Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

This is an archive
(replace .gov by .rip)

Cryptographic Module Validation Program

Implementation Guidance Announcements

2019

 

[05-07-2019] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • ​​​​New Guidance:
    • IG 7.18 - Entropy Estimation and Compliance with SP 800-90B
  • Updated Guidance:
    • IG G.13 - Instructions for Validation Information Formatting - Added the new "ENT" entry for 90B compliant modules per IG 7.18 Entropy Estimation and Compliance with SP 800-90B.
    • IG 7.14 - Entropy Caveats - Added additional comment #5 to address the caveat required when a module generates random strings that are not keys, or generates both strings and keys. Added additional comment #6 to address the case where two entropy caveats can be applied, but only the stronger caveat is required.
    • IG 7.15 - Entropy Assessment - Added a reference to the IG 7.18 Entropy Estimation and Compliance with SP 800-90B.

 

[02-07-2019] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • Updated Guidance:
    • IG 2.1 - Updated to allow enforcement of the Trusted Path by applying cryptographic protection.  Updated to explain the applicability of FIPS 140-2 Sections 4.2 and 4.7 to the input and output requirements for keys and CSPs. Updated documentation requirements when claiming the Trusted Path.

2018

[11-30-2018] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • Updated Guidance:
    • General: changed all references of Communications Security Establishment (CSE) to Canadian Centre for Cyber Security (CCCS).
    • IG G.2 - Completion of a test report: Information that must be provided to NIST and CCCS – Added acceptance of draft certificate submissions from the CST lab to the CMVP in the RTF format (but still recommending DOC or DOCX formatting).
    • IG G.13 - Instructions for Validation Information Formatting – Added a certificate caveat example to Section 4 starting with “When installed, initialized and configured…”. Also updated footnotes in Section 10 for clarity on CVL references and removed the text “allowed in approved mode” since it is already understood that these algorithms are allowed in FIPS mode. Additionally, corrected the Triple-DES example in Section 10 to reference an approved certificate. Finally, updated Section 8 to require the tested processor(s) within the Configuration field on the Certificate with examples.
    • IG G.17 - Remote Testing for Software Modules – Updated Resolution bullet 2 to specify that cloud environments are prohibited specifically for 3rd party vendors where the lab does not have control of the environment for testing.
    • IG 1.21 - Processor Algorithm Accelerators (PAA) and Processor Algorithm Implementation (PAI) – Added two SHA extensions for Intel and AMD processors.
    • IG 9.4 - Known Answer Tests for Cryptographic Algorithms – Added clarity on self-test requirements for algorithms that are symmetric that implement multiple modes, CVLs, KBKDF and vendor-affirmed. Added references to IG A.11 and IG A.15 for additional self-test requirements. Reiterated general self-test requirements for all approved algorithms and modes. Removed references to IG 9.1, 9.2 and 9.6. Removed the rationale in the Additional Comments.
    • IG 9.11 - Reducing the Number of Known Answer Tests – Added a paragraph in the Resolution explaining: when an algorithm can or cannot take advantage of IG 9.11 provisions; how embedded algorithms fit into IG 9.11; and added an effective date of this guidance.
    • IG 14.5 - Critical Security Parameters for the SP 800-90 DRBGs – Removed Additional Comment #2 as “full entropy”, in this context, is an unreasonable expectation.

[05-25-2018] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • Updated Guidance:
    • IG G.8 Revalidation Requirements – Removed the “2 year” limitation on 3sub revalidations, which stated that modules on the historical list could not be submitted as a 3sub if the module’s sunset date exceeded 2 years.  Now, modules that are Active or Historical are eligible for scenario 3 revalidation without this limitation. 
    • IG 9.11 Reducing the Number of Known Answer Tests – Changed the “type” of the parameter that “remembers” that self-tests were run successfully on a specific environment, from a CSP, to something that is treated the same as a public key, in which case the integrity of this parameter is assured by the module.

 

[03-27-2018] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • Updated Guidance:
    • G.8 Revalidation Requirements - Updated to add Alternative Scenario 3A (allowing vendors to submit module revalidations based on CVE patches).
    • G.13 - Instructions for Validation Information Formatting - Updated to add clarification on how to document the binding module algorithm certificate.  The same rules that apply to an embedding module also applies to a binding module.
    • 9.1 Known Answer Test for Keyed Hashing Algorithm – Updated to align with IG 9.4 and IG 9.11. Also, added clarification on HMAC self-testing with additional examples and comments.
    • 9.2 Known Answer Test for Embedded Cryptographic Algorithms – Updated to align with IG 9.11. Also, removed obsolete material (such as self-testing the embedded algorithms by means of the RNG KATs where the RNGs are no longer approved).
    • A.13 SP 800-67rev1 Transition - Updated to incorporate the latest requirements for the published SP 800-67rev2 standard.

