Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cryptographic Module Validation Program CMVP

FIPS 140-3 IG Announcements

FIPS 140-3 IG - Latest version

 

[01-29-2024]

Updated Guidance:

  • 10.3.A Cryptographic Algorithm Self-Test Requirements – Added Note20 to clarify the TLS KDF self-test requirements.
  • C.K Transition from FIPS 186-4 to FIPS 186-5 and SP 800-186 – Resolution 4: K and B curves will be included in the FIPS 186-5 testing. Resolution 6: Removed specific reference to P curves since this ECDSA verification using K and B curves is also approved. Additional Comment 2: Clarified that mathematically equivalent FIPS 186-4 tests can claim FIPS 186-5 compliance.
  • D.C References to the Support of Industry Protocols – Added Additional Comment #2 specifying that this IG includes the TLS 1.3 KDF CVL.

[11-22-2023]

Updated Guidance:

  • 2.3.C Processor Algorithm Accelerators (PAA) and Processor Algorithm Implementation (PAI) – Added a few Known PAAs.
  • 2.4.C Approved Security Service Indicator - Clarified the API example in the Resolution and added a related Additional Comment 5.
  • 4.1.A Authorised Roles - Added “[for CSPs only]” in Background. Clarified in a. the exception applies when hashing data, not SSPs. Added a paragraph after the exceptions connecting authorization to authentication.
  • 9.5.A SSP Establishment and SSP Entry and Output - Slight modification to the SK legend under Table 2.
  • C.C The Use and the Testing Requirements for the Family of Functions defined in FIPS 202 - Removed the outdated Additional Comments.
  • C.H Key/IV Pair Uniqueness Requirements from SP 800-38D - Changed “technique” to “scenario” in the beginning of the Resolution for consistency. Added leniency to the abort logic requirement in Scenario 3.

[08-01-2023]

Updated Guidance:

  • D.B Strength of SSP Establishment Methods – Removed outdated text regarding how to document the SSP establishments on the certificate.

[07-25-2023]

New Guidance:

  • 10.3.F Complete Image Replacement Versus Software/Firmware Loading
  • C.K Transition from FIPS 186-4 to FIPS 186-5 and SP 800-186
  • C.L SP 800-107 Requirements

Updated Guidance:

  • 2.4.C Approved Security Service Indicator – Added Additional Comment #4 to clarify the applicability of example scenarios 1) and 3). Updated the first bullet after “IG clarifies AS02.24 by interpreting the following:” to align closer to TE02.24.01 and TE.02.24.02.
  • 10.3.A Cryptographic Algorithm Self-Test Requirements – Added self-test requirements for FIPS 186-5 algorithms. Clarified self-test requirements for underlying approved algorithms used within a higher-level algorithm with examples. Added Additional Comment #3 on general self-test requirements. Some formatting and editorial changes.
  • C.A Use of non-Approved Elliptic Curves - Removed Additional Comment #1 since the transition is now published. Revised Additional Comment #2 (now #1) to specify EdDSA status. Incorporated final draft guidance from IG C.K into Category 1a and 1b.
  • D.G Key Transport Methods – Updated Additional Comment #4 to be consistent with WebCryptik and CAVP representation (e.g., KTS-IFC).
  • D.F Key Agreement Methods – Updated Additional Comment #5 to clarify requirements for assurances.  Updated KAS references be consistent with WebCryptik and CAVP representation (i.e., KAS-ECC or KAS-FFC).
  • Added reference to FIPS 186-5 in addition to or instead of FIPS 186-4. This resulted in minor admin changes (published date remained unchanged) to IGs:
    • 2.4.A Definition and Use of a non-Approved Security Function
    • 4.1.A Authorised Roles
    • D.B Strength of SSP Establishment Methods
    • D.D Elliptic Curves and the FFC Safe-Prime Groups in Support of Industry Protocols
  • Updated to reference ESV. This resulted in minor admin changes (published date remained unchanged) to IGs:
    • D.J Entropy Estimation and Compliance with SP 800-90B
    • D.O Combining Entropy from Multiple Sources

