U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cryptographic Module Validation Program CMVP

Programmatic Transitions

Algorithm Related Transitions

Algorithm/Scheme

Standard

Relevant IG(s)[1]

ACVTS Prod Date[2]

Submission Date[3]

AES-CBC-CS

Addendum to SP 800-38A

FIPS 140-2: A.12

Prior to June 30, 2020

September 1, 2020

AES FF1

SP 800-38G

FIPS 140-2: A.10

Prior to June 30, 2020

September 1, 2020

cSHAKE, TupleHash, ParallelHash, KMAC

SP 800-185

FIPS 140-2: A.15

Prior to June 30, 2020

September 1, 2020

RSA 4096 bit modulus[4]

FIPS 186-4SP 800-131A Rev. 2

FIPS 140-2: G.18

Prior to June 30, 2020

September 1, 2020

Higher level algorithms using FIPS 202 functions[5]

 

FIPS 140-2: A.11

FIPS 140-3: C.C

Prior to June 30, 2020

September 1, 2020

ANS X9.42-2001 KDF

SP 800-135 Rev. 1

FIPS 140-2: G.20

FIPS 140-3: 2.4.B

Prior to June 30, 2020

September 1, 2020

ENT

SP 800-90B

FIPS 140-2: 7.18, 7.19

FIPS 140-3: D.J, D.K

N/A

November 7, 2020[6]

PBKDF

SP 800-132

FIPS 140-2: D.6

FIPS 140-3: D.N

Prior to June 30, 2020

December 31, 2020

KAS-RSA or KAS-RSA-SSC IFC

SP 800-56B Rev. 2

FIPS 140-2: D.8

FIPS 140-3: D.F

September 30, 2020

December 31, 2020

KTS-RSA IFC

SP 800-56B Rev. 2

FIPS 140-2: D.9

FIPS 140-3: D.G

September 30, 2020

December 31, 2020

KAS or KAS-SSC DLC (FFC or ECC)

SP 800-56A Rev. 3

FIPS 140-2: D.1-rev3, D.8

FIPS 140-3: D.F

September 30, 2020

December 31, 2020[7]

KDA[8]

SP 800-56C Rev. 1 (Withdrawn), SP 800-56C Rev. 2

FIPS 140-2: D.10

September 30, 2020

December 31, 2020

TLS 1.3 KDF

RFC 8446 - Sections 4.4.1 and 7.1

FIPS 140-2: G.20

FIPS 140-3: 2.4.B

January 22, 2021 June 30, 2021

ECDSA, EdDSA, RSA

FIPS 186-5 (RFC), SP 800-186 (Draft)

TBD

Still on Demo

TBD

Table updated Jan 26, 2021

[1] Most algorithm self-test requirements are in IG 9.4 (for FIPS 140-2) and IG 10.3.A (for FIPS 140-3).

[2] Date in which the algorithm was moved onto the ACVTS production server.

[3] After this date, module submissions that modify or add the sunset date must CAVP test the applicable algorithm(s) that are used in an approved mode and perform the required self-tests.  For FIPS 140-3 submissions, algorithms that show a Submission Date on or before December 31, 2020 are immediately transitioned rather than following the date listed in this table.

[4] This entry represents an addition of the RSA 4096-bit modulus testing to FIPS 186-4 (e.g. KeyGen, SigGen, SigVer).

[5] Not all higher-level algorithms support CAVP testing using FIPS 202 functions (e.g. DRBG, DSA, all CVL KDFs besides ANS x9.42, RSA).  This date applies to the following higher-level algorithms (unless the algorithm itself has a later transition date) which do support FIPS 202 functions: ECDSA, HKDF, HMAC, KAS/KAS-RSA/SSC (SP 800-56Arev3 and SP 800-56Brev2), KBKDF, ANS x9.42 CVL, PBKDF.  This table may need to be updated in the future.

