Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

SP 800-140F (DRAFT)

CMVP Approved Non-Invasive Attack Mitigation Test Metrics: CMVP Validation Authority Updates to ISO/IEC 24759:2014(E)

Date Published: October 2019
Comments Due: December 9, 2019
Email Comments to: sp800-140-comments@nist.gov

Author(s)

Kim Schaffer (NIST)

Announcement

NIST has released the following Draft NIST Special Publications (the SP 800-140x “subseries”) for public comment. They directly support Federal Information Processing Standards Publication (FIPS) 140-3, Security Requirement for Cryptographic Modules, and its associated validation testing program, the Cryptographic Module Validation Program (CMVP).

  • Draft SP 800-140, FIPS 140-3 Derived Test Requirements (DTR)
  • Draft SP 800-140A, CMVP Documentation Requirements
  • Draft SP 800-140B, CMVP Security Policy Requirements
  • Draft SP 800-140C, CMVP Approved Security Functions
  • Draft SP 800-140D, CMVP Approved Sensitive Parameter Generation and Establishment Methods
  • Draft SP 800-140E, CMVP Approved Authentication Mechanisms
  • Draft SP 800-140F, CMVP Approved Non-Invasive Attack Mitigation Test Metrics

Public comments are due December 9, 2019. Also see an overview of the transition to FIPS 140-3.

Abstract

Keywords

attack mitigation; Cryptographic Module Validation Program; CMVP; FIPS 140 testing; FIPS 140; ISO/IEC 19790; ISO/IEC 24759; non-invasive; testing requirement; vendor evidence; vendor documentation
Control Families

None selected

Documentation

Publication:
Draft SP 800-140F

Supplemental Material:
None available

Other Parts of this Publication:
SP 800-140 (DRAFT)
SP 800-140A (DRAFT)
SP 800-140B (DRAFT)
SP 800-140C (DRAFT)
SP 800-140D (DRAFT)
SP 800-140E (DRAFT)

Topics

Security and Privacy
cryptography; testing & validation