This is an archive
(replace .gov by .rip)

Cryptographic Module Validation Program CMVP

Announcements Archive

2018

[11-30-2018] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • Updated Guidance:
    • General: changed all references of Communications Security Establishment (CSE) to Canadian Centre for Cyber Security (CCCS).
    • IG G.2 - Completion of a test report: Information that must be provided to NIST and CCCS – Added acceptance of draft certificate submissions from the CST lab to the CMVP in the RTF format (but still recommending DOC or DOCX formatting).
    • IG G.13 - Instructions for Validation Information Formatting – Added a certificate caveat example to Section 4 starting with “When installed, initialized and configured…”. Also updated footnotes in Section 10 for clarity on CVL references and removed the text “allowed in approved mode” since it is already understood that these algorithms are allowed in FIPS mode. Additionally, corrected the Triple-DES example in Section 10 to reference an approved certificate. Finally, updated Section 8 to require the tested processor(s) within the Configuration field on the Certificate with examples.
    • IG G.17 - Remote Testing for Software Modules – Updated Resolution bullet 2 to specify that cloud environments are prohibited specifically for 3rd party vendors where the lab does not have control of the environment for testing.
    • IG 1.21 - Processor Algorithm Accelerators (PAA) and Processor Algorithm Implementation (PAI) – Added two SHA extensions for Intel and AMD processors.
    • IG 9.4 - Known Answer Tests for Cryptographic Algorithms – Added clarity on self-test requirements for algorithms that are symmetric that implement multiple modes, CVLs, KBKDF and vendor-affirmed. Added references to IG A.11 and IG A.15 for additional self-test requirements. Reiterated general self-test requirements for all approved algorithms and modes. Removed references to IG 9.1, 9.2 and 9.6. Removed the rationale in the Additional Comments.
    • IG 9.11 - Reducing the Number of Known Answer Tests – Added a paragraph in the Resolution explaining: when an algorithm can or cannot take advantage of IG 9.11 provisions; how embedded algorithms fit into IG 9.11; and added an effective date of this guidance.
    • IG 14.5 - Critical Security Parameters for the SP 800-90 DRBGs – Removed Additional Comment #2 as “full entropy”, in this context, is an unreasonable expectation.

[05-25-2018] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • Updated Guidance:
    • IG G.8 Revalidation Requirements – Removed the “2 year” limitation on 3sub revalidations, which stated that modules on the historical list could not be submitted as a 3sub if the module’s sunset date exceeded 2 years.  Now, modules that are Active or Historical are eligible for scenario 3 revalidation without this limitation. 
    • IG 9.11 Reducing the Number of Known Answer Tests – Changed the “type” of the parameter that “remembers” that self-tests were run successfully on a specific environment, from a CSP, to something that is treated the same as a public key, in which case the integrity of this parameter is assured by the module.

 

[03-27-2018] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • Updated Guidance:
    • G.8 Revalidation Requirements - Updated to add Alternative Scenario 3A (allowing vendors to submit module revalidations based on CVE patches).
    • G.13 - Instructions for Validation Information Formatting - Updated to add clarification on how to document the binding module algorithm certificate.  The same rules that apply to an embedding module also applies to a binding module.
    • 9.1 Known Answer Test for Keyed Hashing Algorithm – Updated to align with IG 9.4 and IG 9.11. Also, added clarification on HMAC self-testing with additional examples and comments.
    • 9.2 Known Answer Test for Embedded Cryptographic Algorithms – Updated to align with IG 9.11. Also, removed obsolete material (such as self-testing the embedded algorithms by means of the RNG KATs where the RNGs are no longer approved).
    • A.13 SP 800-67rev1 Transition - Updated to incorporate the latest requirements for the published SP 800-67rev2 standard.

[01-19-2018] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • Updated Guidance:
    • G.13 Instructions for Validation Information Formatting – Removed non-SP-800-38F compliant key wrapping methods from the allowed algorithm listing per SP 800-131A transition.  Added allowed non-SP-800-38F compliant key unwrapping examples.
    • ​D.9 Key Transport Methods  – Removed non-SP-800-38F compliant key wrapping methods from the allowed algorithm section per SP 800-131A transition.  Added two additional comments for clarity on SP 800-131A transition and KTS implementations.

 

[01/10/18] Annex A for FIPS PUB 140-2 has been updated.

Back to Top

2017

[12-04-2017] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • New Guidance:
    • IG 9.12 Integrity Test Using Sampling
    • IG 9.13 Non-Reconfigurable Memory Integrity Test
    • IG A.15 Vendor Affirmation for the SP 800-185 Algorithms​
  • Updated Guidance:
    • G.8 Revalidation Requirements - added notes about which scenarios should be included on the MIP list. Also updated scenario 2 to allow for modules on the Historical list to be validated via this scenario.
    • G.13 Instructions for Validation Information Formatting – added a caveat example when a module implements a DRBG but does not meet IG 7.14 and IG 7.15 requirements.
    • A.5 Key/IV Pair Uniqueness Requirements from SP 800-38D – added bullet 4 in scenario 2 requiring the module to meet IG 7.15 for the strength of the IV.
    • Revised entire IG for grammatical and formatting inconsistencies.

[09-11-2017] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • Minor editorial non-technical updates

[08-07-2017] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • New Guidance:
    • G.17: Remote Testing for Software Modules
    • 9.11: Reducing the Number of Known Answer Tests
    • 1.23: Definition and Use of a non-Approved Security Function
    • A.14: Approved Modulus Sizes for RSA Signature and Other Approved Public Key Algorithms
  • Updated Guidance:
    • G.13: Validation Certificate Formatting
    • 3.1: Authorized Roles
    • 9.9: Pair-Wise Consistency Self-Test When Generating a Key Pair
    • 14.1: Level of Detail When Reporting Cryptographic Services
    • 14.4: Operator Applied SecurityAppliances
    • A.2: Use of non-NIST Recommended Elliptic Curves
    • A.5: Key/IV Pair Uniqueness Requirements for SP 800-38D
    • A.11: The Use and the Testing Requirements for the Family of Functions defined in FIPS 202
    • A.13: SP 800-67rev1 Transition
    • D.2: Acceptable Key Establishment Protocols

[06/13/17] Annex A for FIPS PUB 140-2 has been updated.

  • Updated Guidance:
    • 9.9 Pair-Wise Consistency Self-Test When Generating a Key Pair – the scope is limited to the pair-wise consistency tests for keys used in RSA signature and RSA key transport schemes and removed “allowed” provision.

[05-10-2017] Annex A for FIPS PUB 140-2 has been updated.