[6] SP 800-90B compliance is required after November 7, 2020 for FIPS 140-2.  This entry will be updated once ENT certification becomes available.  In addition, this date is applicable to the vetted conditioning components specified in SP 800-90B section 3.1.5.1.1 which must be CAVP tested if implemented as part of an approved SP 800-90B compliant ENT.

[7] This date is applicable to the Safe Primes Groups as specified in SP 800-56Arev3 Appendix D which must be CAVP tested if implemented as part of an approved SP 800-56Arev3 compliant KAS.

[8] This includes the HKDF which is compliant to SP 800-56C (Rev.1 and Rev.2) and separately CAVP testable.

Algorithm/Scheme

Standard

Relevant IG(s)

Submission Date[1]

Historical Date[2]

FIPS 186-2 RSA Key Gen or Sig Gen[3]

FIPS 186-2 (Withdrawn)SP 800-131A Rev. 2

FIPS 140-2: G.18

FIPS 140-3: N/A

August 31, 2020

September 1, 2020

RSA-based KAS or KTS compliant to SP 800-56B

SP 800-56B (Withdrawn)[4]

FIPS 140-2: D.4, D.8, D.9

FIPS 140-3: N/A

December 31, 2020

January 1, 2024

RSA-based key transport schemes that are not compliant to either SP 800-56B or SP 800-56B Rev. 2

 

FIPS 140-2: Allowed per D.9

FIPS 140-3: N/A

December 31, 2020

January 1, 2024

RSA-based key transport schemes that only use PKCS#1-v1.5 padding[5]

RFC 2313 Section 8.1

Allowed per

FIPS 140-2: D.9

FIPS 140-3: D.G

December 31, 2023

January 1, 2024

DLC-based KAS compliant to SP 800-56A

SP 800-56A Revised (Withdrawn)

FIPS 140-2: D.8

FIPS 140-3: N/A

December 31, 2020

July 1, 2022

DLC-based KAS compliant to SP 800-56A Rev. 2

SP 800-56A Rev. 2 (Withdrawn)[6]

FIPS 140-2: D.1rev2

FIPS 140-3: N/A

December 31, 2020

July 1, 2022

Key agreement schemes that are not compliant with any version of SP 800-56A

 

FIPS 140-2: D.8

FIPS 140-3: N/A

December 31, 2020

July 1, 2022

Triple-DES encryptions[7]

SP 800-67 Rev. 2, SP 800-131A Rev. 2

 

December 31, 2023

January 1, 2024

Table updated April 22, 2021

[1] The last date that a module that implements this algorithm in the approved mode can be submitted to the CMVP.  Submissions that do not modify or add a sunset date can still be submitted after this date.

[2] Date in which modules that implement these algorithms in an approved mode will be moved to the historical list.

[3] Per IG G.18, this includes modules that were CAVP tested for FIPS 186-2 RSA SigGen with modulus size lower than 4096 or FIPS 186-2 RSA KeyGen of any modulus size.

[4] Vendor affirmed, as testing for this algorithm is not available.

[5] Not compliant to SP 800-56B Rev. 2.

[6] Vendor affirmed, as testing for this algorithm is not available.

[7] Triple-DES decryptions are approved beyond this date for “Legacy Use”.

From Jan 26, 2021

Algorithm/Scheme

Standard

Relevant IG(s)[1]

ACVTS Prod Date[2]

Submission Date[3]

AES-CBC-CS

Addendum to SP 800-38A

FIPS 140-2: A.12

Prior to June 30, 2020

September 1, 2020

AES FF1

SP 800-38G

FIPS 140-2: A.10

Prior to June 30, 2020

September 1, 2020

cSHAKE, TupleHash, ParallelHash, KMAC

SP 800-185

FIPS 140-2: A.15

Prior to June 30, 2020

September 1, 2020

RSA 4096 bit modulus[4]

FIPS 186-4SP 800-131A Rev. 2

FIPS 140-2: G.18

Prior to June 30, 2020

September 1, 2020

Higher level algorithms using FIPS 202 functions[5]

 

