Search CSRC

Linux Devices.com is a comprehensive webpage with information on current open source coding projects for linux systems, quick references to Linux code in different programming languages, and user/developer forums. Handhelds.org has quick links to every aspect of programming on PDAs. The site features "How to" files, open source code, Linux release downloads, and easy references to many other resources. Also at Handhelds.org is the new Linux Familiar release. Familiar now features a multi-user capacity for Linux based PDAs. For information on the known security issues on Palm powered PDAs...

The UMBC Agent Web has information and resources about intelligent information agents, intentional agents, software agents, softbots, knowbots, infobots, etc. The Mobile Agent Security Bibliography contains a good collection of reference manuscripts on mobile agent security maintained by the developers of Mole. The Annotated Bibliography on Mobile Agent Security contains another collection of references and links to mobile agent security documents organized under various themes. The Mobility Mailing list has been set up to discuss all things pertaining to mobile code, objects, agents and...

[01-30-17] -- New release of the CAVS algorithm validation testing tool to the CST Laboratories (CAVS21.2). The following modifications have been made: CAVS would become unresponsive if Modify New Submission was selected several times. This has been corrected. On the Modify New Submission screen, some words were not displayed fully. This has been corrected. The algorithm validation numbers are now checked to assure they are numeric. If they are not, an error message is displayed. When preparing change request, if any information was updated EXCEPT the implementation type...

July [07-06-16]--Updated Triple DES sample files to remove encrypytion with keying option 2 and to correct the values for OFB-I Monte Carlo. [07-06-16]--New release of the CAVS algorithm validation testing tool to the CST Laboratories (CAVS20.2). The following modifications have been made: Corrected bug in TDES OFB-I Monte Carlo test. KAS ECC values were reported for keys shorter than expected. Corrected. KAS FFC Header [HMAC SHAs supported was missing ending]. Corrected. KAS ECC Header when EE parameter set selected [SHA(s) supported (Used in the KDF function): was missing...

December [12-29-15]--New release of the CAVS algorithm validation testing tool to the CST Laboratories (CAVS18.0). Contains changes to the testable functions in some of the approved cryptographic algorithms to reflect the transition to the use of stronger cryptographic keys and more robust algorithms (as recommended in NIST SP800-131A Revision 1 Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths) effective January 1, 2016. It also includes several corrections to existing bugs. The following changes have been made : SP800-131A Revision 1...

December [12-23-14] -- Updated SP800-56A Key Agreement Schemes (KAS) Test Vectors. [12-8-14] -- CAVP request that CST Laboratories assure the accuracy of the vendor and implementation information given for cryptographic algorithm implementation validation requests; i.e., Vendor URL, etc. [12-8-14] -- New release of the CAVS algorithm validation testing tool to the CST Laboratories (CAVS17.4). The following modifications have been made: SP800-38F:A  Error corrected in authenticatedDecryptionTest SP800-135: IKEv2 minimum for nonce and payload should be 128 bits instead of 64 bits...

December [12-12-13] -- New release of the CAVS algorithm validation testing tool to the CST Laboratories (CAVS16.0). contains changes to the testable functions in some of the approved cryptographic algorithms to reflect the transition to the use of stronger cryptographic keys and more robust algorithms (as recommended in NIST SP800-131A Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths) effective January 1, 2014. The following changes have been made : DSA (Refers to FIPS 186-2) Removed DSA tab. PQG Generation, Key Pair Generation, and...

December [12-18-12] -- New release of the CAVS algorithm validation testing tool to the CST Laboratories (CAVS14.2). This version of the CAVS tool addresses minor updates: KAS ECCCDH Primitive Component: Modified code that creates txt file for website to include IUT's private key in the file. KAS ECCCDH Primitive Component: ECCCDH Primitive Verify was erroneously requiring SHA as a prerequisite. ECCCDH Primitive Compoent testing does not require any prerequisites. This has been corrected. KASECC: Changed the IDD-KASPREREQUISITESECC screen. Indicates that ECDSA PKV is not needed...

