Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Cryptographic Module Validation Program

2016-2015 Announcements Archive

2016

[02-01-2016] Annex A for FIPS PUB 140-2 has been updated.

  • Symmetric Key, Advanced Encryption Standard (AES):
  • Added: GCM-AES-XPN mode from IEEE Std 802.1AEbw-2013.

[01-25-2016] Annex A for FIPS PUB 140-2 has been updated.

  • Escrowed Encryption Standard (EES)
  • Removed Skipjack - withdrawn as of December 31, 2015.

[01-11-2016] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • Updated guidance
    • G.14: Validation of Transitioning Cryptographic Algorithms and Key Lengths
      • update references to FIPS 186-4, define legacy use of 186-2 and other post RNG transition changes
    • 7.5: Strength of Key Establishment Methods
      • update references to FIPS 186-4 and other post RNG transition changes
    • 7.8: Key Generation Methods Allowed in FIPS Mode
      • update references to FIPS 186-4 and other post RNG transition changes
    • 7.12: Key Generation for RSA Signature Algorithm
      • update references to FIPS 186-4 and other post RNG transition changes
    • C.1: moved to W.3
      • withdrawn obsolete guidance
    • C.2: moved to W.4
      • withdrawn obsolete guidance
    • D.4: Requirements for Vendor Affirmation of SP 800-56B
      • update references to FIPS 186-4 and other post RNG transition changes

[01-04-2016] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • Updated guidance
    • A.9: XTS-AES Key Generation Requirements
      • minor editorial update of the last sentence in Additional Comments
    • G.15: moved to W.2
      • withdrawn obsolete guidance

[01-04-2016] Annex A for FIPS PUB 140-2 has been updated.

  • Digital Signature Standard (DSS)
    • Removed references to 186-2.

[01-04-2016] Annex C for FIPS PUB 140-2 has been updated.

  • Deterministic Random Number Generators
    • National Institute of Standards and Technology, Recommendation for Random Number Generation Using Deterministic Random Bit Generators, Special Publication 800-90A, June 2015.
  • Retired RNG standards
    • American Bankers Association, Digital Signatures Using Reversible Public Key Cryptography for the Financial Services Industry (rDSA), ANSI X9.31-1998 - Appendix A.2.4
    • American Bankers Association, Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA), ANSI X9.62-1998 – Annex A.4

2015

[12-28-2015] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • New guidance
    • A.9: XTS-AES Key Generation Requirements
      • clarified the requirements for Key_1 and Key_2 from IEEE Std. 1619-2007

[12-22-2015] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • Modified guidance
    • 9.8 Continuous Random Number Gererator Tests
      • introduced advanced options for continuous random number generation testing.

[11-20-2015] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • Modified guidance
    • G.5 Maintaining validation compliance of software or firmware cryptographic modules
      • fixed a discrepancy in the wording of user porting rules. Now user affirmation is similar to that of vendors so that validation is only user-affirmed and does not imply a CMVP endorsement

[11-18-2015] Annex B for FIPS PUB 140-2 has been updated.

  • Added protection profiles
    • Common Criteria Protection Profiles for General Purpose Operating Systems
      • until June 30, 2016.​
    • NIAP Approved Protection Profile for Operating Systems
    • NIAP Approved Protection Profile for Mobile Device Fundamentals
  • Retired protection profiles
    • U.S. Government Approved Protection Profile - U.S. Government Protection Profile for General-Purpose Operating Systems in a Networked Environment
      • CC Version 3.1, 30 August 2010

[11-13-2015] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • Modified guidance
    • G.5 Maintaining validation compliance of software or firmware cryptographic modules
      • fixed a typo/poor text formatting - removed d) in 1) as it is just a continuation of c);

[11-12-2015] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • Modified guidance
    • 7.15 Entropy Assessment
      • introduced a transition period for third-party hardware entropy sources that cannot meet all documentation and test requirements;​
    • G.5 Maintaining validation compliance of software or firmware cryptographic modules
      • fixed a logically inconsistent wording related to porting modules to a new untested operational environment;​
    • 7.16 Acceptable Algorithms for Protecting Stored Keys and CSPs
      • Fixed a typo – misspelled Tripe-DES.

[09-17-2015] Annex A for FIPS PUB 140-2 has been updated.

  • Annex A: Added SHA-3.

[09-15-2015] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

Updated Implementation Guidance:

  • Modified guidance
    • 1.20Sub-Chip Cryptographic Subsystems
      • Updated with multiple disjoint sub-chip subsystems and refinements of testing and documentation requirements. See also generous transition period to allow for potentially long product development cycles.

 


[08-11-2015] NIST Billing Unavailable September 14-30, 2015

With the end of the fiscal year approaching, NIST billing will be unavailable September 14-30, 2015. During this time, NIST will not generate invoices or process payments. The invoices for test report submitted on September 14th through September 30th will be generated on October 1st or shortly thereafter. Any payments received on September 14th through September 30th will be processed starting on October 1st.

During this time frame, the CMVP will continue to review reports that have already been paid. The CMVP asks all participating parties to plan accordingly.


[08-07-2015] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

Updated Implementation Guidance:

  • New guidance
    • 7.14 Entropy Caveats
    • 7.15 Entropy Assessment
    • 7.16 Acceptable Algorithms for Protecting Stored keys and CSPs
    • D.1-rev2 CAVP Requirements for Vendor Affirmation of SP 800-56A-rev2
    • D.12 Requirements for Vendor Affirmation to SP 800-133
  • Modified guidance
    • 7.13 Cryptographic Key Strength Modified by an Entropy Estimate
      • withdrawn, moved to W.1.
    • A.5 Key/IV Pair Uniqueness Requirements from SP 800-38D
      • Allow IPSec- and TLS 1.2-style of IV generation for AES-GCM cipher suites.
    • D.9 Key Transport Methods
      • Updated with more SP 800-38F examples.
    • G.13 Instructions for Validation Information Formatting
      • Updated with more examples.
    • G.1 Request for Guidance from the CMVP and CAVP
      • Editorial - updated contacts and set in writing requirement for requests.
    • G.2 Completion of a test report: Information that must be provided to NIST/CSE
      • Editorial - changed CSEC to CSE.
    • G.7 Relationships Among Vendors, Laboratories, and NIST/CSE
      • Editorial - changed CSEC to CSE.
    • G.9 FSM, Security Policy, User Guidance and Security Officer Documentation
      • Editorial - changed CSEC to CSE.
    • G.12 Post-Validation Inquiries
      • Editorial - changed CSEC to CSE.

Created October 11, 2016, Updated August 16, 2019