  • New Guidance:
    • A.13 SP 800-67rev1 Transition
    • D.13 Elliptic Curves and the MODP Groups in Support of Industry Protocols
  • Updated Guidance:
    • G.8 Revalidation Requirements – added definition for scenario 2.
    • G.13 Validation Certificate Formatting – removed non-approved algorithms from the validation certificate, added examples for key establishment and included formatting instructions for virtual environments.
    • G.14 Validation of Transitioning Cryptographic Algorithms and Key Lengths,
      • 7.5 Strength of Key Establishment Methods,
      • A.11 The Use and the Testing Requirements for the Family of Functions defined in FIPS 202,
      • D.8 Key Agreement Methods,
      • D.11 References to the Support of Industry Protocolsremoved references to certificate formatting for non-approved algorithms.
    • 3.1 Authorized Roles – addressed relationship between authorized roles and operator authentication.
    • 3.4 Multi-Operator Authentication – resolve a conflict between IG 3.1 and IG 3.4.
    • A.8 Use of a Truncated HMAC – updated text, clarified examples and incorporated SP 800-107rev1 for all uses of a message authentication code.
    • D.9 Key Transport Methods – updated to explain that all approved key transport schemes shall use the KTS acronym and to allow an unwrapping of a key past the 2017 transition deadline.

[04-25-2017] Annex A for FIPS PUB 140-2 has been updated.

  • Updated Guidance:
    • D.12 Requirements for Vendor Affirmation to SP 800-133 – clarified some of the provisions.

[04-17-2017] Annex A for FIPS PUB 140-2 has been updated.

  • Updated Guidance:
    • 1.21 Processor Algorithm Accelerators (PAA) & Processor Algorithm Implementation (PAI) – add PAI where an accelerated function to support cryptographic algorithms is deemed to be the complete cryptographic algorithm and updated the list of known PAAs and PAIs.

[02-06-2017] Annex A for FIPS PUB 140-2 has been updated.

  • Updated Guidance:
    • 1.20 Sub-Chip Cryptographic Subsystems – updated 1.20 and 7.7 to resolve the asymmetric treatment of CM software and CM hardware.7.7 Key Establishment and Key Entry and Output – updated 1.20 and 7.7 to resolve the asymmetric treatment of CM software and CM hardware.D.11 References to the Support of Industry Protocols – clarified items 2 and 3.

Back to Top

2016

[02-01-2016] Annex A for FIPS PUB 140-2 has been updated.

  • Symmetric Key, Advanced Encryption Standard (AES):
  • Added: GCM-AES-XPN mode from IEEE Std 802.1AEbw-2013.

[01-25-2016] Annex A for FIPS PUB 140-2 has been updated.

  • Escrowed Encryption Standard (EES)
  • Removed Skipjack - withdrawn as of December 31, 2015.

[01-11-2016] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • Updated guidance
    • G.14: Validation of Transitioning Cryptographic Algorithms and Key Lengths
      • update references to FIPS 186-4, define legacy use of 186-2 and other post RNG transition changes
    • 7.5: Strength of Key Establishment Methods
      • update references to FIPS 186-4 and other post RNG transition changes
    • 7.8: Key Generation Methods Allowed in FIPS Mode
      • update references to FIPS 186-4 and other post RNG transition changes
    • 7.12: Key Generation for RSA Signature Algorithm
      • update references to FIPS 186-4 and other post RNG transition changes
    • C.1: moved to W.3
      • withdrawn obsolete guidance
    • C.2: moved to W.4
      • withdrawn obsolete guidance
    • D.4: Requirements for Vendor Affirmation of SP 800-56B
      • update references to FIPS 186-4 and other post RNG transition changes

[01-04-2016] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • Updated guidance
    • A.9: XTS-AES Key Generation Requirements
      • minor editorial update of the last sentence in Additional Comments
    • G.15: moved to W.2
      • withdrawn obsolete guidance

[01-04-2016] Annex A for FIPS PUB 140-2 has been updated.

  • Digital Signature Standard (DSS)
    • Removed references to 186-2.

[01-04-2016] Annex C for FIPS PUB 140-2 has been updated.

  • Deterministic Random Number Generators
    • National Institute of Standards and Technology, Recommendation for Random Number Generation Using Deterministic Random Bit Generators, Special Publication 800-90A, June 2015.
  • Retired RNG standards
    • American Bankers Association, Digital Signatures Using Reversible Public Key Cryptography for the Financial Services Industry (rDSA), ANSI X9.31-1998 - Appendix A.2.4
    • American Bankers Association, Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA), ANSI X9.62-1998 – Annex A.4

2015

[12-28-2015] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • New guidance
    • A.9: XTS-AES Key Generation Requirements
      • clarified the requirements for Key_1 and Key_2 from IEEE Std. 1619-2007

[12-22-2015] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • Modified guidance
    • 9.8 Continuous Random Number Gererator Tests
      • introduced advanced options for continuous random number generation testing.

[11-20-2015] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • Modified guidance
    • G.5 Maintaining validation compliance of software or firmware cryptographic modules
      • fixed a discrepancy in the wording of user porting rules. Now user affirmation is similar to that of vendors so that validation is only user-affirmed and does not imply a CMVP endorsement

[11-18-2015] Annex B for FIPS PUB 140-2 has been updated.

  • Added protection profiles
    • Common Criteria Protection Profiles for General Purpose Operating Systems
      • until June 30, 2016.​
    • NIAP Approved Protection Profile for Operating Systems
    • NIAP Approved Protection Profile for Mobile Device Fundamentals
  • Retired protection profiles
    • U.S. Government Approved Protection Profile - U.S. Government Protection Profile for General-Purpose Operating Systems in a Networked Environment
      • CC Version 3.1, 30 August 2010

[11-13-2015] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • Modified guidance
    • G.5 Maintaining validation compliance of software or firmware cryptographic modules
      • fixed a typo/poor text formatting - removed d) in 1) as it is just a continuation of c);

[11-12-2015] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • Modified guidance
    • 7.15 Entropy Assessment
      • introduced a transition period for third-party hardware entropy sources that cannot meet all documentation and test requirements;​
    • G.5 Maintaining validation compliance of software or firmware cryptographic modules
      • fixed a logically inconsistent wording related to porting modules to a new untested operational environment;​
    • 7.16 Acceptable Algorithms for Protecting Stored Keys and CSPs
      • Fixed a typo – misspelled Tripe-DES.

[09-17-2015] Annex A for FIPS PUB 140-2 has been updated.

  • Annex A: Added SHA-3.

[09-15-2015] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

Updated Implementation Guidance:

  • Modified guidance
    • 1.20Sub-Chip Cryptographic Subsystems
      • Updated with multiple disjoint sub-chip subsystems and refinements of testing and documentation requirements. See also generous transition period to allow for potentially long product development cycles.

 

[08-11-2015] NIST Billing Unavailable September 14-30, 2015

With the end of the fiscal year approaching, NIST billing will be unavailable September 14-30, 2015. During this time, NIST will not generate invoices or process payments. The invoices for test report submitted on September 14th through September 30th will be generated on October 1st or shortly thereafter. Any payments received on September 14th through September 30th will be processed starting on October 1st.

During this time frame, the CMVP will continue to review reports that have already been paid. The CMVP asks all participating parties to plan accordingly.

