Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 800-140B Rev. 1

Cryptographic Module Validation Program (CMVP) Security Policy Requirements: CMVP Validation Authority Updates to ISO/IEC 24759 and ISO/IEC 19790 Annex B

Date Published: November 2023

Supersedes: SP 800-140B (03/20/2020)


David Hawes (NIST), Alexander Calis (NIST), Roy Crombie (Canadian Centre for Cyber Security)



Cryptographic Module Validation Program; CMVP; FIPS 140 testing; FIPS 140; ISO/IEC 19790; ISO/IEC 24759; testing requirement; vendor evidence; vendor documentation; security policy
Control Families

None selected


Security and Privacy

cryptography, testing & validation