FIPS 140-2: A.11

FIPS 140-3: C.C

Prior to June 30, 2020

September 1, 2020

ANS X9.42-2001 KDF

SP 800-135 Rev. 1

FIPS 140-2: G.20

FIPS 140-3: 2.4.B

Prior to June 30, 2020

September 1, 2020

ENT

SP 800-90B

FIPS 140-2: 7.18, 7.19

FIPS 140-3: D.J, D.K

N/A

November 7, 2020[6]

PBKDF

SP 800-132

FIPS 140-2: D.6

FIPS 140-3: D.N

Prior to June 30, 2020

December 31, 2020

KAS-RSA or KAS-RSA-SSC IFC

SP 800-56B Rev. 2

FIPS 140-2: D.8

FIPS 140-3: D.F

September 30, 2020

December 31, 2020

KTS-RSA IFC

SP 800-56B Rev. 2

FIPS 140-2: D.9

FIPS 140-3: D.G

September 30, 2020

December 31, 2020

KAS or KAS-SSC DLC (FFC or ECC)

SP 800-56A Rev. 3

FIPS 140-2: D.1-rev3, D.8

FIPS 140-3: D.F

September 30, 2020

December 31, 2020[7]

KDA[8]

SP 800-56C Rev. 1 (Withdrawn), SP 800-56C Rev. 2

FIPS 140-2: D.10

September 30, 2020

December 31, 2020

TLS 1.3 KDF

RFC 8446 - Sections 4.4.1 and 7.1

FIPS 140-2: G.20

FIPS 140-3: 2.4.B

Still on Demo

TBD

ECDSA, EdDSA, RSA

FIPS 186-5 (RFC), SP 800-186 (Draft)

TBD

Still on Demo

TBD

Table updated Jan 6, 2021

[1] Most algorithm self-test requirements are in IG 9.4 (for FIPS 140-2) and IG 10.3.A (for FIPS 140-3).

[2] Date in which the algorithm was moved onto the ACVTS production server.

[3] After this date, module submissions that modify or add the sunset date must CAVP test the applicable algorithm(s) that are used in an approved mode and perform the required self-tests.  For FIPS 140-3 submissions, algorithms that show a Submission Date on or before December 31, 2020 are immediately transitioned rather than following the date listed in this table.

[4] This entry represents an addition of the RSA 4096-bit modulus testing to FIPS 186-4 (e.g. KeyGen, SigGen, SigVer).

[5] Not all higher-level algorithms support CAVP testing using FIPS 202 functions (e.g. DRBG, DSA, all CVL KDFs besides ANS x9.42, RSA).  This date applies to the following higher-level algorithms (unless the algorithm itself has a later transition date) which do support FIPS 202 functions: ECDSA, HKDF, HMAC, KAS/KAS-RSA/SSC (SP 800-56Arev3 and SP 800-56Brev2), KBKDF, ANS x9.42 CVL, PBKDF.  This table may need to be updated in the future.

[6] SP 800-90B compliance is required after November 7, 2020 for FIPS 140-2.  This entry will be updated once ENT certification becomes available.  In addition, this date is applicable to the vetted conditioning components specified in SP 800-90B section 3.1.5.1.1 which must be CAVP tested if implemented as part of an approved SP 800-90B compliant ENT.

[7] This date is applicable to the Safe Primes Groups as specified in SP 800-56Arev3 Appendix D which must be CAVP tested if implemented as part of an approved SP 800-56Arev3 compliant KAS.

[8] This includes the HKDF which is compliant to SP 800-56C (Rev.1 and Rev.2) and separately CAVP testable.

Changes made on Jan 26, 2021 

  1. Changed “TLS 1.3 KDF” ACVTS Prod Date from “Still on Demo” to "January 22, 2021.
  2. Changed “TLS 1.3 KDF” Submission Date from “TBD” to "June 30, 2021.

