[Updated 08-10-2021]
Cost recovery fees are collected for NIST CMVP report review of new module submissions, modified module submissions, and for report reviews that require additional time due to complexity or quality. These fees are referred to as Cost Recovery (CR) and Extended Cost Recovery (ECR). Modules are not validated unless all applicable fees have been collected by NIST Billing. Please see the CMVP FIPS 140-2 Management Manual or CMVP FIPS 140-3 Management Manual for further information.
Currently the CR fee is applicable for IG G.8 Scenarios 1A, 3, and 5; the CR fee is not applicable for IG G.8 Scenario's 1, 3A, 3B, and 4. The ECR fee is applicable per the overall Security Level to all test reports received by NIST CMVP under FIPS 140-2 IG G.8 (all scenarios). Scenarios 5 and 3 submissions will be accepted if approved through March 31, 2022. Scenarios 1B and 2 have been discontinued.
Currently the CR fee is applicable for Scenarios UP, FS, ENT, and EU; the CR fee is not applicable for Scenario's VU, OE & QU. The ECR fee is applicable per the overall Security Level to all test reports received by NIST CMVP under FIPS 140-3 (all scenarios).
The following fee structure is effective October 1, 2021 and is subject to change to reflect actual operating costs. Any change in rates for FY2021 will be reflected in the table below.
Scenarios: | Cost Recovery fee: | Extended Cost Recovery fee: |
---|---|---|
FIPS 140-2 IG G.8 Scenarios 1 & 3A FIPS 140-3 Scenarios VU |
N/A | $1,000 |
FIPS 140-2 IG G.8 Scenarios 3B and 4 FIPS140-3 Scenario OE & QU |
N/A | $1,000 |
FIPS 140-2 IG G.8 Scenarios 1A FIPS 140-3 Scenario UP-OEM & EU |
$2,000 |
$1,000 |
FIPS 140-2 IG G.8 Scenario 3 FIPS 140-3 Scenario UP (except OEM) & ENT |
$4,000 | $1,500 |
FIPS 140-2 IG G.8 Scenario 5 FIPS 140-3 Scenario FS |
||
Security Level 1: |
$8,000 | $3,000 |
Security Level 2: |
$10,000 | $4,000 |
Security Level 3: |
$10,000 | $4,000 |
Security Level 4: |
$10,000 | $4,000 |
[Updated 09-15-2020]
Cost recovery fees are collected for NIST CMVP report review of new module submissions, modified module submissions, and for report reviews that require additional time due to complexity or quality. These fees are referred to as Cost Recovery (CR) and Extended Cost Recovery (ECR). Modules are not validated unless all applicable fees have been collected by NIST Billing. Please see the CMVP FIPS 140-2 Management Manual or CMVP FIPS 140-3 Management Manual for further information.
Currently the CR fee is applicable for IG G.8 Scenarios 1A, 1B, 3 and 5; the CR fee is not applicable for IG G.8 Scenario's 1, 2, 3A, and 4. The ECR fee is applicable per the overall Security Level to all test reports received by NIST CMVP under FIPS 140-2 IG G.8 (all five scenarios).
Currently the CR fee is applicable for Scenarios 1OEM, 3MC and 5FS; the CR fee is not applicable for Scenario's 1VI, 1OEA, 1VA, 1UP, 1AU, 2SC, 1MU, 3CVE and 4PSC. The ECR fee is applicable per the overall Security Level to all test reports received by NIST CMVP under FIPS 140-3 (all scenarios).
The following fee structure is effective October 1, 2020:
Scenarios: | Base fee: | Extended fee: |
---|---|---|
FIPS 140-2 IG G.8 Scenarios 1, 2, 3A and 4 FIPS 140-3 Scenarios 1VI, 1OEA, 1VA, 1UP, 1AU, 2SC, 1MU, 3CVE and 4PSC |
N/A | $1,000 |
FIPS 140-2 IG G.8 Scenarios 1A and 1B FIPS140-3 Scenario 1OEM |
$2,000 | $1,000 |
FIPS 140-2 IG G.8 Scenario 3 FIPS 140-3 Scenario 3MC |
$4,000 | $1,500 |
FIPS 140-2 IG G.8 Scenario 5 FIPS 140-3 Scenario 5FS |
||
Security Level 1: |
$8,000 | $3,000 |
Security Level 2: |
$10,000 | $4,000 |
Security Level 3: |
$10,000 | $4,000 |
Security Level 4: |
$10,000 | $4,000 |
[Updated 10-01-2019]
Cost recovery fees are collected for NIST CMVP report review of new module submissions, modified module submissions, and for report reviews that require additional time due to complexity or quality. These fees are referred to as Cost Recovery (CR) and Extended Cost Recovery (ECR). Modules are not validated unless all applicable fees have been collected by NIST Billing. Please see the CMVP Management Manual for further information.
Currently the CR fee is applicable for IG G.8 Scenarios 1A, 1B, 3 and 5; the CR fee is not applicable for IG G.8 Scenario's 1, 2, 3A, and 4. The ECR fee is applicable per the overall Security Level to all test reports received by NIST CMVP under FIPS 140-2 IG G.8 (all five scenarios).
The following fee structure is effective October 1, 2019:
Security and Privacy: cryptography, testing & validation
Technologies: hardware, software & firmware