[03-17-2023]

New Guidance:

  • 10.2.A Pre-operational Integrity Technique Self-test
  • 2.3.D Excluded Components

Updated Guidance:

  • Entire IG – Updated FIPS 140-3 Management Manual references (several replaced by WebCryptik User’s Guide) and revalidation scenario references.
  • W.1 Assurance of the Validity of a Public Key for SSP establishment – IG Withdrawn.
  • 2.3.B Sub-Chip Cryptographic Subsystems – Updated Note 2 references to TE02.13.03. Removed porting guidance (moved to FIPS 140-3 Management Manual Section 7.1). Added Additional Comment #3 on validation status.
  • 2.3.C Processor Algorithm Accelerators (PAA) and Processor Algorithm Implementation (PAI) – Fixed PAA/PAI bulleted examples.
  • 4.1.A Authorised Roles – Added SP 800-90B under Resolution b. Added Additional Comments #6, #7, and #8.
  • 5.A Non-Reconfigurable Memory Integrity Test – Added reference to TE02.03.02 in the Resolution.
  • 9.3.A Entropy Caveats – Updated caveats to include “(e.g., keys)” in the SSP references.
  • 10.3.A Cryptographic Algorithm Self-Test Requirements – Added SP 800-208 self-test requirements (Note: SP 800-208 algorithms can only be used in the approved mode if certified by the CAVP, once testing becomes available). Clarified SP 800-90B self-tests are considered CASTs. Clarified self-test requirements for algorithms whose output vary for a given set of inputs. Added SSH KDF and IKE KDF self-tests when used within an approved KAS. Aligned vendor affirmed self-test guidance with FIPS 140-3 Management Manual. Updated Additional Comment #1 on the key-pair PCT requirements.
  • C.H Key/IV Pair Uniqueness Requirements from SP 800-38D – Added references to DTLS 1.2 in Scenario 1.
  • D.F Key Agreement Methods – Added Additional Comment #11 to clarify CVL KDF CAST requirements.
  • D.H Requirements for Vendor Affirmation to SP 800-133 – Added Additional Comment #5 on CAST requirements.
  • D.K Interpretation of SP 800-90B Requirements – Added headers to group the Resolutions and added Resolution 19 on full entropy. Added requirements when a DRBG is considered a conditioning component (updates to Resolution 5 and Resolution 7 Note 1).
  • D.Q Transition of the TLS 1.2 KDF to Support the Extended Master Secret – Updated Additional Comment #1 on TLS 1.0 and TLS 1.1 KDFs and their transition when using the extended master secret.

[10-07-2022]

Updated Guidance:

  • 2.3.C  PAA and PAIs -  Clarified the testing requirements when a module incorporates PAA or PAI functionality.  Updated known PAA/PAIs.
  • 9.3.A Entropy Caveats - Added Additional Comment #7 on claiming multiple scenarios from this IG, and added Additional Comment #8 on which scenarios require an entropy assessment report. 
  • C.F Approved Modulus Sizes for RSA Digital Signature - Clarified algorithm status and requirements for RSA Signature Verification for both FIPS 186-2 and FIPS 186-4.

[05-16-2022]

New Guidance:

  • D.Q Transition of the TLS 1.2 KDF to Support the Extended Master Secret
  • D.R Hash Functions Acceptable for Use in the SP 800-90A DRBGs

Updated Guidance:

  • 3.4.A Trusted Channel – Removed Additional Comment #2 as this is appropriate for FIPS 140-2, but does not align with requirements of ISO/IEC 19790:2012 Section 7.9.5 and IG 9.5.A.
  • 9.5.A SSP Establishment and SSP Entry and Output – Added parenthesis in Resolution to highlight the fact that there are differences in requirements between CSPs that are keys versus non-keys. 

