Algorithm/Scheme |
Standard |
Relevant IG(s)[1] |
ACVTS Prod Date[2] |
Submission Date[3] |
AES-CBC-CS |
FIPS 140-2: A.12 |
Prior to June 30, 2020 |
September 1, 2020 |
|
AES FF1 |
FIPS 140-2: A.10 |
Prior to June 30, 2020 |
September 1, 2020 |
|
cSHAKE, TupleHash, ParallelHash, KMAC |
FIPS 140-2: A.15 |
Prior to June 30, 2020 |
September 1, 2020 |
|
RSA 4096 bit modulus[4] |
FIPS 140-2: G.18 |
Prior to June 30, 2020 |
September 1, 2020 |
|
Higher level algorithms using FIPS 202 functions[5] |
|
FIPS 140-2: A.11 FIPS 140-3: C.C |
Prior to June 30, 2020 |
September 1, 2020 |
ANS X9.42-2001 KDF |
FIPS 140-2: G.20 FIPS 140-3: 2.4.B |
Prior to June 30, 2020 |
September 1, 2020 |
|
ENT |
FIPS 140-2: 7.18, 7.19 FIPS 140-3: D.J, D.K |
N/A |
November 7, 2020[6] |
|
PBKDF |
FIPS 140-2: D.6 FIPS 140-3: D.N |
Prior to June 30, 2020 |
December 31, 2020 |
|
KAS-RSA or KAS-RSA-SSC IFC |
FIPS 140-2: D.8 FIPS 140-3: D.F |
September 30, 2020 |
December 31, 2020 |
|
KTS-RSA IFC |
FIPS 140-2: D.9 FIPS 140-3: D.G |
September 30, 2020 |
December 31, 2020 |
|
KAS or KAS-SSC DLC (FFC or ECC) |
FIPS 140-2: D.1-rev3, D.8 FIPS 140-3: D.F |
September 30, 2020 |
December 31, 2020[7] |
|
KDA[8] |
FIPS 140-2: D.10 |
September 30, 2020 |
December 31, 2020 |
|
TLS 1.3 KDF |
RFC 8446 - Sections 4.4.1 and 7.1 |
FIPS 140-2: G.20 FIPS 140-3: 2.4.B |
January 22, 2021 | June 30, 2021 |
ECDSA, EdDSA, RSA |
TBD |
Still on Demo |
TBD |
[1] Most algorithm self-test requirements are in IG 9.4 (for FIPS 140-2) and IG 10.3.A (for FIPS 140-3).
[2] Date in which the algorithm was moved onto the ACVTS production server.
[3] After this date, module submissions that modify or add the sunset date must CAVP test the applicable algorithm(s) that are used in an approved mode and perform the required self-tests. For FIPS 140-3 submissions, algorithms that show a Submission Date on or before December 31, 2020 are immediately transitioned rather than following the date listed in this table.
[4] This entry represents an addition of the RSA 4096-bit modulus testing to FIPS 186-4 (e.g. KeyGen, SigGen, SigVer).
[5] Not all higher-level algorithms support CAVP testing using FIPS 202 functions (e.g. DRBG, DSA, all CVL KDFs besides ANS x9.42, RSA). This date applies to the following higher-level algorithms (unless the algorithm itself has a later transition date) which do support FIPS 202 functions: ECDSA, HKDF, HMAC, KAS/KAS-RSA/SSC (SP 800-56Arev3 and SP 800-56Brev2), KBKDF, ANS x9.42 CVL, PBKDF. This table may need to be updated in the future.
[6] SP 800-90B compliance is required after November 7, 2020 for FIPS 140-2. This entry will be updated once ENT certification becomes available. In addition, this date is applicable to the vetted conditioning components specified in SP 800-90B section 3.1.5.1.1 which must be CAVP tested if implemented as part of an approved SP 800-90B compliant ENT.
[7] This date is applicable to the Safe Primes Groups as specified in SP 800-56Arev3 Appendix D which must be CAVP tested if implemented as part of an approved SP 800-56Arev3 compliant KAS.
[8] This includes the HKDF which is compliant to SP 800-56C (Rev.1 and Rev.2) and separately CAVP testable.
