Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cryptographic Module Validation Program CMVP

Programmatic Transitions

Program Related Transitions

The CMVP is offering an interim validation process for module submissions. This interim validation option is voluntary; however, CSTLs must notify CMVP of the vendor's intent prior to 1 Oct 2024

Vendors do not need to take any action if they would prefer to wait for their full review to be completed to receive full, five-year validation.  Vendors who would like to elect the interim validation should follow the process below. 

These module submissions will be reviewed for completeness by CMVP staff.  If needed, there will be a brief period of Coordination with the CST lab to resolve any questions.  Once this step is successfully completed: 

  • A two-year sunset date (expiration date) will be awarded.   
  • The ‘Interim Validation” caveat will be added to the certificate validation entry to distinguish them from a full validation (see CMVP Caveats webpage for more information)
  • A supplementary follow-up submission, adhering to the SP 800-140Br1 format, may be submitted to the CMVP. This follow-up submission must be received by the CMVP prior to the two-year sunset date for the interim validation to remain on the active list until the completion of the follow-up submission. 
  • Any non-compliance identified (e.g., during the follow-up review) will be resolved with existing processes and provide the opportunity for a timely resolution prior to moving the validation certificate to the Historical or Revocation lists (see FIPS 140-3 Management Manual 4.8 for more information). 
  • After a successful review and completion of this follow-up, the "Interim Validation" status will be lifted, and the sunset date will be extended to accommodate an increase from two to five years for the total validation period. 
  • The validation will be moved to the historical list if the follow-up submission is not received prior to the two-year sunset date. 

The interim validation submission must meet the following criteria: 

  • The vendor must inform the CMVP through their Cryptographic Security Testing (CST) lab if they elect to choose interim validation.  
  • The requesting CST lab must be in an active status with NVLAP. 
  • The original submission must have been received by the CMVP prior to 1 Jan 2024, and have not yet been validated.   
  • The submission must be fully tested and evaluated for conformance to the FIPS 140-3 standard by an active, accredited CST lab.  
  • The submission much be recommended for validation by the accredited CST lab who performed the testing. 
  • In addition to the original submission documents, the CST lab must also complete and sign a CMVP-provided requirement checklist.   

 

Algorithm Related Transitions

Table updated Jan 30, 2024

Algorithm/Scheme

Standard

Relevant IG(s)[1]

ACVTS Prod Date[2]

Submission Date[3]

AES-CBC-CS

Addendum to SP 800-38A

FIPS 140-2: A.12

Prior to Jun 30, 2020

Sep 1, 2020

AES FF1

SP 800-38G

FIPS 140-2: A.10

Prior to Jun 30, 2020

Sep 1, 2020

cSHAKE, TupleHash, ParallelHash, KMAC

SP 800-185

FIPS 140-2: A.15

Prior to Jun 30, 2020

Sep 1, 2020

RSA 4096 bit modulus[4]

FIPS 186-4SP 800-131A Rev. 2

FIPS 140-2: G.18

Prior to Jun 30, 2020

Sep 1, 2020

Higher level algorithms using FIPS 202 functions[5]

FIPS 202

FIPS 140-2: A.11

FIPS 140-3: C.C

Prior to Jun 30, 2020

Sep 1, 2020

ANS X9.42-2001 KDF

SP 800-135 Rev. 1

FIPS 140-2: G.20

FIPS 140-3: 2.4.B

Prior to Jun 30, 2020

Sep 1, 2020

ENT

SP 800-90B

FIPS 140-2: 7.18, 7.19

FIPS 140-3: D.J, D.K

N/A

Nov 7, 2020[6]

PBKDF

SP 800-132

FIPS 140-2: D.6

FIPS 140-3: D.N

Prior to Jun 30, 2020

Dec 31, 2020

KAS-RSA or KAS-RSA-SSC IFC

SP 800-56B Rev. 2

FIPS 140-2: D.8

FIPS 140-3: D.F

Sep 30, 2020

Dec 31, 2020

KTS-RSA IFC

SP 800-56B Rev. 2

FIPS 140-2: D.9

FIPS 140-3: D.G

Sep 30, 2020

Dec 31, 2020

KAS or KAS-SSC DLC (FFC or ECC)

SP 800-56A Rev. 3

FIPS 140-2: D.1-rev3, D.8

FIPS 140-3: D.F

Sep 30, 2020

Dec 31, 2020[7]

KDA[8]

SP 800-56C Rev. 1 (Withdrawn), SP 800-56C Rev. 2

FIPS 140-2: D.10

Sep 30, 2020

Dec 31, 2020

TLS 1.3 KDF

RFC 8446 - Sections 4.4.1 and 7.1

FIPS 140-2: G.20

FIPS 140-3: 2.4.B

Jan 22, 2021 Jun 30, 2021

RSADP 2.0 – adds support for 3072 and 4096 moduli in addition to 2048

SP 800-56B Rev. 2

FIPS 140-3: 2.4.C

Dec 28, 2022

Mar 31, 2023

ECDSA, EdDSA, RSA FIPS 186-5, SP 800-186 FIPS 140-3: C.K Feb 3, 2023 Jul 25, 2023[9]

