Search CSRC

The final version of NIST Special Publication (SP) 800-140Br1 (Revision 1), CMVP Security Policy Requirements: CMVP Validation Authority Updates to ISO/IEC 24759 and ISO/IEC 19790 Annex B, is now available.

The second public draft of NIST Special Publication (SP) 800-140Br1 (Revision 1), CMVP Security Policy Requirements: CMVP Validation Authority Updates to ISO/IEC 24759 and ISO/IEC 19790 Annex B, is now available for public comment. The comment period closes on December 5, 2022.

The initial public draft of NIST Special Publication (SP) 800-140Br1 (Revision 1), CMVP Security Policy Requirements: CMVP Validation Authority Updates to ISO/IEC 24759 and ISO/IEC 19790 Annex B, is now available for public comment. Deadline to submit comments is July 12, 2022.

Second Drafts of NIST SP 800-140C/D Rev. 1 Available for Comment until March 25, 2022.

NIST has posted three draft revisions of SP 800-140C/D/F, specifying CMVP Validation Authority updates to ISO/IEC 24759, for public comment. The comment period closes September 20, 2021.

NIST has published seven documents in the SP 800-140x subseries--supporting documents for FIPS 140-3 and the Cryptographic Module Validation Program.

NIST has released the Draft Special Publication (SP) 800-140x subseries for public comment. They directly support FIPS 140-3 and the Cryptographic Module Validation Program (CMVP). Comments are due by December 9, 2019.

NIST has published revisions of two Special Publications (SP) that identify security functions and sensitive security parameter generation and establishment methods allowed within the context of the Cryptographic Module Validation Program (CMVP).

Conference: 13th International Workshop on Post-Quantum Cryptography (PQCrypto 2022) Abstract: SPHINCS+ is a stateless hash-based signature scheme that has been selected for standardization as part of the NIST post-quantum cryptography (PQC) standardization process. Its security proof relies on the distinct-function multi-target second-preimage resistance (DM-SPR) of the underlying keyed hash...

Conference: 11th International Conference on Cryptology (INDOCRYPT 2010) Abstract: In this paper we propose a new sequential mode of operation – the Fast wide pipe or FWP for short – to hash messages of arbitrary length. The mode is shown to be (1) preimage-resistance preserving, (2) collision-resistance-preserving and, most importantly, (3) indifferentiable from a random oracle u...

The following table summarizes the SP 800-140x series publications and their relationships to ISO/IEC 19790:2012(E) and ISO/IEC 24759:2017(E). The sub-pages of this webpage provide the supplemental information associated with that SP 800-140x document. NIST Special Publications (SPs) that Modify ISO/IEC Standards NIST SP Title ISO/IEC 19790:2012(E) ISO/IEC 24759:2017(E) SP 800-140 FIPS 140-3 Derived Test Requirements (DTR) modifies -- §6.1 through §6.12 SP 800-140A...

Short URL: https://csrc.nist.gov/projects/cmvp/sp800-140c The following information is referenced from Section 6.2, Approved Security Functions, of NIST SP 800-140Cr2. Transitions | Block Cipher | Digital Signature | Secure Hash Extendable Output Functions | Message Authentication | Entropy Source DRBG | Other Security Functions | Change Log 6.2.1 Transitions Barker EB, Roginsky AL (2019) Transitioning the Use of Cryptographic Algorithms and Key Lengths. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-131A, Rev. 2....

Short URL: https://csrc.nist.gov/projects/cmvp/sp800-140d The following information is referenced from Section 6.2, Sensitive security parameter generation and establishment methods, of NIST SP 800-140Dr2. Transitions | Symmetric Key Gen. | Key-Based Key Derivation Password-Based Key Deriv. | Asymmetric Key-Pair Gen. Key Agreement | Key Agreement Key Deriv. | Protocol-Suite Key Deriv. Key Transport | Entropy Source | DRBG | Other SSPEM | Change Log 6.2.1 Transitions Barker EB, Roginsky AL (2019) Transitioning the Use of Cryptographic Algorithms and Key Lengths. (National Institute of...

Short URL: https://csrc.nist.gov/projects/cmvp/sp800-140b This page provides information related to preparing, submitting, coordinating, and finalizing a module for the CMVP. These are the how-to processes and procedures used at the point a CMVP lab has completed testing and is ready to create and submit the package. Module Package Creation Module Information Structure (MIS) Resources To facilitate automated verification and processing of the modules, much of the information needs to be submitted in a structured and organized format. The CMVP uses JSON as the submission format to...

Abstract: This report focuses on the NIST-recommended block cipher modes of operation specified in NIST Special Publications (SP) 800-38A through 800-38F. The goal is to provide a concise survey of relevant research results about the algorithms and their implementations. Based on these findings, the report co...

Abstract: The protection of Controlled Unclassified Information (CUI) resident in nonfederal systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the Federal Government to successfully conduct its essential missions and functions. This publication pro...

Journal: Digital Investigation Abstract: Any investigation can have a digital dimension, often involving information from multiple data sources, organizations and jurisdictions. Existing approaches to representing and exchanging cyber-investigation information are inadequate, particularly when combining data sources from numerous organizat...

Abstract: This is a brief introduction on how to run the Python command-line programs (hosted on GitHub at https://github.com/usnistgov/SP800-90B_EntropyAssessment) that implement the statistical entropy estimation methods found in Section 6 of the Second Draft NIST SP 800-90B (January 2016). It is not a desc...

Abstract: This is a brief introduction on how to run the Python command-line programs (hosted on GitHub at https://github.com/usnistgov/SP800-90B_EntropyAssessment) that implement the statistical entropy estimation tests found in Section 9 of the Draft NIST SP 800-90B (August 2012). It is not a description or...

Abstract: This bulletin summarizes the information that is included in revised Federal Information Processing Standard 180-4, Secure Hash Standard. The revised standard, announced in a March 6, 2012, Federal Register notice, was approved by the Secretary of Commerce to replace an earlier standard, FIPS 180-3....

Abstract: This bulletin summarizes the information presented in NIST Special Publication (SP) 800-126 Rev. 2, The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2. This publication was written by David Waltermire and Stephen Quinn of NIST, Karen Scarfone of Scarfon...

Journal: Journal of Systems Architecture Abstract: The ability to control access to sensitive data in accordance with policy is perhaps the most fundamental security requirement. Despite over four decades of security research, the limited ability for existing access control mechanisms to generically enforce policy persists. While researchers, practi...

Conference: Sixth International Conference on Information Assurance and Security (IAS 2010) Abstract: Attribute relations in access control mechanisms or languages allow accurate and efficient specification of some popular access control models. However, most of the access control systems including today s de-facto access control protocol and specification language, XACML, does not provide sufficien...

Abstract: The objective of this document is to provide test requirements and test assertions that could be used to validate the compliance/conformance of two PIV components: PIV middleware and PIV card application with the specification in NIST SP 800-73-3, Interfaces for Personal Identity Verification.

Conference: 13th World Multi-Conference on Systemics, Cybernetics and Informatics (WMSCI 2009) Abstract: Deployment of smart cards as identity tokens (Smart ID Cards) requires the support of an enterprise system called Identity Management System (IDMS) for collection, storage, processing and distribution of personal identity credentials. Secure configuration of IDMS for this application domain (IDMS-SC...