[08-07-2015] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

Updated Implementation Guidance:

  • New guidance
    • 7.14 Entropy Caveats
    • 7.15 Entropy Assessment
    • 7.16 Acceptable Algorithms for Protecting Stored keys and CSPs
    • D.1-rev2 CAVP Requirements for Vendor Affirmation of SP 800-56A-rev2
    • D.12 Requirements for Vendor Affirmation to SP 800-133
  • Modified guidance
    • 7.13 Cryptographic Key Strength Modified by an Entropy Estimate
      • withdrawn, moved to W.1.
    • A.5 Key/IV Pair Uniqueness Requirements from SP 800-38D
      • Allow IPSec- and TLS 1.2-style of IV generation for AES-GCM cipher suites.
    • D.9 Key Transport Methods
      • Updated with more SP 800-38F examples.
    • G.13 Instructions for Validation Information Formatting
      • Updated with more examples.
    • G.1 Request for Guidance from the CMVP and CAVP
      • Editorial - updated contacts and set in writing requirement for requests.
    • G.2 Completion of a test report: Information that must be provided to NIST/CSE
      • Editorial - changed CSEC to CSE.
    • G.7 Relationships Among Vendors, Laboratories, and NIST/CSE
      • Editorial - changed CSEC to CSE.
    • G.9 FSM, Security Policy, User Guidance and Security Officer Documentation
      • Editorial - changed CSEC to CSE.
    • G.12 Post-Validation Inquiries
      • Editorial - changed CSEC to CSE.

Back to Top 

2014

[10-08-2014] Annex A for FIPS PUB 140-2 and FIPS 140-2 Annex D: Approved Key Establishment Techniques have been updated.

Annex A: Added references to NIST SP 800-38F and NIST SP 800-52, Rev 1

Annex D: Updated reference to NIST SP 800-56B, Rev 1

[04-25-2014] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

Updated Implementation Guidance:

  • 9.10 Power-Up Tests for Software Module Libraries
    • Editorial changes for additional clarity.

[02-26-2014] FIPS 140-2 Annex D: Approved Key Establishment Techniques has been updated.

Annex D: Added reference to NIST SP 800-133

[02-24-2014] FIPS 140-2 Annex D: Approved Key Establishment Techniques has been updated.

Annex D: Replaced reference to FIPS 186-3 with FIPS 186-4 and SP 800-56a Revision 1 to Revision 2.

[01-31-2014] FIPS 140-2 Annex A: Approved Security Functions has been updated.

Annex A: Replaced reference to FIPS 186-3 with FIPS 186-4.

[01-17-2014] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

Updated Implementation Guidance:

  • G.15 Validating the Transition from FIPS 186-2 to FIPS 186-4
    • Editorial change
  • 7.13 Cryptographic Key Strength Modified by an Entropy Estimate –
    • Changed the minimum entropy requirement based on SP 800-131A transition effective 01-01-2014.

[01-15-2014] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

Updated Implementation Guidance:

  • G.13 Instructions for Validation Information Formatting
    • Removed incorrect examples based on SP 800-131A transition effective 01-01-2014.

[01-08-2014] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

Updated Implementation Guidance:

  • G.13 Instructions for Validation Information Formatting

Updated examples based on SP 800-131A transition effective 01-01-2014.

2013

[07-25-2013] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

New Implementation Guidance:

  • 3.5 Documentation Requirements for Cryptographic Module Services
  • 9.9 Pair-Wise Consistency Self-Test When Generating a Key Pair
  • 9.10 Power-Up Tests for Software Module Libraries
  • D.11 References to the Support of Industry Protocols

Updated Implementation Guidance:

  • D.8 Key Agreement Methods
    • Resolution section has been updated.
  • D.9 Key Transport Methods
    • Resolution section has been updated.

[06-07-2013] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

Updated Implementation Guidance:

  • G.8 Revalidation Requirements
    • Added Alternative Scenarios 1A and 1B.

[01-02-2013] FIPS 140-2 Annex D: Approved Key Establishment Techniques has been updated.

Annex D: Added reference to NIST SP 800-38F.

Back to Top 

2012

[12-21-2012] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

Updated Implementation Guidance:

  • G.5 Maintaining validation compliance of software or firmware cryptographic modules
    • Included reference to the impact to the generated key strength assurance when porting, and vendor Security Policy updates.
  • G.13 Instructions for Validation Information Formatting
    • For all embodiments, the OE shall be specified on the validation entry.
  • G.14 Validation of Transitioning Cryptographic Algorithms and Key Lengths
    • Addressed two-key Triple-DES requirements.
  • D.8 Key Agreement Methods
    • IG updated to address SP 800-135rev1.

[06-29-2012] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

Updated Implementation Guidance:

  • 7.7 Key Establishment and Key Entry and Output
    • References to key encryption changed to reference Key Establishment methods (e.g. Key Transport and Key Agreement).

[06-20-2012] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

Updated Implementation Guidance:

  • G.2 Completion of a test report: Information that must be provided to NIST and CSEC
    • Added transition date for report submissions using CRYPTIK integrated review process.
  • 1.19 non-Approved Mode of Operation
    • Re-written to associate with existing clauses in FIPS 140-2 and Implementation Guidance.
  • 7.12 Key Generation for RSA Signature Algorithm
    • Added Transition End Date.
  • 9.4 Known Answer Tests for Cryptographic Algorithms
    • Added Transition End Date.

[05-30-2012] FIPS 140-2 Annex A: Approved Security Functions has been updated.

Annex A: Replaced reference to FIPS 180-3 with FIPS 180-4.

[05-02-2012] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

New Implementation Guidance:

  • 3.3 Authentication Mechanisms for Software Modules
  • 3.4 Multi-Operator Authentication
  • 7.11 Definition of an NDRNG
  • 7.12 Key Generation for RSA Signature Algorithm
  • 7.13 Cryptographic Key Strength Modified by an Entropy Estimate
  • 9.8 Continuous Random Number Generator Tests

Updated Implementation Guidance:

  • G.13 Instructions for Validation Information Formatting
    • Added annotation note regarding EFP/EFT when Section 4.5 is Level 3.
  • 1.2 FIPS Approved Mode of Operation
    • Modified resolution and additional comments text.
  • 1.7 Multiple Approved Modes of Operation
    • Modified resolution and additional comments text.
  • 1.19 non-Approved Mode of Operation
    • Modified resolution when annotating non-Approved services.

[04-23-2012] FIPS 140-2 Annex D: Approved Key Establishment Techniques has been updated.

Annex D: Updated reference to SP 800-135 Revision 1.

[04-23-2012] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

New Implementation Guidance:

  • G.14 Validation of Transitioning Cryptographic Algorithms and Key Lengths
  • G.15 Validating the Transition from FIPS 186-2 to FIPS 186-3
  • 1.18 PIV Reference
  • 1.19 non-Approved Mode of Operation
  • D.8 Key Agreement Methods
  • D.9 Key Transport Methods
  • D.10 Requirements for Vendor Affirmation of SP 800-56C

Updated Implementation Guidance:

  • G.1 Request for Guidance from the CMVP and CAVP
    • Updated CSEC contact
  • G.2 Completion of a test report: Information that must be provided to NIST and CSEC
    • Added clause to 3rd bullet regarding physical security test evidence traceability to DTR. Added 5th bullet regarding table templates.
  • G.13 Instructions for Validation Information Formatting
    • Updated 2nd, 3rd, 4th, 8th, 9th and 10th bullets in the Module Information section.
  • 9.4 Known Answer Tests for Cryptographic Algorithms
    • IG revised and expanded.
  • 9.6 Self-Tests When Implementing the SP 800-56A Schemes
    • IG expanded and clarifications added.
  • A.3 Vendor Affirmation of Cryptographic Security Methods
    • Removed caveat examples and replaced with referenced to IG G.13.
  • D.2 Acceptable Key Establishment Protocols
    • Completely revised as an umbrella IG for Approved and allowed key establishment methods.
  • D.5 Requirements for Vendor Affirmation of SP 800-108
    • Transition end date of 06/23/2012 added and algorithm validation acronym reference updated.
  • D.6 Requirements for Vendor Affirmation of SP 800-132
    • Algorithm validation acronym reference updated.
  • D.7 Requirements for Vendor Affirmation of SP 800-135rev1
    • Transition end date of 06/23/2012 added and updated reference to SP 800-135 Revision 1.

