NIST Special Publications (SP) 800-140 and -140A through -140F are now available. With the completion of these documents, the Cryptographic Module Validation Program (CMVP) is on track to begin accepting validation submissions for FIPS 140-3 in September 2020.
Federal Information Processing Standards Publication (FIPS) 140-3, Security Requirements for Cryptographic Modules, went into effect on September 22, 2019, permitting CMVP to begin accepting submissions from vendors under the new validation testing scheme in September 2020. The FIPS 140-3 standard introduces some significant changes. Rather than encompassing the module requirements directly, FIPS 140-3 references the International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 19790:2012, which specifies the cryptographic module requirements as well as the associated guidance issued through Annexes. The ISO/IEC 24759 extracts the requirements of ISO/IEC 19790, prescribing the vendor information and lab procedures needed to assure that the requirements are met.
The CMVP validation authority—comprised of the National Institute of Standards and Technology (NIST) and the Canadian Centre for Cyber Security—manages FIPS 140-3 validations. With permission granted by ISO/IEC 19790:2012 to validation authorities, the CMVP has created seven documents to manage the seven areas of allowed changes. The SP 800-140x subseries consists of the following:
Learn more about:
Security and Privacy: cryptography, testing & validation