[01-19-2018] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • Updated Guidance:
    • G.13 Instructions for Validation Information Formatting – Removed non-SP-800-38F compliant key wrapping methods from the allowed algorithm listing per SP 800-131A transition.  Added allowed non-SP-800-38F compliant key unwrapping examples.
    • ​D.9 Key Transport Methods  – Removed non-SP-800-38F compliant key wrapping methods from the allowed algorithm section per SP 800-131A transition.  Added two additional comments for clarity on SP 800-131A transition and KTS implementations.

 

[01/10/18] Annex A for FIPS PUB 140-2 has been updated.

2017

[12-04-2017] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • New Guidance:
    • IG 9.12 Integrity Test Using Sampling
    • IG 9.13 Non-Reconfigurable Memory Integrity Test
    • IG A.15 Vendor Affirmation for the SP 800-185 Algorithms​
  • Updated Guidance:
    • G.8 Revalidation Requirements - added notes about which scenarios should be included on the MIP list. Also updated scenario 2 to allow for modules on the Historical list to be validated via this scenario.
    • G.13 Instructions for Validation Information Formatting – added a caveat example when a module implements a DRBG but does not meet IG 7.14 and IG 7.15 requirements.
    • A.5 Key/IV Pair Uniqueness Requirements from SP 800-38D – added bullet 4 in scenario 2 requiring the module to meet IG 7.15 for the strength of the IV.
    • Revised entire IG for grammatical and formatting inconsistencies.

[09-11-2017] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • Minor editorial non-technical updates

[08-07-2017] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • New Guidance:
    • G.17: Remote Testing for Software Modules
    • 9.11: Reducing the Number of Known Answer Tests
    • 1.23: Definition and Use of a non-Approved Security Function
    • A.14: Approved Modulus Sizes for RSA Signature and Other Approved Public Key Algorithms
  • Updated Guidance:
    • G.13: Validation Certificate Formatting
    • 3.1: Authorized Roles
    • 9.9: Pair-Wise Consistency Self-Test When Generating a Key Pair
    • 14.1: Level of Detail When Reporting Cryptographic Services
    • 14.4: Operator Applied SecurityAppliances
    • A.2: Use of non-NIST Recommended Elliptic Curves
    • A.5: Key/IV Pair Uniqueness Requirements for SP 800-38D
    • A.11: The Use and the Testing Requirements for the Family of Functions defined in FIPS 202
    • A.13: SP 800-67rev1 Transition
    • D.2: Acceptable Key Establishment Protocols

[06/13/17] Annex A for FIPS PUB 140-2 has been updated.

  • Updated Guidance:
    • 9.9 Pair-Wise Consistency Self-Test When Generating a Key Pair – the scope is limited to the pair-wise consistency tests for keys used in RSA signature and RSA key transport schemes and removed “allowed” provision.

[05-10-2017] Annex A for FIPS PUB 140-2 has been updated.

  • New Guidance:
    • A.13 SP 800-67rev1 Transition
    • D.13 Elliptic Curves and the MODP Groups in Support of Industry Protocols
       
  • Updated Guidance:
    • G.8 Revalidation Requirements – added definition for scenario 2.
    • G.13 Validation Certificate Formatting – removed non-approved algorithms from the validation certificate, added examples for key establishment and included formatting instructions for virtual environments.
    • G.14 Validation of Transitioning Cryptographic Algorithms and Key Lengths,
      • 7.5 Strength of Key Establishment Methods,
      • A.11 The Use and the Testing Requirements for the Family of Functions defined in FIPS 202,
      • D.8 Key Agreement Methods,
      • D.11 References to the Support of Industry Protocols
        removed references to certificate formatting for non-approved algorithms.
    • 3.1 Authorized Roles – addressed relationship between authorized roles and operator authentication.
    • 3.4 Multi-Operator Authentication – resolve a conflict between IG 3.1 and IG 3.4.
    • A.8 Use of a Truncated HMAC – updated text, clarified examples and incorporated SP 800-107rev1 for all uses of a message authentication code.
    • D.9 Key Transport Methods – updated to explain that all approved key transport schemes shall use the KTS acronym and to allow an unwrapping of a key past the 2017 transition deadline.

[04-25-2017] Annex A for FIPS PUB 140-2 has been updated.

  • Updated Guidance:
    • D.12 Requirements for Vendor Affirmation to SP 800-133 – clarified some of the provisions.

[04-17-2017] Annex A for FIPS PUB 140-2 has been updated.

  • Updated Guidance:
    • 1.21 Processor Algorithm Accelerators (PAA) & Processor Algorithm Implementation (PAI) – add PAI where an accelerated function to support cryptographic algorithms is deemed to be the complete cryptographic algorithm and updated the list of known PAAs and PAIs.

[02-06-2017] Annex A for FIPS PUB 140-2 has been updated.

  • Updated Guidance:
    • 1.20 Sub-Chip Cryptographic Subsystems – updated 1.20 and 7.7 to resolve the asymmetric treatment of CM software and CM hardware.
      7.7 Key Establishment and Key Entry and Output – updated 1.20 and 7.7 to resolve the asymmetric treatment of CM software and CM hardware.
      D.11 References to the Support of Industry Protocols – clarified items 2 and 3.

For older announcements, see the Announcements Archive.

Created October 11, 2016, Updated May 08, 2019