[02-16-2012] FIPS 140-2 Annex C: Approved Random Number Generators has been updated.

Annex C: Updated reference to NIST PUB 800-90A.

2011

[12-20-2011] FIPS 140-2 Annex D: Approved Key Establishment Techniques has been updated.

Annex D: Added reference to NIST SP 800-56C.

[09-26-2011] Non-Invasive Attack Testing Workshop (NIAT)

A workshop was hosted by the CMVP (NIST and CSEC) and AIST Japan to address new non-invasive attack testing methods for cryptographic modules. Presentations and papers presented at the NIAT Workshop.

[08-12-2011] FIPS 140-2 Annex B: Approved Protection Profiles has been updated.

Annex B: Added new protection profile reference.

[07-26-2011] FIPS 140-2 Annex A: Approved Security Functions, FIPS 140-2 Annex C: Approved Random Number Generators and FIPS 140-2 Annex D: Approved Key Establishment Techniques have been updated.

Annexes A, C and D: Added references to NIST SP 800-131A Transitions.

[07-15-2011] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

New Implementation Guidance:

  • 11.1 Mitigation of Other Attacks
  • D.4 Requirements for Vendor Affirmation of NIST SP 800-56B
  • D.5 Requirements for Vendor Affirmation of NIST SP 800-108
  • D.6 Requirements for Vendor Affirmation of NIST SP 800-132
  • D.7 Requirements for Vendor Affirmation of NIST SP 800-135

Updated Implementation Guidance:

  • G.3 Partial Validations and Not Applicable Areas of FIPS 140-2
    • Modified in regard to new IG 11.1
  • G.6 Modules with both a FIPS mode and a non-FIPS mode
    • Clarification that all implemented algorithms shall be referenced on the validation certificate.
  • G.8 Revalidation Requirements
    • Added security policy requirements for revalidation Scenarios 1 and 4
  • G.13 Instructions for Validation Information Formatting
    • Added examples for CVL and KTS
  • 1.4 Binding of Cryptographic Algorithm Validation Certificates
    • Added examples of an operational environment change
  • D.1 CAVP Requirements for Vendor Affirmation of NIST SP 800-56A
    • Modified the testing for primitives
  • D.2 Acceptable Key Establishment Protocols
    • Modified the transition text and key agreement guidance

[06-14-2011] FIPS 140-2 Annex C: Approved Random Number Generators has been updated.

Annex C: Replaced reference to ANSI X9.62-2005 – Annex D with ANSI X9.62-1998 – Annex A.4)

[03-03-2011] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

Updated Implementation Guidance:

  • G.2 Completion of a test report: Information that must be provided to NIST and CSEC
    • Changes relative to the release of CRYPTIK v8.6b
  • G.13 Instructions for Validation Information Formatting
    • Changes relative to the release of CRYPTIK v8.6b
  • A.2 Use of Non-NIST-Recommended Asymmetric Key Sizes and Elliptic Curves
    • Updated for consistency with recent standards
  • A.6 CAVP Requirements for Vendor Affirmation of FIPS 186-3 Digital Signature Standard
    • Transition end date for FIPS 186-3 RSA is defined
  • D.2 Acceptable Key Establishment Protocols
    • Changed NIST CSD CT Group Contact to Mr. Tim Polk

[01-04-2011] FIPS 140-2 Annex A: Approved Security Functions and FIPS 140-2 Annex D: Approved Key Establishment Techniques have been updated.

Annex A: Moved Key Management/Establishment references to FIPS 140-2 Annex D.

Annex D: References reorganized; Added references: FIPS 186-3 – asymmetric key generation; Special Publication 800-108; Special Publication 800-132; Special Publication 800-135

[01-04-2011] Derived Test Requirements for FIPS PUB 140-2, Security Requirements for Cryptographic Modules has been updated.

Please review DTR Change Notices 6, 7 and 8

Back to Top 

2010

[12-23-2010] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

New Implementation Guidance:

  • 1.16 Software Module
  • 1.17 Firmware Module
  • 2.1 Trusted Path
  • 5.5 Physical Security Level 3 Augmented with EFP/EFT
  • 9.7 Software/Firmware Load Test
  • 14.5 Critical Security Parameters for the SP 800-90 DRBGs

Updated Implementation Guidance:

  • 9.6 Self-Tests When Implementing the SP 800-56A Schemes
    • Requirements changed

[11-24-2010] FIPS 140-2 Annex A: Approved Security Functions [ PDF ], FIPS 140-2 Annex C: Approved Random Number Generators [ PDF ] and FIPS 140-2 Annex D: Approved Key Establishment Techniques [ PDF ] have been updated.

Annex A: Added Addendum to Special Publication 800-38A, October 2010: Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode and updated the revision date for FIPS 198-1, July 2008: The Keyed-Hash Message Authentication Code (HMAC)

Annex C: Updated the revision date for ANSI X9.62-2005 – Annex D: Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA)

Annex D: Changed references from FIPS 140-2 Implementation Guidance 7.1 to D.2 and split the Asymmetric Key Establishment Techniques section into three parts.

[08-03-2010] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated.

Updated Implementation Guidance:

  • 08/03/2010: G.8 Revalidation Requirements
    • For scenarios 1 and 4 added clarification on required submission documents sent to the CMVP.

[06-15-2010] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated.

Updated Implementation Guidance:

  • 06/10/2010: 5.4 Level 3: Hard Coating Test Methods
    • Removed reference to environmental conditions other than temperature and added Security Policy requirements.

[06-10-2010] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated.

Updated Implementation Guidance:

  • 06/10/2010: G.2 Completion of a test report: Information that must be provided to NIST and CSEC
    • Updated submission and billing information requirements.
  • 06/10/2010: G.13 Instructions for completing a FIPS 140-2 Validation Certificate
    • Additional caveat examples.
  • 06/10/2010: 1.3 Firmware Designation
    • Updated platform versioning requirements if physical security is Level 2, 3 or 4.
  • 06/10/2010: 5.4 Level 3: Hard Coating Test Methods
    • Modified temperature testing limits and removed testing methods using solvents.
  • 06/10/2010: 7.5 Strength of Key Establishment Methods
    • Added reference to draft NIST SP 800-131.
  • 06/10/2010: A.6 CAVP Requirements for Vendor Affirmation of FIPS 186-3 Digital Signature Standard
    • Updated with transition end date for ECDSA.

[04-13-2010] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated.