Algorithm/Scheme |
Standard |
Relevant IG(s) |
Submission Date[1] |
Historical Date[2] |
FIPS 186-2 RSA Key Gen or Sig Gen[3] |
FIPS 140-2: G.18 FIPS 140-3: N/A |
August 31, 2020 |
September 1, 2020 |
|
RSA-based KAS or KTS compliant to SP 800-56B |
FIPS 140-2: D.4, D.8, D.9 FIPS 140-3: N/A |
December 31, 2020 |
January 1, 2024 |
|
RSA-based key transport schemes that are not compliant to either SP 800-56B or SP 800-56B Rev. 2 |
|
FIPS 140-2: Allowed per D.9 FIPS 140-3: N/A |
December 31, 2020 |
January 1, 2024 |
RSA-based key transport schemes that only use PKCS#1-v1.5 padding[5] |
RFC 2313 Section 8.1 |
Allowed per FIPS 140-2: D.9 FIPS 140-3: D.G |
December 31, 2023 |
January 1, 2024 |
DLC-based KAS compliant to SP 800-56A |
FIPS 140-2: D.8 FIPS 140-3: N/A |
December 31, 2020 |
July 1, 2022 |
|
DLC-based KAS compliant to SP 800-56A Rev. 2 |
FIPS 140-2: D.1rev2 FIPS 140-3: N/A |
December 31, 2020 |
July 1, 2022 |
|
Key agreement schemes that are not compliant with any version of SP 800-56A |
|
FIPS 140-2: D.8 FIPS 140-3: N/A |
December 31, 2020 |
July 1, 2022 |
Triple-DES encryptions[7] |
|
December 31, 2023 |
January 1, 2024 |
[1] The last date that a module that implements this algorithm in the approved mode can be submitted to the CMVP. Submissions that do not modify or add a sunset date can still be submitted after this date.
[2] Date in which modules that implement these algorithms in an approved mode will be moved to the historical list.
[3] Per IG G.18, this includes modules that were CAVP tested for FIPS 186-2 RSA SigGen with modulus size lower than 4096 or FIPS 186-2 RSA KeyGen of any modulus size.
[4] Vendor affirmed, as testing for this algorithm is not available.
[5] Not compliant to SP 800-56B Rev. 2.
[6] Vendor affirmed, as testing for this algorithm is not available.
[7] Triple-DES decryptions are approved beyond this date for “Legacy Use”.
From Jan 26, 2021
Algorithm/Scheme |
Standard |
Relevant IG(s)[1] |
ACVTS Prod Date[2] |
Submission Date[3] |
AES-CBC-CS |
FIPS 140-2: A.12 |
Prior to June 30, 2020 |
September 1, 2020 |
|
AES FF1 |
FIPS 140-2: A.10 |
Prior to June 30, 2020 |
September 1, 2020 |
|
cSHAKE, TupleHash, ParallelHash, KMAC |
FIPS 140-2: A.15 |
Prior to June 30, 2020 |
September 1, 2020 |
|
RSA 4096 bit modulus[4] |
FIPS 140-2: G.18 |
Prior to June 30, 2020 |
September 1, 2020 |
|
Higher level algorithms using FIPS 202 functions[5] |
|
FIPS 140-2: A.11 FIPS 140-3: C.C |
Prior to June 30, 2020 |
September 1, 2020 |
ANS X9.42-2001 KDF |
FIPS 140-2: G.20 FIPS 140-3: 2.4.B |
Prior to June 30, 2020 |
September 1, 2020 |
|
ENT |
FIPS 140-2: 7.18, 7.19 FIPS 140-3: D.J, D.K |
N/A |
November 7, 2020[6] |
|
PBKDF |
FIPS 140-2: D.6 FIPS 140-3: D.N |
Prior to June 30, 2020 |
December 31, 2020 |
|
KAS-RSA or KAS-RSA-SSC IFC |
FIPS 140-2: D.8 FIPS 140-3: D.F |
September 30, 2020 |
December 31, 2020 |
|
KTS-RSA IFC |
FIPS 140-2: D.9 FIPS 140-3: D.G |
September 30, 2020 |
December 31, 2020 |
|
KAS or KAS-SSC DLC (FFC or ECC) |
FIPS 140-2: D.1-rev3, D.8 FIPS 140-3: D.F |
September 30, 2020 |
December 31, 2020[7] |
|
KDA[8] |
FIPS 140-2: D.10 |
September 30, 2020 |
December 31, 2020 |
|
TLS 1.3 KDF |
RFC 8446 - Sections 4.4.1 and 7.1 |
FIPS 140-2: G.20 FIPS 140-3: 2.4.B |
Still on Demo |
TBD |
ECDSA, EdDSA, RSA |
TBD |
Still on Demo |
TBD |
[1] Most algorithm self-test requirements are in IG 9.4 (for FIPS 140-2) and IG 10.3.A (for FIPS 140-3).