ANSI X9.63-2001 KDF - adds support for SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384 and SHA3-512

SP 800-135 Rev. 1

FIPS 202

FIPS 140-2: A.11

FIPS 140-3: C.C

Mar 21, 2023

 

Jun 30, 2023

SRTP (using the 48-bit index value)

SP 800-135 Rev. 1

NIST Informative Note

FIPS 140-3: 2.4.C Mar 21, 2023 Jun 30, 2023
Hash DRBG / HMAC DRBG - adds support for SHA3-224, SHA3-256, SHA3-384, and SHA3-512

SP 800-90A Rev. 1

FIPS 202

FIPS 140-2: A.11

FIPS 140-3: C.C

Oct 6, 2023

Mar 31, 2024

RSASP 2.0 – adds support for 3072 and 4096 moduli in addition to 2048 FIPS 186-4 & FIPS 186-5 FIPS 140-3: 2.4.C Jan 18, 2024 Jun 30, 2024

 

[1] Most algorithm self-test requirements are in IG 9.4 (for FIPS 140-2) and IG 10.3.A (for FIPS 140-3).

[2] Date in which the algorithm was moved onto the ACVTS production server.

[3] After this date, module submissions that modify or reset the sunset date must CAVP test the applicable algorithm(s) that are used in an approved mode and perform the required self-tests.  The provision from the previous sentence is applicable even prior to this date if there is no vendor affirmed IG for this algorithm. For FIPS 140-3 submissions, algorithms that show a Submission Date on or before December 31, 2020 are immediately transitioned rather than following the date listed in this table.

[4] This entry represents an addition of the RSA 4096-bit modulus testing to FIPS 186-4 (e.g. KeyGen, SigGen, SigVer).

[5] Not all higher-level algorithms support CAVP testing using FIPS 202 functions (e.g. DRBG, DSA, all CVL KDFs besides ANS x9.42, RSA).  This date applies to the following higher-level algorithms (unless the algorithm itself has a later transition date) which do support FIPS 202 functions: ECDSA, HKDF, HMAC, KAS/KAS-RSA/SSC (SP 800-56Arev3 and SP 800-56Brev2), KBKDF, ANS x9.42 CVL, PBKDF.  This table may need to be updated in the future.

[6] SP 800-90B compliance is required after November 7, 2020 for FIPS 140-2.  This entry will be updated once ENT certification becomes available.  In addition, this date is applicable to the vetted conditioning components specified in SP 800-90B section 3.1.5.1.1 which must be CAVP tested if implemented as part of an approved SP 800-90B compliant ENT.

[7] This date is applicable to the Safe Primes Groups as specified in SP 800-56Arev3 Appendix D which must be CAVP tested if implemented as part of an approved SP 800-56Arev3 compliant KAS.

[8] This includes the HKDF which is compliant to SP 800-56C (Rev.1 and Rev.2) and separately CAVP testable.

[9] Per IG C.K, "It is strongly recommended for modules submitted to the CMVP to comply with FIPS 186-5 and SP 800-186, even before the transition dates specified in this IG" if all applicable requirements are met, including algorithm self-tests per IG 10.3.A.

Algorithm/Scheme

Standard

Relevant IG(s)

Submission Date[1]

Historical Date[2]

FIPS 186-2 RSA Key Gen or Sig Gen[3]

FIPS 186-2 (Withdrawn)SP 800-131A Rev. 2

FIPS 140-2: G.18

FIPS 140-3: N/A

August 31, 2020

September 1, 2020

RSA-based KAS or KTS compliant to SP 800-56B

SP 800-56B (Withdrawn)[4]

FIPS 140-2: D.4, D.8, D.9

FIPS 140-3: N/A

December 31, 2020

N/A

RSA-based key transport schemes that are not compliant to either SP 800-56B or SP 800-56B Rev. 2

 

FIPS 140-2: Allowed per D.9

FIPS 140-3: N/A

December 31, 2020

N/A

RSA-based key transport schemes that only use PKCS#1-v1.5 padding[5]

RFC 2313 Section 8.1

Allowed per

FIPS 140-2: D.9

FIPS 140-3: D.G

December 31, 2023

FIPS 140-2: N/A

FIPS 140-3: January 1, 2024

DLC-based KAS compliant to SP 800-56A

SP 800-56A Revised (Withdrawn)

FIPS 140-2: D.8

FIPS 140-3: N/A

December 31, 2020

July 1, 2022

DLC-based KAS compliant to SP 800-56A Rev. 2

SP 800-56A Rev. 2 (Withdrawn)[6]

FIPS 140-2: D.1rev2

FIPS 140-3: N/A

December 31, 2020

July 1, 2022

Key agreement schemes that are not compliant with any version of SP 800-56A

 

FIPS 140-2: D.8

FIPS 140-3: N/A

December 31, 2020

July 1, 2022

Triple-DES encryptions[7]

SP 800-67 Rev. 2, SP 800-131A Rev. 2

 