Updated Implementation Guidance:

  • 03/19/2010: G.13 Instructions for completing a FIPS 140-2 Validation Certificate
    • Added examples for software-hybrid and firmware-hybrid modules.
  • 03/19/2010: 1.9 Definition and Requirements of a Hybrid Cryptographic Module
    • Updated the annotation for software-hybrid and, firmware-hybrid modules.
  • 04/09/2010: A.6 CAVP Requirements for Vendor Affirmation of FIPS 186-3 Digital Signature Standard
    • Updated with transition end date.
  • 04/09/2010: A.7 CAVP Requirements for Vendor Affirmation of NIST SP800-38E
    • Updated with transition end date.

[01-27-2010] FIPS 140-2 Annex A: Approved Security Functions [ PDF ] has been updated

Symmetric Key, Number 1:Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices - Added

2009

[10-22-2009] FIPS 140-2 Annex A: Approved Security Functions [ PDF ] has been updated.

Annex A: Key Management, Number 1:Recommendation for Key Derivation Using Pseudorandom Functions - Added

[10-22-2009] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated.

New Implementation Guidance:

  • 10/22/2009: 7.10 Using the SP 800-108 KDFs in FIPS Mode
  • 10/21/2009: 9.6 Self-Tests When Implementing the SP 800-56A Schemes
  • 10/21/2009: D.3 Assurance of the Validity of a Public Key for Key Establishment

Updated Implementation Guidance:

  • 10/21/2009: To align Implementation Guidance that is associated with underlying algorithmic standards referenced in FIPS 140-2 Annexes A, C and D, the following algorithm specific IGs have been moved to new IG Annex sections: Moved IG 1.5 to IG A.1, IG 1.6 to IG A.2, IG 1.10 to A.3, IG 1.11 to IG D.1, IG 1.12 t IG C.1, IG 1.13-15 to IG A..4-6, IG 7.1 to IG D.2 and IG 7.3 to IG C.2
  • 10/20/2009: G.1 Request for Guidance from the CMVP and CAVP
    • Updated contact information.
  • 10/20/2009: G.2 Completion of a test report: Information that must be provided to NIST and CSEC
    • Minor editorial changes
  • 10/20/2009: G.13 Instructions for completing a FIPS 140-2 Validation Certificate
    • Added FIPS 186-3 and SP 800-56A annotation examples.
  • 10/20/2009: D.1 (formerly 1.11) CAVP Requirements for Vendor Affirmation of NIST SP 800-56A
    • Added reference to the annotation requirements in IG G.13.
  • 10/20/2009: A.6 (formerly 1.15) CAVP Requirements for Vendor Affirmation of FIPS 186-3 Digital Signature Standard
    • Added transition information and reference to the annotation requirements in IG G.13.
  • 10/20/2009: D.2 (formerly 7.1) Acceptable Key Establishment Protocols
    • Added transition information.
  • 08/31/2009: D.2 (formerly 7.1) Acceptable Key Establishment Protocols
    • Added references to DTLS.

[10-08-2009] FIPS 140-2 Annex A: Approved Security Functions [ PDF ] and FIPS 140-2 Annex D: Approved Key Establishment Techniques [ PDF ] have been updated.

Annex A: Editorial Changes to align the references with the CAVP validation listings.

Annex D: Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography, NIST SP 800-38B - Added.

[08-04-2009] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated.

Updated Implementation Guidance:

  • 7.1 For Key Agreement; removed the KDF specified in the SRTP protocol (IETF RFC 3711). For Key Transport; added reference to EAP-FAST and PEAP-TLS.

[07-21-2009] FIPS 140-2 Annex A: Approved Security Functions [ PDF ] and FIPS 140-2 Annex C: Approved Random Number Generators [ PDF ] have been updated

Reference to archived FIPS 186-2 added.

[07-07-2009] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated.

New Implementation Guidance:

  • 1.15 CAVP Requirements for Vendor Affirmation of FIPS 186-3 Digital Signature Standard

[06-18-2009] FIPS 140-2 Annex A: Approved Security Functions [ PDF ] has been updated.

Asymmetric Key - Signature, Number 1:Digital Signature Standard (DSS) - FIPS 186-3 replaces FIPS 186-2

[04-01-2009] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

New Implementation Guidance:

  • 3.2 Bypass Capability in Routers
  • 9.5 Module Initialization during Power-Up

[03-24-2009] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

New Implementation Guidance:

  • 7.9 Procedural CSP Zeroization

[03-10-2009] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

New Implementation Guidance:

  • 1.14 Key/IV Pair Uniqueness Requirements from NIST SP 800-38D
  • 5.3 Physical Security Assumptions
  • 7.8 Key Generation Methods Allowed in FIPS mode

Updated Implementation Guidance:

  • G.1 Request for Guidance from the CMVP
    • Updated NIST POC
  • G.5 Maintaining validation compliance of software or firmware cryptographic modules.
    • Updated references to firmware and hybrid modules.
  • G.13 Instructions for completing a FIPS 140-2 Validation Certificate
    • Updated examples
  • 1.9 Definition and Requirements of a Hybrid Cryptographic Module
    • Updated to include hybrid firmware modules.
  • 7.1 Acceptable Key Establishment Protocols
    • For Key Agreement; added the KDF specified in the SRTP protocol (IETF RFC 3711) is allowed only for use as part of the SRTP key derivation protocol. For Key Transport; wrapping a key using the GDOI Group Key Management Protocol described in the IETF RFC 3547.

Back to Top 

2008

[10-21-2008] FIPS 140-2 Annex A: Approved Security Functions [ PDF ] has been updated

Hashing, Number 1:Secure Hash Standard - FIPS 180-3 replaces FIPS 180-2

[05-22-2008] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

Updated Implementation Guidance:

  • G.13 Instructions for completing a FIPS 140-2 Validation Certificate

[01-24-2008] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

New Implementation Guidance:

  • 7.7 Key Establishment and Key Entry and Output

Updated Implementation Guidance:

  • G.2 Completion of a test report: Information that must be provided to NIST and CSEC
    • Added reference to CMVP comments document.
  • G.8 Revalidation Requirements
    • Added reference to the CMVP FAQ in change scenario 1.

[01-16-2008] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

Updated Implementation Guidance:

  • G.13 Instructions for completing a FIPS 140-2 Validation Certificate
  • 1.8 Listing of DES Implementations
  • 7.1 Acceptable Key Establishment Protocols
  • 9.4 Cryptographic Algorithm Tests for SHS Algorithms and Higher Cryptographic Algorithms Using SHS Algorithms

[01-16-2008] FIPS 140-2 Annex D: Approved Key Establishment Techniques [ PDF ] has been updated.

2007

[12-18-2007] FIPS 140-2 Annex A: Approved Security Functions [ PDF ] has been updated

Symmetric Key - Encryption, Number 1:Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC - Added

[12-18-2007] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

New Implementation Guidance:

  • 1.13 CAVP Requirements for Vendor Affirmation of NIST SP 800-38D

[11-16-2007] -- Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF] has been updated.