[09-8-11] -- New release of the CAVS algorithm validation testing tool to the CST Laboratories (CAVS11.5). This version of the CAVS tool addresses: 186-3 RSA - Corrected bug in file formatting of RSA Key Generation using Random Primes that are Probably Prime (B.3.3) that was causing the verification of the file to fail. In 186-3 RSA Signature Verification, added the ability for the IUT to indicate they only support fixed pubic key e values. If they indicate they only support fixed public key values, they must enter at least one value for the public key. They may enter up to 2 values to be...

[06-07-10] -- New release of the CAVS algorithm validation testing tool to the CST Laboratories (CAVS10.1). This version of the CAVS tool addresses a correction to the Key Agreement Schemes ECC with No Key Confirmation (KAS ECC No KC) screen. (When parameter set EA was selected, the radio button for the curve size would only allow P-192 to be selected.) This has been corrected. The transition period ends September 7, 2010. As has been the policy in the past: EFFECTIVE IMMEDIATELY on any new validation requests for implementations of TDES, AES, 186-2 DSA, SHA, RNG, RSA, HMAC, CCM, 186-2...

September [09-17-09] -- New release of the CAVS algorithm validation testing tool to the CST Laboratories (CAVS8.1). This version of the CAVS tool addresses several minor modifications and enhancements to CAVS including the Addition of a cover letter template, the addition of more efficient elliptic curve routines for NIST binary (e.g.., B-163 and K-571) curves, and the modification of several minor issues. The transition period ends December 17, 2009. As has been the policy in the past: EFFECTIVE IMMEDIATELYA on any new validation requests for implementations of TDES, AES, DSA,...

[12-24-2008] -- New release of the CAVS algorithm validation testing tool to the CMT Laboratories (CAVS7.0). Version 7.0 of the CAVS tool adds testing for NIST SP 800-56A Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography and NIST SP 800-38D Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC. In addition, file formating changes have been made to the CCM Decrypt-Verification Process Test. The transition period ends March 24, 2009. As has been the policy in the past: For any algorithm validation request where...

2007 [11-15-2007] -- New release of the CAVS algorithm validation testing tool to the CMT Laboratories (CAVS6.0). Verison 6.0 of the CAVS tool adds testing for NIST SP 800-90 Deterministic Random Bit Generators. The transition period ends February 15, 2008. As has been the policy in the past: For any algorithm validation request where a lab has used a previous version of CAVS to create files and has already sent the sample and request files to the vendor, NIST will accept validations using this tool up through February 15, 2008. The tool used to generate the files must be used to...

Algorithm Specifications Algorithm specifications for Key Agreement Schemes and Key Confirmation (SP800-56A) are available from the Cryptographic Toolkit. Algorithm Validation Testing Requirements The algorithm validation testing requirements for SP 800-56A are specified in: The KAS Validation System (KASVS) Testing Notes Prerequisites for KAS testing are listed in the CAVP Frequently Asked Questions (CAVP FAQ) General Question GEN.5. Test Vectors Use of these test vectors does not replace validation obtained through the CAVP. The test vectors linked below can be used...

The MIP list contains cryptographic modules on which the CMVP is actively working. For a module to transition from Review Pending to In Review, the lab must first pay the NIST Cost Recovery fee, and then the report will be assigned as resources become available. The validation process is a joint effort between the CMVP, the laboratory and the vendor and therefore, for any given module, the action to respond could reside with the CMVP, the lab or the vendor. The various circumstances that can trigger "On Hold" are stated in the FIPS 140-3 Management Manual, Section 4.4.3. This list does not...

The IUT list is provided as a marketing service for vendors who have a viable contract with an accredited laboratory for the testing of a cryptographic module, and the module and required documentation is resident at the laboratory.  The CMVP does not have detailed information about the specific cryptographic module or when the test report will be submitted to the CMVP for validation. When the lab submits the test report to the CMVP, the module will transition from the IUT list to the MIP list. If you would like more information about a specific cryptographic module or its schedule, please...

2016 [Updated 12-19-2016] -- Module Drop Policy Effective July 1, 2017, the CMVP will automatically drop modules in IUT after 18 months. Effective January 1, 2018, the CMVP will drop modules that have not been validated within 2 years of submission or IUTB, whichever occurred first. When the module is dropped, the vendor and lab will have to restart the validation process by sending an updated submission and paying a new cost recovery fee at the current rate. [Updated 06-01-2016][11-12-2015] -- Validation Sunsetting Policy The CMVP is adopting a five year validation...