[03-14-2022]

Updated Guidance:

  • 2.4.A Definition and Use of a non-Approved Security Function – Added “with no security claimed” to the examples subtitle for clarity.  Small editorial change in the Resolution to reference the correct algorithm table in SP 800-140B.  Added a footnote to MD5.
  • 2.4.B Tracking the Component Validation List – Added vendor affirmation of a SRTP KDF implementation.

[11-05-2021]

New Guidance:

    • D.P SP 800-56Crev2 One-Step Key Derivation Function Without a Counter

Updated Guidance:

    • Added a space to all ENT entries to ENT (P) or ENT (NP).
    • 2.4.B Tracking the Component Validation List – Added references to SP 800-56Arev3 for the ECC-CDH primitive CVL in Resolution #1.
    • 2.4.A Definition and Use of a non-Approved Security Function – Synchronized minor text in the Resolution to be consistent with IG 1.23 (FIPS 140-2).  Clarified XOR example with a note.  Added Additional Comment #2 to further clarify when a vendor can apply this IG.
    • 10.3.A Cryptographic Algorithm Self-Test Requirements – Spelled out the ENT self-test requirements to avoid ambiguity.
    • C.F Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 – Added Table 1 with a more relaxed upper bound limit and introduced supporting text including adding two new Additional Comments.  Clarified the minimum number of the Miller-Rabin tests. Cleaned up old text in the Additional Comments.
    • D.C References to the Support of Industry Protocols – Included guidance on the use of AES-CBC-MAC within OTAR.
    • D.J Entropy Estimation and Compliance with SP 800-90B – Added Additional Comment #10 to clarify when other parties can write a labs’ entropy source description and its heuristic entropy analysis.
    • D.L Critical Security Parameters for the SP 800-90A DRBGs – Added Additional Comment on the CTR_DRBG without a derivation function.

[08-30-2021]

New Guidance:

  • 10.3.D Error Logging
  • 10.3.E Periodic Self-Testing
  • E.A Applicability of Requirements from SP 800-63B

Updated Guidance:

  • 5.A Non-Reconfigurable Memory Integrity Test – Incorporated end of life procedures.

[05-04-2021]

New Guidance:

    • 2.4.C Approved Security Service Indicator
    • 9.7.B Indicator of Zeroization
    • 10.3.C Conditional Manual Entry Self-Test Requirements
    • 11.A CVE Management
    • 12.A Mitigation of Other Attacks
    • D.O Combining Entropy from Multiple Sources

Updated Guidance:

    • 3.4.A Trusted Channel – clarified in the last bullet in Resolution 2 that the operator must stay in control over the physical path and prevent any unauthorized tampering.
    • 4.1.A Authorised Roles - Clarified the requirements of the text “or other services that do not affect the security of the module”.
    • 10.3.A Cryptographic Algorithm Self-Test Requirements – Updated to remain consistent with FIPS 140-2 IG 9.4. Also, clarified self-test rules around the PBKDF Iteration Count parameter.
    • C.H Key/IV Pair Uniqueness Requirements from SP 800-38D - Removed Scenario 2’s second and fourth bullets and added the reasoning as Additional Comment #4.
    • D.F Key Agreement Methods - Removed Additional Comment 10 since SP 800-56Arev3 testing is available and therefore vendor affirming to this standard is not permitted.
    • D.G Key Transport Methods - Added “if applicable” for key confirmation under the first approved method.
    • D.J Entropy Estimation and Compliance with SP 800-90B - Updated to align ENT references with that of IG D.O.

[09-21-2020]

The first release of the FIPS 140-3 Implementation Guidance document was published on September 21, 2020. This release incorporates 41 IGs, down from the 104 IGs currently in FIPS 140-2 IG document. Many of the IGs were no longer required as they were incorporated into ISO/IEC 19790, ISO/IEC 24759, and the SP 800-140x documents. Many thanks to those who helped identify, draft, review, and publish this new CMVP document.

Created October 11, 2016, Updated February 28, 2024