New Implementation Guidance

  • 7.6 RNGs: Seeds, Seed Keys and Date/Time Vectors

[11-15-2007] -- CAVP release of CAVS - CAVS6.0

On November 14, 2007, the CAVP released a new version of CAVS - CAVS6.0 which adds testing for NIST SP 800-90 Deterministic Random Bit Generators.

A transition period of three months ending on February 15, 2008 addresses the impact to newly received FIPS 140-2 module test reports and the relationship to FIPS 140-2 IG 1.12.

During the transition period, new FIPS 140-2 module test reports received which implement SP 800-90 RNGs may operate the RNG in an Approved FIPS mode for key generation with reference to an issued CAVP SP 800-90 algorithm validation certificate, or vendor affirmation as indicated in FIPS 140-2 IG 1.12. The certificate annotation is provided in FIPS 140-2 IG G.13 and below:

  • If reference to a CAVP algorithm certificate, the certificate entry would be: RNG (Cert. #nnn)
  • If reference to FIPS 140-2 IG 1.12, the certificate entry would be: RNG (SP 800-90, vendor affirmed)

New FIPS 140-2 IG G.8 Scenario 3 and 5 module test reports received from CMT Laboratories after the transition period which implement SP 800-90 RNGs operating in an Approved FIPS mode for key generation shall reference a CAVP RNG algorithm certificate. At the end of the transition period, FIPS 140-2 IG 1.12 will be for reference only.

The CMVP will also review special conditions on a case-by-case basis.

[11-08-2007] -- Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF] has been updated.

Updated Implementation Guidance

  • G.2 Completion of a test report: Information that must be provided to NIST and CSEC
    • Added clarification on output type of draft certificate.

[10-18-2007] -- URL links were updated in the following documents:

  • FIPS 140-2 Annex A: Approved Security Functions [ PDF]
  • FIPS 140-2 Annex C: Approved Random Number Generators [ PDF]
  • FIPS 140-2 Annex D: Approved Key Establishment Technigues [ PDF]
  • Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF]
  • CMVP FAQ

[07-26-2007] -- Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF] has been updated.

  • Minor editorial updates.

[07-03-2007] -- Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF] has been updated.

New Implementation Guidance

  • 14.3 Logical Diagram for Software, Firmware and Hybrid Modules

[06-28-2007] -- Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF] has been updated.

New Implementation Guidance

  • G.13 Instructions for completing a FIPS 140-2 Validation Certificate

[06-26-2007] -- Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF] has been updated.

Updated Implementation Guidance

  • G.8 Revalidation Requirements
    • Additional guidelines for determining <30% change for Scenario 3.
  • 7.1 Acceptable Key Establishment Protocols
    • Updated to reflect the publishing of NIST SP 800-56A.

[06-26-2007] -- FIPS 140-2 Annex D: Approved Key Establishment Techniques [ PDF] has been updated.

Symmetric Key Establishment Techniques:Removed reference to FIPS 171. FIPS 171 was withdrawn February 08, 2005.

Asymmetric Key Establishment Techniques, Number 2:Added references for additional schemes in FIPS 140-2 IG Section 7.1.

[06-22-2007] -- Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [PDF] has been updated.

Updated Implementation Guidance

  • G.2 Completion of a test report: Information that must be provided to NIST and CSEC
    • Editorial changes for clarification.
  • G.8 Revalidation Requirements
    • Editorial changes for clarification.

[06-21-2007] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

New Implementation Guidance:

  • 1.11 CAVP Requirements for Vendor Affirmation of NIST SP 800-56A
  • 1.12 CAVP Requirements for Vendor Affirmation of NIST SP 800-90

[06-14-2007] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

Updated Implementation Guidance:

  • 3.1 Authorized Roles
    • Updated to reference hashing and RNG services

[06-14-2007] FIPS 140-2 Annex B: Approved Protection Profiles [ PDF ] has been updated

Updated document links. Added Protection Profile for Single-level Operating Systems in Environments Requiring Medium Robustness, Version 1.91.

[03-19-2007] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

Updated Implementation Guidance:

  • Updated references to revision of NIST SP 800-57

[03-19-2007] FIPS 140-2 Annex C: Approved Random Number Generators [ PDF ] has been updated

Deterministic Random Number Generators, Number 6:Recommendation for Random Number Generation Using Deterministic Random Bit Generators (Revised) - Updated to revised document.

[03-19-2007] FIPS 140-2 Annex D: Approved Key Establishment Techniques[ PDF ] has been updated

Asymmetric Key Establishment Techniques, Number 1:Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography (Revised) - Updated to revised document.

[02-26-2007] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

Updated Implementation Guidance:

  • 7.4 Zeroization of Power-Up Test Keys
    • Clarified text regarding Section 4.9.1 test keys

[01-26-2007] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

New Implementation Guidance:

  • G.12 Post-Validation Inquiries

[01-25-2007] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

New Implementation Guidance:

  • 1.10 Vendor Affirmation of Cryptographic Security Methods

Updated Implementation Guidance:

  • G.8 Revalidation Requirements
    • Scenario 2, 1st paragraph clarification update.
  • 7.5 Strength of Key Establishment Methods
    • Updated text on the calculation of key strength.

[01-24-2007] FIPS 140-2 Annex A: Approved Security Functions [ PDF ] has been updated

Random Number Generators, Number 1:Annex C: Approved Random Number Generators for FIPS 140-2, Security Requirements for Cryptographic Modules - Updated reference document date

[01-24-2007] FIPS 140-2 Annex C: Approved Random Number Generators [ PDF ] has been updated

Deterministic Random Number Generators, Number 6:Recommendation for Random Number Generation Using Deterministic Random Bit Generators - Added

[01-24-2007] FIPS 140-2 Annex D: Approved Key Establishment Techniques [ PDF ] has been updated

Asymmetric Key Establishment Techniques, Number 1:Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography - Added

Back to Top 

2006

[10-05-2006] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

New Implementation Guidance:

  • 1.9 Definition and Requirements of an Hybrid Cryptographic Module

[09-27-2006] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

Updated Implementation Guidance:

  • G.8 Revalidation Requirements
    • New revalidation scenario: No change to module but update of security relevant service or function.

[05-05-2006] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

Updated Implementation Guidance:

  • G.2 Completion of a test report: Information that must be provided to NIST and CSEC
    • Additional file to include and new NIST and CSEC e-mail contact information.

[04-07-2006] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

Updated Implementation Guidance:

  • G.2 Completion of a test report: Information that must be provided to NIST and CSEC
    • Added reference to include PIV Card Application certificate reference if applicable to the draft certificate.

[04-03-2006] Annex A: Approved Security Functions [ PDF ] has been updated

CMAC

National Institute of Standards and Technology, Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication, Special Publication 800-38B, May 2005.

[03-23-2006] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

Updated Implementation Guidance:

  • G.2 Completion of a test report: Information that must be provided to NIST and CSEC
    • Updated NIST contact.
  • G.5 Maintaining validation compliance of software or firmware cryptographic modules
    • Added exception for vendor recompilation.

2005

[12-01-2005] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

New Implementation Guidance:

  • 1.8 Listing of DES Implementations
  • 7.5 Strength of Key Establishment Methods

[11-17-2005] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

Updated Implementation Guidance:

  • G.2 Completion of a test report: Information that must be provided to NIST and CSEC
    • Updated NIST contact.

