[1] The last date that a module that implements this algorithm in the approved mode can be submitted to the CMVP.  Submissions that do not modify or add a sunset date can still be submitted after this date.

[2] Date in which modules that implement these algorithms in an approved mode will be moved to the historical list.

[3] Per IG G.18, this includes modules that were CAVP tested for FIPS 186-2 RSA SigGen with modulus size lower than 4096 or FIPS 186-2 RSA KeyGen of any modulus size.

[4] Vendor affirmed, as testing for this algorithm is not available.

[5] Not compliant to SP 800-56B Rev. 2.

[6] Vendor affirmed, as testing for this algorithm is not available.

[7] Triple-DES decryptions are approved beyond this date for “Legacy Use”.

[1] Most algorithm self-test requirements are in IG 9.4 (for FIPS 140-2) and IG 10.3.A (for FIPS 140-3).

[2] Date in which the algorithm was moved onto the ACVTS production server.

[3] After this date, module submissions that modify or add the sunset date must CAVP test the applicable algorithm(s) that are used in an approved mode and perform the required self-tests.  For FIPS 140-3 submissions, algorithms that show a Submission Date on or before December 31, 2020 are immediately transitioned rather than following the date listed in this table.

[4] This entry represents an addition of the RSA 4096-bit modulus testing to FIPS 186-4 (e.g. KeyGen, SigGen, SigVer).

[5] Not all higher-level algorithms support CAVP testing using FIPS 202 functions (e.g. DRBG, DSA, all CVL KDFs besides ANS x9.42, RSA).  This date applies to the following higher-level algorithms (unless the algorithm itself has a later transition date) which do support FIPS 202 functions: ECDSA, HKDF, HMAC, KAS/KAS-RSA/SSC (SP 800-56Arev3 and SP 800-56Brev2), KBKDF, ANS x9.42 CVL, PBKDF.  This table may need to be updated in the future.

[6] SP 800-90B compliance is required after November 7, 2020 for FIPS 140-2.  This entry will be updated once ENT certification becomes available.  In addition, this date is applicable to the vetted conditioning components specified in SP 800-90B section 3.1.5.1.1 which must be CAVP tested if implemented as part of an approved SP 800-90B compliant ENT.

[7] This date is applicable to the Safe Primes Groups as specified in SP 800-56Arev3 Appendix D which must be CAVP tested if implemented as part of an approved SP 800-56Arev3 compliant KAS.

[8] This includes the HKDF which is compliant to SP 800-56C (Rev.1 and Rev.2) and separately CAVP testable.

[1] Most algorithm self-test requirements are in IG 9.4 (for FIPS 140-2) and IG 10.3.A (for FIPS 140-3).

[2] Date in which the algorithm was moved onto the ACVTS production server.

[3] After this date, module submissions that modify or add the sunset date must CAVP test the applicable algorithm(s) that are used in an approved mode and perform the required self-tests.  For FIPS 140-3 submissions, algorithms that show a Submission Date on or before December 31, 2020 are immediately transitioned rather than following the date listed in this table.

[4] This entry represents an addition of the RSA 4096-bit modulus testing to FIPS 186-4 (e.g. KeyGen, SigGen, SigVer).

[5] Not all higher-level algorithms support CAVP testing using FIPS 202 functions.  Therefore, this table may need to be updated in the future.

[6] SP 800-90B compliance is required after November 7, 2020 for FIPS 140-2.  This entry will be updated once ENT certification becomes available. 

[7] This includes the HKDF which is compliant to SP 800-56C (Rev.1 and Rev.2) and separately CAVP testable.

[1] The last date that a module that implements this algorithm in the approved mode can be submitted to the CMVP.  Submissions that do not modify or add a sunset date can still be submitted after this date.

[2] Date in which modules that implement these algorithms in an approved mode will be moved to the historical list.

[3] Per IG G.18, this includes modules that were CAVP tested for FIPS 186-2 RSA SigGen with modulus size lower than 4096 or FIPS 186-2 RSA KeyGen of any modulus size.

[4] Vendor affirmed, as testing for this algorithm is not available.

[5] Not compliant to SP 800-56B Rev. 2.

[6] Vendor affirmed, as testing for this algorithm is not available.

[7] Triple-DES decryptions are approved beyond this date for “Legacy Use”.

Changes made April 22, 2021

1. DLC-based KAS compliant to SP 800-56A historical date delayed to July 1, 2022.
2. DLC-based KAS compliant to SP 800-56A Rev. 2 historical date delayed to July 1, 2022.
3. Key agreement schemes that are not compliant with any version of SP 800-56A historical date delayed to July 1, 2022.