On March 22, 2019, the Secretary of Commerce approved Federal Information Processing Standard (FIPS) 140-3, Security Requirements for Cryptographic Modules.
FIPS 140-3 includes references to two existing international standards:
As permitted by those standards, the NIST Special Publication (SP) series 800-140 will specify updates, replacements, or additions to the currently-cited ISO/IEC standard, as necessary. Those new SP 800-140 documents (currently under development) will consolidate implementation guidance and administrative guidance, and will be made available for public review and comment.
Here are some important milestones:
On August 12, 2015, a Federal Register Notice requested public comments on the potential use of ISO/IEC standards for cryptographic algorithm and cryptographic module testing, conformance, and validation activities that were specified in FIPS 140-2. NIST received comments from 17 entities. A summary of the comments is available in the May 1, 2019 Federal Register Notice announcing FIPS 140-3; the complete set of comments is also available on CSRC.
See the FIPS 140-3 Development project for additional details about the implementation of FIPS 140-3 and its supporting SP 800-140 publications.
Security and Privacy: cryptography, testing & validation
Technologies: hardware, software & firmware