[09-26-2005] CMVP and IPA/Instac Physical Security Testing Workshop

A workshop was hosted by the CMVP (NIST and CSEC) and IPA/Instac Japan to address new physical testing methods as new mitigation methods are deployed in cryptographic modules. Presentations and papers presented at the Physical Security Testing Workshop.

[09-12-2005] Annex D: Approved Key Establishment Techniques [ PDF ] has been updated

Information regarding allowed asymmetric key establishment methods moved to FIPS 140-2 IG 7.1.

[09-12-2005] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

New Implementation Guidance:

  • G.11 Testing using Emulators and Simulators
  • 1.6 Use of Non-NIST-Recommended Asymmetric Key Sizes and Elliptic Curves
  • 1.7 Multiple Approved Modes of Operation
  • 5.2 Testing Tamper Evident Seals
  • 7.4 Zeroization of Power-Up Test Keys

Updated Implementation Guidance:

  • G.1 Request for Guidance from the CMVP
  • 1.2 FIPS Approved Mode of Operation
  • 7.1 Acceptable Key Establishment Protocols
  • 7.2 Use of IEEE 802.11i Key Derivation Protocols

[07-25-2005] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

Updated Implementation Guidance:

  • G.2 Completion of a test report: Information that must be provided to NIST and CSEC
    • Updated CSEC contact.

[06-30-2005] FIPS 140-2 Annex D: Approved Key Establishment Techniques [ PDF ] has been updated

Clarification regarding the use of asymmetric keys for key wrapping as a key transport method for key establishment.

[05-19-2005] FIPS 140-2 Annex A: Approved Security Functions [ PDF ] has been updated

DES and Triple-DES

National Institute of Standards and Technology, Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher, Special Publication 800-67, May 2004.

[01-31-2005] FIPS 140-2 Annex C: Approved Random Number Generators [ PDF ] has been updated

NIST-Recommended Random Number Generator Based on ANSI X9.31 Appendix A.2.4 Using the 3-Key Triple DES and AES Algorithms added.

[01-21-2005] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

New Implementation Guidance:

  • 6.4 Approved Integrity Techniques
  • 7.2 Use of IEEE 802.11i Key Derivation Protocols
  • 7.3 Use of other Core Symmetric Algorithms in ANSI X9.31 RNG

Updated Implementation Guidance:

  • G.1 Implementation guidance requests to NIST and CSEC
    • Updated NIST and CSEC contacts.
  • G.2 Completion of a test report: Information that must be provided to NIST and CSEC
    • Updated CSEC contact. Change requirements for signature page.
  • G.3 Partial Validations and Not Applicable Areas of FIPS 140-2
    • Added guidance regarding Not Applicable Areas.
  • G.5 Maintaining validation compliance of software or firmware cryptographic modules
    • Clarified the distinct actions a vendor or user may affirm compliance.
  • G.8 re-validation Requirements
    • Added Regression Test Suite and clarifications.

Back to Top 

2004

[11-04-2004] FIPS 140-2 Annex B: Approved Protection Profiles [ PDF ] has been updated

URL links for Approved protection profiles updated.

[09-23-2004] FIPS 140-2 Annex A: Approved Security Functions [ PDF ] has been updated

Message Authentication

National Institute of Standards and Technology, Recommendation for BlockCipher Modes of Operation: The CCM Mode for Authentication and Confidentiality, Special Publication 800-38C, May 2004. [ PDF ]

[09-22-2004] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

Updated Implementation Guidance:

  • 9.1 Known Answer Test for Keyed Hashing Algorithm (updated)
    • Removed requirement that a KAT must be implemented for every HMAC.

[08-19-2004] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

New and Updated Implementation Guidance:

  • G.5 Maintaining validation compliance of software or firmware cryptographic modules (updated)
    • Added references to firmware modules.
  • 1.5 Validation Testing of SHS Algorithms and Higher Cryptographic Algorithm Using SHS Algorithms (new)
  • 7.1 Acceptable Key Establishment Protocols (updated)
    • Added reference to password-based key establishment protocols.
  • 9.1 Known Answer Test for Keyed Hashing Algorithm (updated)
    • Added references to HMAC-SHA-224, HMAC-SHA-256, HMAC-SHA-384 and HMAC-SHA-512.
  • 9.2 Known Answer Test for Embedded Cryptographic Algorithms (updated)
    • Additional comment regarding SHA-1 within the FIPS 186-2 RNG.
  • 9.4 Cryptographic Algorithm Tests for SHS Algorithms and Higher Cryptographic Algorithms Using SHS Algorithms (new)

[08-18-2004] FIPS 140-2 Annex A: Approved Security Functions [ PDF ] has been updated

Asymmetric Key

DSA, RSA and ECDSANational Institute of Standards and Technology, Digital Signature Standard (DSS), Federal Information Processing Standards Publication 186-2 with Change Notice 1, October 05, 2001.Updated reference to include Change Notice 1.

RSA Laboratories, PKCS#1 v2.1: RSA Cryptography Standard, June 14, 2002.Updated to reflect CMVP FAQ Section 6 entry "What is the status of PKCS#1?".

[07-26-2004] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

New and Updated Implementation Guidance:

  • G.1 Implementation guidance requests to NIST and CSEC (updated)
    • Distribution of CMT Lab guidance to all CMT Labs.
  • G.5 Maintaining validation compliance of software cryptographic modules (updated)
    • Addition of compliance caveat.
  • 1.4 Use of Cryptographic Algorithm Validation Certificates (new)
    • A transition period for conformance to IG 1.4 will end October 29, 2004. The CMVP will also review special conditions on a case-by-case basis.

[05-13-2004] FIPS 140-2 Annex A: Approved Security Functions [ PDF ] has been updated

Hashing

Secure Hash Standard (SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512)National Institute of Standards and Technology, Secure Hash Standard, Federal Information Processing Standards Publication 180-2 with Change Notice 1, February 25, 2004. SHA-224 added as a reference.

[04-28-2004] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

New Guidance

  • 1.3 Firmware Designation

[03-29-2004] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

New Guidance

  • G.10 Physical Security Testing for Re-validation from FIPS 140-1 to FIPS 140-2
  • 6.3 Correction to Common Criteria Requirements on Operating System

[03-24-2004] The Derived Test Requirements [DTR] for FIPS PUB 140-2, Security Requirements for Cryptographic Modules [ PDF ] has been updated

Details can be found in the Change Notices section of the DTR. DTR Change Notice 5.

[03-24-2004] The Derived Test Requirements [DTR] for FIPS PUB 140-2, Security Requirements for Cryptographic Modules [ PDF ] has been updated

Details can be found in the Change Notices section of the DTR. DTR Change Notice 4.

[03-15-2004] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

New Guidance

  • 1.2 FIPS Approved Mode of Operation

[03-11-2004] FIPS 140-2 Annex A: Approved Security Functions [ PDF ] has been updated

Hashing

Secure Hash Standard (SHA-1, SHA-256, SHA-384 and SHA-512)National Institute of Standards and Technology, Secure Hash Standard, Federal Information Processing Standards Publication 180-2, August 01, 2002.