[2] Date in which the algorithm was moved onto the ACVTS production server.
[3] After this date, module submissions that modify or add the sunset date must CAVP test the applicable algorithm(s) that are used in an approved mode and perform the required self-tests. For FIPS 140-3 submissions, algorithms that show a Submission Date on or before December 31, 2020 are immediately transitioned rather than following the date listed in this table.
[4] This entry represents an addition of the RSA 4096-bit modulus testing to FIPS 186-4 (e.g. KeyGen, SigGen, SigVer).
[5] Not all higher-level algorithms support CAVP testing using FIPS 202 functions (e.g. DRBG, DSA, all CVL KDFs besides ANS x9.42, RSA). This date applies to the following higher-level algorithms (unless the algorithm itself has a later transition date) which do support FIPS 202 functions: ECDSA, HKDF, HMAC, KAS/KAS-RSA/SSC (SP 800-56Arev3 and SP 800-56Brev2), KBKDF, ANS x9.42 CVL, PBKDF. This table may need to be updated in the future.
[6] SP 800-90B compliance is required after November 7, 2020 for FIPS 140-2. This entry will be updated once ENT certification becomes available. In addition, this date is applicable to the vetted conditioning components specified in SP 800-90B section 3.1.5.1.1 which must be CAVP tested if implemented as part of an approved SP 800-90B compliant ENT.
[7] This date is applicable to the Safe Primes Groups as specified in SP 800-56Arev3 Appendix D which must be CAVP tested if implemented as part of an approved SP 800-56Arev3 compliant KAS.
[8] This includes the HKDF which is compliant to SP 800-56C (Rev.1 and Rev.2) and separately CAVP testable.
From Oct 11, 2020
Algorithm/Scheme |
Standard |
Relevant IG(s)[1] |
ACVTS Prod Date[2] |
Submission Date[3] |
AES-CBC-CS |
FIPS 140-2: A.12 |
Prior to June 30, 2020 |
September 1, 2020 |
|
AES FF1 |
FIPS 140-2: A.10 |
Prior to June 30, 2020 |
September 1, 2020 |
|
cSHAKE, TupleHash, ParallelHash, KMAC |
FIPS 140-2: A.15 |
Prior to June 30, 2020 |
September 1, 2020 |
|
RSA 4096 bit modulus[4] |
FIPS 140-2: G.18 |
Prior to June 30, 2020 |
September 1, 2020 |
|
Higher level algorithms using FIPS 202 functions[5] |
|
FIPS 140-2: A.11 FIPS 140-3: C.C |
Prior to June 30, 2020 |
September 1, 2020 |
ANS X9.42-2001 KDF |
FIPS 140-2: G.20 FIPS 140-3: 2.4.B |
Prior to June 30, 2020 |
September 1, 2020 |
|
ENT |
FIPS 140-2: 7.18, 7.19 FIPS 140-3: D.J, D.K |
N/A |
November 7, 2020[6] |
|
PBKDF |
FIPS 140-2: D.6 FIPS 140-3: D.N |
Prior to June 30, 2020 |
December 31, 2020 |
|
KAS-RSA or KAS-RSA-SSC IFC |
FIPS 140-2: D.8 FIPS 140-3: D.F |
September 30, 2020 |
December 31, 2020 |
|
KTS-RSA IFC |
FIPS 140-2: D.9 FIPS 140-3: D.G |
September 30, 2020 |
December 31, 2020 |
|
KAS or KAS-SSC DLC (FFC or ECC) |
FIPS 140-2: D.1-rev3, D.8 FIPS 140-3: D.F |
September 30, 2020 |
December 31, 2020 |
|
KDA[7] |
FIPS 140-2: D.10 |
September 30, 2020 |
December 31, 2020 |
|
TLS 1.3 KDF |
RFC 8446 - Sections 4.4.1 and 7.1 |
FIPS 140-2: G.20 FIPS 140-3: 2.4.B |
Still on Demo |
December 31, 2020 |
ECDSA, EdDSA, RSA |
TBD |
Still on Demo |
TBD |
[1] Most algorithm self-test requirements are in IG 9.4 (for FIPS 140-2) and IG 10.3.A (for FIPS 140-3).
