U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

SP 800-140D Rev. 1 (Draft)

CMVP Approved Sensitive Parameter Generation and Establishment Methods: CMVP Validation Authority Updates to ISO/IEC 24759 (2nd Draft)

Date Published: February 10, 2022
Comments Due: March 25, 2022 (public comment period is CLOSED)
Email Questions to: sp800-140-comments@nist.gov

Author(s)

Kim Schaffer (NIST)

Announcement

The NIST Special Publication (SP) 800-140x series supports Federal Information Processing Standards (FIPS) Publication 140-3, Security Requirements for Cryptographic Modules, and its associated validation testing program, the Cryptographic Module Validation Program (CMVP). The series specifies modifications to ISO/IEC 19790 Annexes and ISO/IEC 24759 as permitted by the validation authority.

Revisions of the following subseries publications are now available for public comment:

  • Second Draft NIST SP 800-140C Rev. 1, CMVP Approved Security Functions: CMVP Validation Authority Updates to ISO/IEC 24759
  • Second Draft NIST SP 800-140D Rev. 1, CMVP Approved Sensitive Security Parameter Generation and Establishment Methods: CMVP Validation Authority Updates to ISO/IEC 24759

These documents introduce the naming conventions that will be used for validation submissions and certificates. In addition, the following four standards are being added: SP 800-208, Stateful Hash-Based Signature Schemes (October 2020), SP 800-133 Rev.2, Recommendation for Cryptographic Key Generation (June 2020), SP 800-56C Rev. 2, Recommendation for Key-Derivation Methods in Key-Establishment Schemes (August 2020), RFC 8446, The Transport Layer Security (TLS) Protocol Version 1.3, Section 7.1 (August 2018).

Abstract

Keywords

Cryptographic Module Validation Program; CMVP; FIPS 140 testing; FIPS 140-3; ISO/IEC 19790; testing requirement; vendor evidence; vendor documentation; ISO/IEC 24759; sensitive security parameter establishment methods; sensitive security parameter generation
Control Families

None selected

Documentation

Publication:
SP 800-140D Rev. 1 (Draft) (DOI)
Local Download

Supplemental Material:
None available

Document History:
08/20/21: SP 800-140D Rev. 1 (Draft)
02/10/22: SP 800-140D Rev. 1 (Draft)
05/20/22: SP 800-140D Rev. 1 (Final)

Topics

Security and Privacy
cryptography; testing & validation