2013 [04-05-2013] -- The First International Cryptographic Module Conference Bringing experts together from around the world to confer on the topic of cryptographic modules. Discussion on technical topics underlying the implementation of a cryptographic module including physical security, key management, side-channel analysis, key management, cryptographic algorithm implementation testing, standardization (FIPS 140-2, ISO/IEC 19790), validation programs and more. September 24-26, 2013 in Gaithersburg, MD. Registration February through August 2013. Details at: ICMC 2013 2012...

2007 [11-30-2007] -- Non-Compliance update to Certificate #733 RNG (Cert. #216) changed to non-compliant. This RNG shall not be used for any services requiring the use of random bits. [10-12-2007] -- Federal Register Notice DEPARTMENT OF COMMERCE National Institute of Standards and Technology Docket No. 070321067–7068–01 Public Draft of Federal Information Processing Standard (FIPS) 140-3, a revision of FIPS 140-2, Security Requirements for Cryptographic Modules AGENCY: National Institute of Standards and Technology (NIST), Department of Commerce. ACTION: Public comment period...

2018-2017 Announcements Archive 2018 [11-30-2018] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated. Updated Guidance: General: changed all references of Communications Security Establishment (CSE) to Canadian Centre for Cyber Security (CCCS). IG G.2 - Completion of a test report: Information that must be provided to NIST and CCCS – Added acceptance of draft certificate submissions from the CST lab to the CMVP in the RTF format (but still recommending DOC or DOCX formatting). IG G.13 - Instructions for Validation...

POSTED December 13, 2013 -- Draft NIST Interagency Report 7863, Cardholder Authentication for the PIV Digital Signature Key is available for public comment. NIST is pleased to announce that Draft NIST Interagency Report 7863, Cardholder Authentication for the PIV Digital Signature Key, is available for public comment. NISTIR 7863 provides clarification for the requirement in FIPS 201-2 that a PIV cardholder perform an explicit user action prior to each use of the digital signature key stored on the card. NIST requests comments on NISTIR 7863 by 5:00pm EST on January 17, 2014. Please submit...

POSTED November 30, 2007: NIST Interagency Report 7452: Secure Biometric Match-on-Card Feasibility Report (NIST IR 7452) NIST is pleased to announce the release of NIST Interagency Report 7452, Secure Biometric Match-on-Card Feasibility Report. NIST conducted the feasibility study to understand the effects of combining asymmetric cryptography with Biometric Match-on-Card. The report describes the tests that were conducted to obtain timing metrics for the SBMOC transaction and provides a summary of the test results. POSTED October 4, 2007: Draft Special Publication 800-73-2, Interfaces...

NIST SP 800-116 been updated to Revision 1 to align with FIPS 201-2. High-level changes include: Update to section 4.4 (previously section 7.1) to reflect the FIPS 201-2 requirements for credential validation. Reflection of the FIPS 201-2 deprecation of CHUID authentication mechanism throughout the document. Reflection of the downgrade of VIS authentication mechanism to LITTLE or NO” confidence in cardholder’s identity. Removal of the CHUID +VIS authentication mechanism from the list of recommended authentication mechanisms. Addition of a new appendix titled “Improving Authentication...

DISCLAIMER: The pre-validation list is provided for information purposes only. Participation on the list is voluntary and is a joint decision by the vendor and the NPIVP test facility. Products are listed alphabetically by vendor name. Posting on the list does not imply guarantee of final validation. The following phases describe the pre-validation process. The status of each product in the process is identified in the list.   PIV Card Application Testing in Progress There exists a viable contract between a vendor and a NPIVP testing facility for the testing of the vendor’s PIV card...

DISCLAIMER: The pre-validation list is provided for information purposes only. Participation on the list is voluntary and is a joint decision by the vendor and the NPIVP test facility. Products are listed alphabetically by name. Posting on the list does not imply guarantee of final validation. The following phases describe the pre-validation process. The status of each product in the process is identified in the list.   PIV Middleware Testing in Progress There exists a viable contract between a vendor and a NPIVP testing facility for the testing of the vendor’s PIV Middleware. The PIV...