December 31, 2023

FIPS 140-2: N/A

FIPS 140-3: January 1, 2024

FIPS 186-4 DSA Key Gen, Sig Gen, or 

PQG Gen [8]; FIPS 186-4 X9.31 RSA Key Gen, RSA Sig Gen

FIPS 186-4

FIPS 140-3: C.K

February 4, 2024

N/A

AES-CBC-MAC within OTAR

P25 OTAR (Over-The-Air-Rekeying) defined in TIA-102.AACA-B

FIPS 140-3: D.C

October 31, 2023

N/A

ENT [9] SP 800-90B FIPS 140-3: D.J

January 1, 2023

N/A

Table updated November 6, 2024

[1] The last date that a module that implements this algorithm in the approved mode can be submitted to the CMVP.  Submissions that do not modify or initiate a sunset date can still be submitted after this date.

[2] Date in which modules that implement these algorithms in an approved mode will be moved to the historical list.  If marked N/A, the module will NOT be moved to the historical list based on this transition.

[3] Per IG G.18, this includes modules that were CAVP tested for FIPS 186-2 RSA SigGen with modulus size lower than 4096 or FIPS 186-2 RSA KeyGen of any modulus size.

[4] Vendor affirmed, as testing for this algorithm is not available.

[5] Not compliant to SP 800-56B Rev. 2.

[6] Vendor affirmed, as testing for this algorithm is not available.

[7] Triple-DES decryptions are approved beyond this date for “Legacy Use”.

[8] Even after the transition date, DSA Key Gen and DSA PQG Gen tests are still permitted only for legacy purposes as part of an approved SP 800-56Arev3 FFC scheme.  Otherwise, they will no longer be permitted in the approved mode for submissions after this date.

[9] ESV is required after this transition date.

Changes made on Jan 30, 2024 

  1. Added: RSADP 2.0, SRTP, ANSI X9.63-2001 KDF, Hash DRBG / HMAC DRBG, and RSASP 2.0.

Changes made on Aug 8, 2023 

  1. Updated FIPS 186-5 / SP 800-186 to reference the FIPS 140-3 IG and to include the Submission Date based on the publication date of this IG.
  2. Updated Footnote 3 to address the scenario when vendor affirmation is not available.

Changes made on Feb 10, 2023 

  1. Updated FIPS 186-5 / SP 800-186 entry due to the publication of these standards.

Changes made on Jan 26, 2021 

  1. Changed “TLS 1.3 KDF” ACVTS Prod Date from “Still on Demo” to "January 22, 2021.
  2. Changed “TLS 1.3 KDF” Submission Date from “TBD” to "June 30, 2021.

Changes made on Jan 6, 2021 

  1. “TLS 1.3 KDF” entry, changed “December 31, 2020” to “TBD” since it is still on the DEMO server.
  2. Updated footnote 6: “SP 800-90B compliance is required after November 7, 2020 for FIPS 140-2.  This entry will be updated once ENT certification becomes available.  In addition, this date is applicable to the vetted conditioning components specified in SP 800-90B section 3.1.5.1.1 which must be CAVP tested if implemented as part of an approved SP 800-90B compliant ENT.”
  3. Added a footnote to “December 31, 2020” for the “KAS or KAS-SSC DLC (FFC or ECC)” entry: “This date is applicable to the Safe Primes Groups as specified in SP 800-56Arev3 Appendix D which must be CAVP tested if implemented as part of an approved SP 800-56Arev3 compliant KAS.”
  4. Updated footnote 5: “Not all higher-level algorithms support CAVP testing using FIPS 202 functions (e.g. DRBG, DSA, all CVL KDFs besides ANS x9.42, RSA).  This date applies to the following higher-level algorithms (unless the algorithm itself has a later transition date) which do support FIPS 202 functions: ECDSA, HKDF, HMAC, KAS/KAS-RSA/SSC (SP 800-56Arev3 and SP 800-56Brev2), KBKDF, ANS x9.42 CVL, PBKDF. This table may need to be updated in the future.”

Changes made November 6, 2024

  1. Added ENT entry.

Changes made August 8, 2023

  1. Updated the non-56Br2 compliant rows per the latest CMVP transition guidance.
  2. Added RSA X9.31 within the DSA row as they both have the same scheduled transition. Added IG C.K reference.

Changes made February 10, 2023

  1. Added row for AES-CBC-MAC within OTAR.

Changes made January 3, 2023

  1. Added footnote [8] for FIPS 186-4 DSA transition.
  2. Modified Historical Dates for Triple-DES entry.

Changes made October 21, 2022

  1. Added row for FIPS 186-4 DSA transition.
  2. Added sentence to footnote [2] on N/A entry.

Changes made April 22, 2021

  1. DLC-based KAS compliant to SP 800-56A historical date delayed to July 1, 2022.
  2. DLC-based KAS compliant to SP 800-56A Rev. 2 historical date delayed to July 1, 2022.
  3. Key agreement schemes that are not compliant with any version of SP 800-56A historical date delayed to July 1, 2022.

 

Created October 11, 2016, Updated December 10, 2024