 


From Oct 11, 2020

Algorithm/Scheme

Standard

Relevant IG(s)[1]

ACVTS Prod Date[2]

Submission Date[3]

AES-CBC-CS

Addendum to SP 800-38A

FIPS 140-2: A.12

Prior to June 30, 2020

September 1, 2020

AES FF1

SP 800-38G

FIPS 140-2: A.10

Prior to June 30, 2020

September 1, 2020

cSHAKE, TupleHash, ParallelHash, KMAC

SP 800-185

FIPS 140-2: A.15

Prior to June 30, 2020

September 1, 2020

RSA 4096 bit modulus[4]

FIPS 186-4SP 800-131A Rev. 2

FIPS 140-2: G.18

Prior to June 30, 2020

September 1, 2020

Higher level algorithms using FIPS 202 functions[5]

 

FIPS 140-2: A.11

FIPS 140-3: C.C

Prior to June 30, 2020

September 1, 2020

ANS X9.42-2001 KDF

SP 800-135 Rev. 1

FIPS 140-2: G.20

FIPS 140-3: 2.4.B

Prior to June 30, 2020

September 1, 2020

ENT

SP 800-90B

FIPS 140-2: 7.18, 7.19

FIPS 140-3: D.J, D.K

N/A

November 7, 2020[6]

PBKDF

SP 800-132

FIPS 140-2: D.6

FIPS 140-3: D.N

Prior to June 30, 2020

December 31, 2020

KAS-RSA or KAS-RSA-SSC IFC

SP 800-56B Rev. 2

FIPS 140-2: D.8

FIPS 140-3: D.F

September 30, 2020

December 31, 2020

KTS-RSA IFC

SP 800-56B Rev. 2

FIPS 140-2: D.9

FIPS 140-3: D.G

September 30, 2020

December 31, 2020

KAS or KAS-SSC DLC (FFC or ECC)

SP 800-56A Rev. 3

FIPS 140-2: D.1-rev3, D.8

FIPS 140-3: D.F

September 30, 2020

December 31, 2020

KDA[7]

SP 800-56C Rev. 1 (Withdrawn), SP 800-56C Rev. 2

FIPS 140-2: D.10

September 30, 2020

December 31, 2020

TLS 1.3 KDF

RFC 8446 - Sections 4.4.1 and 7.1

FIPS 140-2: G.20

FIPS 140-3: 2.4.B

Still on Demo

December 31, 2020

ECDSA, EdDSA, RSA

FIPS 186-5 (RFC), SP 800-186 (Draft)

TBD

Still on Demo

TBD

 

[1] Most algorithm self-test requirements are in IG 9.4 (for FIPS 140-2) and IG 10.3.A (for FIPS 140-3).

[2] Date in which the algorithm was moved onto the ACVTS production server.

[3] After this date, module submissions that modify or add the sunset date must CAVP test the applicable algorithm(s) that are used in an approved mode and perform the required self-tests.  For FIPS 140-3 submissions, algorithms that show a Submission Date on or before December 31, 2020 are immediately transitioned rather than following the date listed in this table.

[4] This entry represents an addition of the RSA 4096-bit modulus testing to FIPS 186-4 (e.g. KeyGen, SigGen, SigVer).

[5] Not all higher-level algorithms support CAVP testing using FIPS 202 functions.  Therefore, this table may need to be updated in the future.

[6] SP 800-90B compliance is required after November 7, 2020 for FIPS 140-2.  This entry will be updated once ENT certification becomes available. 

[7] This includes the HKDF which is compliant to SP 800-56C (Rev.1 and Rev.2) and separately CAVP testable.

