Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Cryptographic Module Validation Program

2006-2005 Announcements Archive

[10-05-2006] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

New Implementation Guidance:

  • 1.9 Definition and Requirements of an Hybrid Cryptographic Module

[09-27-2006] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

Updated Implementation Guidance:

  • G.8 Revalidation Requirements
    • New revalidation scenario: No change to module but update of security relevant service or function.

[05-05-2006] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

Updated Implementation Guidance:

  • G.2 Completion of a test report: Information that must be provided to NIST and CSEC
    • Additional file to include and new NIST and CSEC e-mail contact information.

[04-07-2006] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

Updated Implementation Guidance:

  • G.2 Completion of a test report: Information that must be provided to NIST and CSEC
    • Added reference to include PIV Card Application certificate reference if applicable to the draft certificate.

[04-03-2006] Annex A: Approved Security Functions [ PDF ] has been updated

CMAC

National Institute of Standards and Technology, Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication, Special Publication 800-38B, May 2005.


[03-23-2006] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

Updated Implementation Guidance:

  • G.2 Completion of a test report: Information that must be provided to NIST and CSEC
    • Updated NIST contact.
  • G.5 Maintaining validation compliance of software or firmware cryptographic modules
    • Added exception for vendor recompilation.

[12-01-2005] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

New Implementation Guidance:

  • 1.8 Listing of DES Implementations
  • 7.5 Strength of Key Establishment Methods

[11-17-2005] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

Updated Implementation Guidance:

  • G.2 Completion of a test report: Information that must be provided to NIST and CSEC
    • Updated NIST contact.

[09-26-2005] CMVP and IPA/Instac Physical Security Testing Workshop

A workshop was hosted by the CMVP (NIST and CSEC) and IPA/Instac Japan to address new physical testing methods as new mitigation methods are deployed in cryptographic modules. Presentations and papers presented at the Physical Security Testing Workshop.


[09-12-2005] Annex D: Approved Key Establishment Techniques [ PDF ] has been updated

Information regarding allowed asymmetric key establishment methods moved to FIPS 140-2 IG 7.1.


[09-12-2005] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

New Implementation Guidance:

  • G.11 Testing using Emulators and Simulators
  • 1.6 Use of Non-NIST-Recommended Asymmetric Key Sizes and Elliptic Curves
  • 1.7 Multiple Approved Modes of Operation
  • 5.2 Testing Tamper Evident Seals
  • 7.4 Zeroization of Power-Up Test Keys

Updated Implementation Guidance:

  • G.1 Request for Guidance from the CMVP
  • 1.2 FIPS Approved Mode of Operation
  • 7.1 Acceptable Key Establishment Protocols
  • 7.2 Use of IEEE 802.11i Key Derivation Protocols

[07-25-2005] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

Updated Implementation Guidance:

  • G.2 Completion of a test report: Information that must be provided to NIST and CSEC
    • Updated CSEC contact.

[06-30-2005] FIPS 140-2 Annex D: Approved Key Establishment Techniques [ PDF ] has been updated

Clarification regarding the use of asymmetric keys for key wrapping as a key transport method for key establishment.


[05-19-2005] FIPS 140-2 Annex A: Approved Security Functions [ PDF ] has been updated

DES and Triple-DES

National Institute of Standards and Technology, Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher, Special Publication 800-67, May 2004.


[01-31-2005] FIPS 140-2 Annex C: Approved Random Number Generators [ PDF ] has been updated

NIST-Recommended Random Number Generator Based on ANSI X9.31 Appendix A.2.4 Using the 3-Key Triple DES and AES Algorithms added.


[01-21-2005] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

New Implementation Guidance:

  • 6.4 Approved Integrity Techniques
  • 7.2 Use of IEEE 802.11i Key Derivation Protocols
  • 7.3 Use of other Core Symmetric Algorithms in ANSI X9.31 RNG

Updated Implementation Guidance:

  • G.1 Implementation guidance requests to NIST and CSEC
    • Updated NIST and CSEC contacts.
  • G.2 Completion of a test report: Information that must be provided to NIST and CSEC
    • Updated CSEC contact. Change requirements for signature page.
  • G.3 Partial Validations and Not Applicable Areas of FIPS 140-2
    • Added guidance regarding Not Applicable Areas.
  • G.5 Maintaining validation compliance of software or firmware cryptographic modules
    • Clarified the distinct actions a vendor or user may affirm compliance.
  • G.8 re-validation Requirements
    • Added Regression Test Suite and clarifications.

 

Created October 11, 2016, Updated February 07, 2019