Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Cryptographic Module Validation Program

2008-2007 Announcements Archive

[10-21-2008] FIPS 140-2 Annex A: Approved Security Functions [ PDF ] has been updated

Hashing, Number 1:
Secure Hash Standard - FIPS 180-3 replaces FIPS 180-2


[05-22-2008] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

Updated Implementation Guidance:

  • G.13 Instructions for completing a FIPS 140-2 Validation Certificate

[01-24-2008] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

New Implementation Guidance:

  • 7.7 Key Establishment and Key Entry and Output

Updated Implementation Guidance:

  • G.2 Completion of a test report: Information that must be provided to NIST and CSEC
    • Added reference to CMVP comments document.
  • G.8 Revalidation Requirements
    • Added reference to the CMVP FAQ in change scenario 1.

[01-16-2008] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

Updated Implementation Guidance:

  • G.13 Instructions for completing a FIPS 140-2 Validation Certificate
  • 1.8 Listing of DES Implementations
  • 7.1 Acceptable Key Establishment Protocols
  • 9.4 Cryptographic Algorithm Tests for SHS Algorithms and Higher Cryptographic Algorithms Using SHS Algorithms

[01-16-2008] FIPS 140-2 Annex D: Approved Key Establishment Techniques [ PDF ] has been updated.

[12-18-2007] FIPS 140-2 Annex A: Approved Security Functions [ PDF ] has been updated

Symmetric Key - Encryption, Number 1:
Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC - Added


[12-18-2007] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

New Implementation Guidance:

  • 1.13 CAVP Requirements for Vendor Affirmation of NIST SP 800-38D

[11-16-2007] -- Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF] has been updated.

New Implementation Guidance

  • 7.6 RNGs: Seeds, Seed Keys and Date/Time Vectors

[11-15-2007] -- CAVP release of CAVS - CAVS6.0

On November 14, 2007, the CAVP released a new version of CAVS - CAVS6.0 which adds testing for NIST SP 800-90 Deterministic Random Bit Generators.

A transition period of three months ending on February 15, 2008 addresses the impact to newly received FIPS 140-2 module test reports and the relationship to FIPS 140-2 IG 1.12.

During the transition period, new FIPS 140-2 module test reports received which implement SP 800-90 RNGs may operate the RNG in an Approved FIPS mode for key generation with reference to an issued CAVP SP 800-90 algorithm validation certificate, or vendor affirmation as indicated in FIPS 140-2 IG 1.12. The certificate annotation is provided in FIPS 140-2 IG G.13 and below:

  • If reference to a CAVP algorithm certificate, the certificate entry would be: RNG (Cert. #nnn)
  • If reference to FIPS 140-2 IG 1.12, the certificate entry would be: RNG (SP 800-90, vendor affirmed)

New FIPS 140-2 IG G.8 Scenario 3 and 5 module test reports received from CMT Laboratories after the transition period which implement SP 800-90 RNGs operating in an Approved FIPS mode for key generation shall reference a CAVP RNG algorithm certificate. At the end of the transition period, FIPS 140-2 IG 1.12 will be for reference only.

The CMVP will also review special conditions on a case-by-case basis.


[11-08-2007] -- Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF] has been updated.

Updated Implementation Guidance

  • G.2 Completion of a test report: Information that must be provided to NIST and CSEC
    • Added clarification on output type of draft certificate.

[10-18-2007] -- URL links were updated in the following documents:

  • FIPS 140-2 Annex A: Approved Security Functions [ PDF]
  • FIPS 140-2 Annex C: Approved Random Number Generators [ PDF]
  • FIPS 140-2 Annex D: Approved Key Establishment Technigues [ PDF]
  • Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF]
  • CMVP FAQ

[07-26-2007] -- Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF] has been updated.

  • Minor editorial updates.

[07-03-2007] -- Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF] has been updated.

New Implementation Guidance

  • 14.3 Logical Diagram for Software, Firmware and Hybrid Modules

[06-28-2007] -- Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF] has been updated.

New Implementation Guidance

  • G.13 Instructions for completing a FIPS 140-2 Validation Certificate

[06-26-2007] -- Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF] has been updated.

Updated Implementation Guidance

  • G.8 Revalidation Requirements
    • Additional guidelines for determining <30% change for Scenario 3.
  • 7.1 Acceptable Key Establishment Protocols
    • Updated to reflect the publishing of NIST SP 800-56A.

[06-26-2007] -- FIPS 140-2 Annex D: Approved Key Establishment Techniques [ PDF] has been updated.

Symmetric Key Establishment Techniques:
Removed reference to FIPS 171. FIPS 171 was withdrawn February 08, 2005.

Asymmetric Key Establishment Techniques, Number 2:
Added references for additional schemes in FIPS 140-2 IG Section 7.1.


[06-22-2007] -- Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [PDF] has been updated.

Updated Implementation Guidance

  • G.2 Completion of a test report: Information that must be provided to NIST and CSEC
    • Editorial changes for clarification.
  • G.8 Revalidation Requirements
    • Editorial changes for clarification.

[06-21-2007] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

New Implementation Guidance:

  • 1.11 CAVP Requirements for Vendor Affirmation of NIST SP 800-56A
  • 1.12 CAVP Requirements for Vendor Affirmation of NIST SP 800-90

[06-14-2007] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

Updated Implementation Guidance:

  • 3.1 Authorized Roles
    • Updated to reference hashing and RNG services

[06-14-2007] FIPS 140-2 Annex B: Approved Protection Profiles [ PDF ] has been updated

Updated document links. Added Protection Profile for Single-level Operating Systems in Environments Requiring Medium Robustness, Version 1.91.


[03-19-2007] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

Updated Implementation Guidance:

  • Updated references to revision of NIST SP 800-57

[03-19-2007] FIPS 140-2 Annex C: Approved Random Number Generators [ PDF ] has been updated

Deterministic Random Number Generators, Number 6:
Recommendation for Random Number Generation Using Deterministic Random Bit Generators (Revised) - Updated to revised document.


[03-19-2007] FIPS 140-2 Annex D: Approved Key Establishment Techniques[ PDF ] has been updated

Asymmetric Key Establishment Techniques, Number 1:
Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography (Revised) - Updated to revised document.


[02-26-2007] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

Updated Implementation Guidance:

  • 7.4 Zeroization of Power-Up Test Keys
    • Clarified text regarding Section 4.9.1 test keys

[01-26-2007] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

New Implementation Guidance:

  • G.12 Post-Validation Inquiries

[01-25-2007] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

New Implementation Guidance:

  • 1.10 Vendor Affirmation of Cryptographic Security Methods

Updated Implementation Guidance:

  • G.8 Revalidation Requirements
    • Scenario 2, 1st paragraph clarification update.
  • 7.5 Strength of Key Establishment Methods
    • Updated text on the calculation of key strength.

[01-24-2007] FIPS 140-2 Annex A: Approved Security Functions [ PDF ] has been updated

Random Number Generators, Number 1:
Annex C: Approved Random Number Generators for FIPS 140-2, Security Requirements for Cryptographic Modules - Updated reference document date


[01-24-2007] FIPS 140-2 Annex C: Approved Random Number Generators [ PDF ] has been updated

Deterministic Random Number Generators, Number 6:
Recommendation for Random Number Generation Using Deterministic Random Bit Generators - Added


[01-24-2007] FIPS 140-2 Annex D: Approved Key Establishment Techniques [ PDF ] has been updated

Asymmetric Key Establishment Techniques, Number 1:
Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography - Added

 

Created October 11, 2016, Updated August 16, 2019