Random Number Generators

Annex C: Approved Random Number GeneratorsNational Institute of Standards and Technology, Annex C: Approved Random Number Generators for FIPS 140-2, Security Requirements for Cryptographic Modules, March 17, 2003.

[03-11-2004] [12-03-2002] FIPS PUB 140-2, Security Requirements for Cryptographic Modules [ PDF ] has been updated

Change Notices 2, 3 and 4 have been added. Change Notices 2, 3 and 4 will be mandatory for all modules submitted to NIST and CSEC for FIPS 140-2 validation after June 04, 2004. For Change Notice 2, the CMT Laboratories will begin performing validation testing of the FIPS-approved Random Number Generators.

During the transition period prior to June 04, 2004, the following requirements are applicable:

  • Change Notice 2: FIPS PUB 140-2 Section 4.9.1, Power-Up Tests: Statistical random number generator tests are not required and will not be tested. The additional changes specified by Change Notice 2 are not mandatory until June 04, 2004. For example, the RNG KAT will not be required until after the transition period.
  • Change Notice 3: Until such time a FIPS-approved key agreement method is available, there is no pair-wise consistency test required for key agreement. When a FIPS-approved key agreement method is available, the FIPS 140-2 conditional test requirements will be developed.
  • Change Notice 4: Clarification.

Details can be found in the Change Notices section of the standard.

[03-02-2004] The Derived Test Requirements [DTR] for FIPS PUB 140-2, Security Requirements for Cryptographic Modules [ PDF ] has been updated

Details can be found in the Change Notices section of the DTR.

[02-27-2004] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

New Guidance

  • 1.1 Cryptographic Module Name

[02-23-2004] FIPS 140-2 Annex D: Approved Key Establishment Techniques [ PDF ] has been updated

MQV and EC MQV added as Asymmetric Key Establishment Techniques for use in a FIPS Approved mode.

[02-10-2004] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

New Guidance

  • 5.1 Opacity and Probing of Cryptographic Modules with Fans, Ventilation Holes or Slits at Level 2
  • 7.1 Acceptable Key Establishment Protocols
  • 9.1 Known Answer Test for Keyed Hashing Algorithm
  • 9.2 Known Answer Test for Embedded Cryptographic Algorithms
  • 9.3 KAT for Algorithms used in an Integrity Test Technique

[01-09-2004] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

G.1 Implementation guidance requests to NIST and CSEC

Personnel change.

G.2 Completion of a test report

Requirements for submission of documents and termination of initial review.

2003

[12-16-2003] FIPS 140-2 Annex A: Approved Security Functions [PDF ] has been updated

Removed Asymmetric Key references to ANSI X9.31-1998 and ANSI X 9.62-1998.These are referenced FIPS 186-2.

[09-11-2003] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

6.2 Applicability of Operational Environment Requirements to JAVA Smart Cards updated for clarity.

[08-28-2003] FIPS 140-2 Annex D: Approved Key Establishment Techniques [ PDF ] has been updated

Clarification of Asymmetric Key Establishment Techniques for use in a FIPS Approved mode.

[08-21-2003] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

G.1 and G.2 NIST CMVP contacts changed.

[08-06-2003] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

G.5 Maintaining validation compliance of software cryptographic modules

Software modules that require any source code modifications to be recompiled and ported to another General Purpose Computer (GPC) or operational environment must be reviewed by a CMT laboratory and revalidated per IG G.8 (1) [non-security relevant changes].

The effective date for the modified guidance is September 15, 2003.

[07-02-2003] FIPS 140-2 Annex B: Approved Protection Profiles [ PDF ] has been updated

URL link for CAPP updated.

[05-29-2003] A modification has been made to the NIST CMVP FIPS 140-1 and FIPS 140-2 Validation listings.

Bookmarking has been added within each list for each individual certificate. Either while browsing the list, or by link from another web page, one can easily navigate directly to a single certificate entry. If browsing the list, simply append #nnn (where nnn is the 1-3 digit certificate number) to the link, hit enter, and you will go directly to the certificate number.If referencing from another web page, an example syntax would be: http://csrc.nist.rip/cryptval/140-1/140val-all.htm#nnn

[05-20-2003] Vendor Product Link

A cryptographic module may either be a component of a product, or a standalone product. NIST directs user inquiries to cryptographic module vendors to determine specific products that use a validated cryptographic module. Typically there are a large number of security products available that use every validated cryptographic module.

While the CMVP cannot maintain a list of vendor products that utilize an embedded validated cryptographic module, we would like to provide potential users and customers a way to find information on these products. Therefore we have added an optional 2nd URL below the Certificate link on each validation list entry. The 1st URL is the traditional link to the cryptographic module vendor's home page. It is intended that the 2nd URL would link to a vendor provided product page that contains a concise listing of those vendor products that use the validated cryptographic module or, if the module is a standalone product, additional pertinent information.

Providing a direct link for a user or customer to locate products that use validated cryptographic modules should make it easier for users and customers to deploy solutions with validated modules.

The directed link is vendor maintained and optional. NIST and the CMVP do not endorse the views expressed or the facts presented at the directed link. Further, NIST and the CMVP do not endorse any commercial products that may be advertised or available at the directed link.

[05-20-2003] FIPS 140-2 Annex D: Approved Key Establishment Techniques [ PDF ] has been updated

Reference to FIPS 171 added for symmetric keys.

[03-17-2003] FIPS 140-2 Annex C: Approved Random Number Generators [ PDF ] has been updated

Reference to ANSI X9.31-1998 - Appendix A changed to ANSI X9.31-1998 - Appendix A.2.4.

[02-19-2003] FIPS 140-2 Annex A: Approved Security Functions [ Error! Hyperlink reference not valid. ] has been updated

NIST Special Publication 800-38A reference added.

[02-12-2003] The Derived Test Requirements [DTR] for FIPS PUB 140-2, Security Requirements for Cryptographic Modules [ PDF ] has been updated

Details can be found in the Change Notices section of the DTR.

Back to Top 

2002

[12-02-2002] FIPS 140-2 Annex B: Approved Protection Profiles [ PDF ] has been updated

URL links updated.

[05-26-2002] As of May 26, 2002, NIST and CSEC will only accept validation test reports for cryptographic modules against FIPS 140-2 and the FIPS 140-2 DTR.

[05-13-2002] FIPS 140-2 Annex A: Approved Security Functions [ PDF ] has been updated

FIPS 197 (AES) and FIPS 198 (HMAC) have been added.

[04-17-2002] The Cryptographic Module Validation Program FIPS 140-1 and FIPS 140-2 Modules In Process List is now available.

Module In Process List

[01-10-2002] FIPS 140-2 Annex C: Approved Random Number Generators [ PDF ] and Implementation Guidance for FIPS PUB 140-1 and the Cryptographic Module Validation Program [ PDF ] have been updated

ANSI X9.62-1998 Annex A.4 PRNG has been added as FIPS Approved.

CMVP Symposium 2004

Presentations and Photos Available(go to Agenda page and select PDF and [photo] links)

CMVP Symposium 2002

Presentations and Photos Available(go to Agenda page and select PDF and [photo] links)

Back to Top 

 

Created October 11, 2016, Updated September 18, 2020