In September 2017, this (legacy) site will be replaced with the new site you can see at beta.csrc.nist.rip. At that time, links to this legacy site will be automatically redirected to apporpriate links on the new site.
Retired CAVP Validation Testing
Retired Algorithms and Algorithm Components
Current retired testing includes the following algorithms and references:
Data (Message) Authentication Code (MAC) and Key Management Using ANSI X9.17
Message Authentication Code (MAC), FIPS 113
Key Management Using ANSI X9.17, FIPS 171
Data Encryption Standard (DES)
FIPS 46-3, Data Encryption Standard (DES), was withdrawn May 19, 2005 because the cryptographic algorithm no longer provided the security that is needed to protect Federal government information. DES is no longer an Approved algorithm.
Data (Message) Authentication Code (MAC) and Key Management Using ANSI X9.17
The automated conformance tests for FIPS 113 and 171 are no longer operational. Currently, if a FIPS 140-1 or FIPS 140-2 cryptographic module implements either of these two standards, the CST testing laboratories perform some testing that these FIPS requirements are implemented correctly in the cryptographic module.
Message Authentication Code (MAC), FIPS 113
The MAC Validation System (MVS) tested for compliance with FIPS 113, Computer Data Authentication is no longer operational. A list of validated products is maintained by the Security Technology Group.
Key Management Using ANSI X9.17, FIPS 171
The Key Management Validation System (KMVS) tested for compliance with FIPS 171, Key Management Using ANSI X9.17 is no longer operational. A list of validated products is maintained by the Security Technology Group.
Retired Algorithm Components as detailed in SP800-131A Transitions effective January 1, 2014
Please refer to CAVP Frequently Asked Questions (CAVP FAQ) GEN.23 and GEN.24 for information on the algorithm components that are no longer compliant because they are no longer secure enough. GEN.23 addresses the changes made to the Cryptographic Algorithm Validation lists as a result of the SP800-131A Transition which became effective January 1, 2014. GEN.24 identifies the elements of each algorithm that are now non-compliant.
Also see SP800-131A Revision 1 Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths, published November 2015.
Random Number Generators (RNG)
The Random Number Generators specified in FIPS 186-2 with Change Notice 1 dated October 5, 2001 (Appendix 3.1 and 3.2), ANSI X9.31 (Appendix A.2.4) and ANSI X9.62 (Appendix A.4)are no longer compliant as of January 1, 2016.
See SP800-131A Revision 1 Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths, published November 2015 for more information.
Retired Algorithm Components as detailed in SP800-131A Transitions effective January 1, 2016
Please refer to CAVP Frequently Asked Questions (CAVP FAQ) GEN.27 which identifies the algorithm components that are non-compliant beginning January 1, 2016.
Also see SP800-131A Revision 1 Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths, published November 2015.
Historical Validation Lists for Retired Algorithms and Retired Algorithm Components
The validation lists for the retired algorithms are accessible below for historical purposes. The complete algorithms or components of these algorithms are either no longer recognized as Approved security functions or testing is no longer available from the Cryptographic Algorithm Validation Program (CAVP).
Please see SP800-131A Revision 1 Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths for more information.
Retired Algorithm Validation Lists
- DES Validation List
- RNG Validation List
- MAC (FIPS 113) Validation List
- Key Management (FIPS 171) Validation List