Changes made on Jan 6, 2021 

  1. “TLS 1.3 KDF” entry, changed “December 31, 2020” to “TBD” since it is still on the DEMO server.
  2. Updated footnote 6: “SP 800-90B compliance is required after November 7, 2020 for FIPS 140-2.  This entry will be updated once ENT certification becomes available.  In addition, this date is applicable to the vetted conditioning components specified in SP 800-90B section 3.1.5.1.1 which must be CAVP tested if implemented as part of an approved SP 800-90B compliant ENT.”
  3. Added a footnote to “December 31, 2020” for the “KAS or KAS-SSC DLC (FFC or ECC)” entry: “This date is applicable to the Safe Primes Groups as specified in SP 800-56Arev3 Appendix D which must be CAVP tested if implemented as part of an approved SP 800-56Arev3 compliant KAS.”
  4. Updated footnote 5: “Not all higher-level algorithms support CAVP testing using FIPS 202 functions (e.g. DRBG, DSA, all CVL KDFs besides ANS x9.42, RSA).  This date applies to the following higher-level algorithms (unless the algorithm itself has a later transition date) which do support FIPS 202 functions: ECDSA, HKDF, HMAC, KAS/KAS-RSA/SSC (SP 800-56Arev3 and SP 800-56Brev2), KBKDF, ANS x9.42 CVL, PBKDF. This table may need to be updated in the future.”

 

 

 

From April 22, 2021

Algorithm/Scheme

Standard

Relevant IG(s)

Submission Date[1]

Historical Date[2]

FIPS 186-2 RSA Key Gen or Sig Gen[3]

FIPS 186-2 (Withdrawn)SP 800-131A Rev. 2

FIPS 140-2: G.18

FIPS 140-3: N/A

August 31, 2020

September 1, 2020

RSA-based KAS or KTS compliant to SP 800-56B

SP 800-56B (Withdrawn)[4]

FIPS 140-2: D.4, D.8, D.9

FIPS 140-3: N/A

December 31, 2020

January 1, 2024

RSA-based key transport schemes that are not compliant to either SP 800-56B or SP 800-56B Rev. 2

 

FIPS 140-2: Allowed per D.9

FIPS 140-3: N/A

December 31, 2020

January 1, 2024

RSA-based key transport schemes that only use PKCS#1-v1.5 padding[5]

RFC 2313 Section 8.1

Allowed per

FIPS 140-2: D.9

FIPS 140-3: D.G

December 31, 2023

January 1, 2024

DLC-based KAS compliant to SP 800-56A

SP 800-56A Revised (Withdrawn)

FIPS 140-2: D.8

FIPS 140-3: N/A

December 31, 2020

January 1, 2022

DLC-based KAS compliant to SP 800-56A Rev. 2

SP 800-56A Rev. 2 (Withdrawn)[6]

FIPS 140-2: D.1rev2

FIPS 140-3: N/A

December 31, 2020

January 1, 2022

Key agreement schemes that are not compliant with any version of SP 800-56A

 

FIPS 140-2: D.8

FIPS 140-3: N/A

December 31, 2020

January 1, 2022

Triple-DES encryptions[7]

SP 800-67 Rev. 2, SP 800-131A Rev. 2

 

December 31, 2023

January 1, 2024

 

[1] The last date that a module that implements this algorithm in the approved mode can be submitted to the CMVP.  Submissions that do not modify or add a sunset date can still be submitted after this date.

[2] Date in which modules that implement these algorithms in an approved mode will be moved to the historical list.

[3] Per IG G.18, this includes modules that were CAVP tested for FIPS 186-2 RSA SigGen with modulus size lower than 4096 or FIPS 186-2 RSA KeyGen of any modulus size.

[4] Vendor affirmed, as testing for this algorithm is not available.

[5] Not compliant to SP 800-56B Rev. 2.

[6] Vendor affirmed, as testing for this algorithm is not available.

[7] Triple-DES decryptions are approved beyond this date for “Legacy Use”.

Changes made April 22, 2021

  1. DLC-based KAS compliant to SP 800-56A historical date delayed to July 1, 2022.
  2. DLC-based KAS compliant to SP 800-56A Rev. 2 historical date delayed to July 1, 2022.
  3. Key agreement schemes that are not compliant with any version of SP 800-56A historical date delayed to July 1, 2022.

 

 

Created October 11, 2016, Updated June 16, 2021