[2] Date in which the algorithm was moved onto the ACVTS production server.
[3] After this date, module submissions that modify or add the sunset date must CAVP test the applicable algorithm(s) that are used in an approved mode and perform the required self-tests. For FIPS 140-3 submissions, algorithms that show a Submission Date on or before December 31, 2020 are immediately transitioned rather than following the date listed in this table.
[4] This entry represents an addition of the RSA 4096-bit modulus testing to FIPS 186-4 (e.g. KeyGen, SigGen, SigVer).
[5] Not all higher-level algorithms support CAVP testing using FIPS 202 functions. Therefore, this table may need to be updated in the future.
[6] SP 800-90B compliance is required after November 7, 2020 for FIPS 140-2. This entry will be updated once ENT certification becomes available.
[7] This includes the HKDF which is compliant to SP 800-56C (Rev.1 and Rev.2) and separately CAVP testable.
From April 22, 2021
Algorithm/Scheme |
Standard |
Relevant IG(s) |
Submission Date[1] |
Historical Date[2] |
FIPS 186-2 RSA Key Gen or Sig Gen[3] |
FIPS 140-2: G.18 FIPS 140-3: N/A |
August 31, 2020 |
September 1, 2020 |
|
RSA-based KAS or KTS compliant to SP 800-56B |
FIPS 140-2: D.4, D.8, D.9 FIPS 140-3: N/A |
December 31, 2020 |
January 1, 2024 |
|
RSA-based key transport schemes that are not compliant to either SP 800-56B or SP 800-56B Rev. 2 |
|
FIPS 140-2: Allowed per D.9 FIPS 140-3: N/A |
December 31, 2020 |
January 1, 2024 |
RSA-based key transport schemes that only use PKCS#1-v1.5 padding[5] |
RFC 2313 Section 8.1 |
Allowed per FIPS 140-2: D.9 FIPS 140-3: D.G |
December 31, 2023 |
January 1, 2024 |
DLC-based KAS compliant to SP 800-56A |
FIPS 140-2: D.8 FIPS 140-3: N/A |
December 31, 2020 |
January 1, 2022 |
|
DLC-based KAS compliant to SP 800-56A Rev. 2 |
FIPS 140-2: D.1rev2 FIPS 140-3: N/A |
December 31, 2020 |
January 1, 2022 |
|
Key agreement schemes that are not compliant with any version of SP 800-56A |
|
FIPS 140-2: D.8 FIPS 140-3: N/A |
December 31, 2020 |
January 1, 2022 |
Triple-DES encryptions[7] |
|
December 31, 2023 |
January 1, 2024 |
[1] The last date that a module that implements this algorithm in the approved mode can be submitted to the CMVP. Submissions that do not modify or add a sunset date can still be submitted after this date.
[2] Date in which modules that implement these algorithms in an approved mode will be moved to the historical list.
[3] Per IG G.18, this includes modules that were CAVP tested for FIPS 186-2 RSA SigGen with modulus size lower than 4096 or FIPS 186-2 RSA KeyGen of any modulus size.
[4] Vendor affirmed, as testing for this algorithm is not available.
[5] Not compliant to SP 800-56B Rev. 2.
[6] Vendor affirmed, as testing for this algorithm is not available.
[7] Triple-DES decryptions are approved beyond this date for “Legacy Use”.
Security and Privacy: cryptography, testing & validation
Technologies: hardware, software & firmware