In September 2017, this (legacy) site will be replaced with the new site you can see at beta.csrc.nist.rip. At that time, links to this legacy site will be automatically redirected to apporpriate links on the new site.

Notices

[12-12-13] - The transitioning of cryptographic algorithms and key lengths to stronger cryptographic keys and more robust algorithms as recommended in NIST SP800-131A Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths goes into effect January 1, 2014. Please see NIST SP800-131A, CMVP Implementation Guidance (IG) G.14 Validation of Transitioning Cryptographic Algorithms and Key Lengths, and IG G.15 Validating the Transition from FIPS 186-2 to FIPS 186-3 for details on the changes that take effect on January 1, 2014.

[09-05-13] - On July 19,2013, NIST announced the approval of Federal Information Processing Standard (FIPS) 186-4, the Digital Signature Standard. All of the changes between FIPS 186-3 and FIPS186-4 had already been incorporated into the CAVP testing tool; the testing of FIPS186-3 implementations is identical to the testing of FIPS 186-4 implementations. There is no need for a transition period in which both FIPS 186-3 and FIPS 186-4 validation would be performed. Previous CAVP validations for FIPS 186-3 will be considered as equivalent to those for FIPS 186-4. Vendors should start using FIPS 186-4 immediately.

[09-06-12] - GMAC implementation error reported by 3rd party in Open SSL FIPS Object Module (Cert. #1747) Version 2.0 (AES Cert. #1884) and Version 2.0.1 (AES Cert. #2116)

The CAVP and CMVP recently received 3rd party information that revealed an error in the GMAC implementation in the Open SSL FIPS Object Module (Cert. #1747) Version 2.0 (AES Cert. #1884) and Version 2.0.1 (AES Cert. #2116). This error occurs when the GCM implementation is tested with zero-length plaintext and Additional Authenticated Data (AAD) input lengths that are not a multiple of 128 bits. This means that the AAD information might not be signed correctly. The Open SSL FIPS Object Module is an open source distributed module that is used by other developers and may be found in many products. Therefore, the CAVP/CMVP is concerned that this error may be present in many of these other implementations or products. If you have any questions concerning these implementations, please contact the vendor. CMVP records indicate that the following validated modules are based on or utilize the Open SSL FIPS Object Module (Cert. #1747) and may also be at risk: Catbird vSecurity Crypto Module v1.0 (Cert. #1760) and the Cummings Engineering's Secure Mobility Suite B Crypto Module v1.0 (Cert. #1759).

[04-23-2012] - Validation of Transitioning Cryptographic Algorithms and Key Lengths

The Implementation Guidance for FIPS 140-2 and the CMVP (CMVP = Cryptographic Module Validation Program) has been updated to include IG G.14 which addresses how the validation of cryptographic algorithms by the CAVP and the validation of cryptographic modules by the CMVP will be affected during the transition as specified in Special Publication 800-131A. This transition guidance was originally drafted as SP 800-131B but has been moved to the CMVP Implementation Guidance IG G.14.

[04-23-2012] - Validating the Transition from FIPS 186-2 to FIPS 186-3

The Implementation Guidance for FIPS 140-2 and the CMVP (CMVP = Cryptographic Module Validation Program) has been updated to include IG G.15 which addresses the transition plan specific to the validation of FIPS 186-2 and FIPS 186-3. This transition plan addresses both the cryptographic algorithm validations and the cryptographic module validations that are conducted by the CAVP and CMVP, respectively. This transition guidance was originally drafted as SP 800-131C but has been moved to the CMVP Implementation Guidance IG G.15.

[08-17-2009] - Comments received on White Paper: The Transitioning of Cryptographic Algorithms and Key Sizes

Updated comments as of August 14, 2009.

[07-02-2009] -- White Paper: The Transitioning of Cryptographic Algorithms and Key Sizes

Comments are requested on the white paper "The Transitioning of Cryptographic Algorithms and Key Sizes" by August 3, 2009. Please provide comments to CryptoTransitions@nist.gov.

Comments received as of July 24, 2009.

[02-08-2008] Communications Security Establishment (CSE) recently changed name

The names "Communications Security Establishment" and the "Communications Security Establishment of the Government of Canada" have been replaced by Communication Security Establishment Canada. Furthermore, the acronym CSE has been replaced by CSEC. The email addresses remain unchanged.

[05-21-2007] DES Transition Plan and SP 800-57 Transition Plan has ended on May 19, 2007.

The Cryptographic Module Validation Program (CMVP) DES Transition Plan addresses the use of single key DES by Federal agencies, which are incorporated in cryptographic modules, validated to FIPS 140-1 or FIPS 140-2. Single key DES has been an Approved security function since the inception of the CMVP and the signing of FIPS 140-1 on January 11, 1994. The DES transition plan was developed to allow Federal agencies and vendors to smoothly transition to the stronger Approved security functions, specifically AES and Triple-DES.

The Cryptographic Module Validation Program (CMVP) NIST Special Publication (SP) 800-57 Transition Plan addresses the use of a minimum of 80 bits of security strength used by Federal agencies, as incorporated in cryptographic modules validated to FIPS 140-1 or FIPS 140-2. The SP 800-57 transition plan was developed to allow Federal agencies and vendors to smoothly transition to the use of a minimum of 80 bits of security strength.

CMVP Actions:

References to DES as an Approved Security Function has been removed from FIPS 140-2 Annex A.
All cryptographic module validation entries for DES as an Approved Security Function have been changed and DES has been moved as a non-Approved Security Function.
All cryptographic module validation entries for security methods less than 80-bits of security strength have been modified to indicate these methods are not Approved for use in a FIPS Approved mode of operations.
Referenced Security Policies or Certificate images have not been modified or updated. Vendors are encourage to provide updated Security Policies. Per FIPS 140-2 FAQ, certificate images are only provided representing initial validation and are not updated when validation changes occur.
As a result of the above changes, if a cryptographic module validation is no longer valid, this module entry will be marked as "Revoked" with a link to the transition plan document.

CAVP Actions:

The DES Algorithm Validation List has been archived and is still accessible for historical purposes only.
The Triple-DES Algorithm Validation List has been modified to only recognize those implementations that support keying option 1 (K1, K2, and K3 are independent) and keying option 2 (K1=K2, and K3 is independent). If an implementation previously tested supported only keying option 3 (which is equivalent to DES), it has been marked as no longer NIST-Approved.
The DSA Algorithm Validation List has been modified to only recognize those implementations that support 80-bits or more of security strength. This includes implementations that use a modulus size of 1024 bits. If an implementation previously tested did not support mod size of 1024 bits, it has been marked as no longer NIST-Approved.

Please contact the NIST Security Technology Group for additional information regarding the transition. William Polk 301-975-3348.

[03-06-2006] SP 800-57 Transition Plan

[05-19-2005] DES Transition Plan

[02-09-2005] DES Testing and Algorithm Validation

The CMT laboratories shall no longer accept DES algorithm implementations for validation by the CAVP. As of today, February 9, 2005, the CAVP will no longer issue algorithm certificates for DES algorithm implementations not under contract for testing by the CMT laboratories at the time of receipt of this notice.

NIST, Computer Security Resource Center

Notices