated once ENT certification becomes available. 

[7] This includes the HKDF which is compliant to SP 800-56C (Rev.1 and Rev.2) and separately CAVP testable.

Algorithm/Scheme

Standard

Relevant IG(s)

Submission Date[1]

Historical Date[2]

FIPS 186-2 RSA Key Gen or Sig Gen[3]

FIPS 186-2 (Withdrawn)SP 800-131A Rev. 2

FIPS 140-2: G.18

FIPS 140-3: N/A

August 31, 2020

September 1, 2020

RSA-based KAS or KTS compliant to SP 800-56B

SP 800-56B (Withdrawn)[4]

FIPS 140-2: D.4, D.8, D.9

FIPS 140-3: N/A

December 31, 2020

January 1, 2024

RSA-based key transport schemes that are not compliant to either SP 800-56B or SP 800-56B Rev. 2

 

FIPS 140-2: Allowed per D.9

FIPS 140-3: N/A

December 31, 2020

January 1, 2024

RSA-based key transport schemes that only use PKCS#1-v1.5 padding[5]

RFC 2313 Section 8.1

Allowed per

FIPS 140-2: D.9

FIPS 140-3: D.G

December 31, 2023

January 1, 2024

DLC-based KAS compliant to SP 800-56A

SP 800-56A Revised (Withdrawn)

FIPS 140-2: D.8

FIPS 140-3: N/A

December 31, 2020

January 1, 2022

DLC-based KAS compliant to SP 800-56A Rev. 2

SP 800-56A Rev. 2 (Withdrawn)[6]

FIPS 140-2: D.1rev2

FIPS 140-3: N/A

December 31, 2020

January 1, 2022

Key agreement schemes that are not compliant with any version of SP 800-56A

 

FIPS 140-2: D.8

FIPS 140-3: N/A

December 31, 2020

January 1, 2022

Triple-DES encryptions[7]

SP 800-67 Rev. 2, SP 800-131A Rev. 2

 

December 31, 2023

January 1, 2024

 

[1] The last date that a module that implements this algorithm in the approved mode can be submitted to the CMVP.  Submissions that do not modify or add a sunset date can still be submitted after this date.

[2] Date in which modules that implement these algorithms in an approved mode will be moved to the historical list.

[3] Per IG G.18, this includes modules that were CAVP tested for FIPS 186-2 RSA SigGen with modulus size lower than 4096 or FIPS 186-2 RSA KeyGen of any modulus size.

[4] Vendor affirmed, as testing for this algorithm is not available.

[5] Not compliant to SP 800-56B Rev. 2.

[6] Vendor affirmed, as testing for this algorithm is not available.

[7] Triple-DES decryptions are approved beyond this date for “Legacy Use”.

 

Created October 11, 2016, Updated October 16, 2020