U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

CMVP Security Policy Requirements: NIST SP 800-140B Rev. 1 (Second Public Draft) Available for Public Comment
October 17, 2022

The second public draft of NIST Special Publication (SP) 800-140Br1 (Revision 1), CMVP Security Policy Requirements: CMVP Validation Authority Updates to ISO/IEC 24759 and ISO/IEC 19790 Annex B, is now available for public comment. 

The initial public draft introduced four significant changes to NIST SP 800-140B:

  1. Defines a more detailed structure and organization for the Security Policy
  2. Captures Security Policy requirements that are defined outside of ISO/IEC 19790 and ISO/IEC 24759
  3. Builds the Security Policy document as a combination of the subsection information
  4. Generates the approved algorithm table based on lab/vendor selections from the algorithm tests

This second draft addresses the comments made on the initial draft, including concerns with the structure of the Security Policy and the process for creating it. Appendix B provides details on these changes.

The NIST SP 800-140x series supports Federal Information Processing Standards (FIPS) Publication 140-3, Security Requirements for Cryptographic Modules, and its associated validation testing program, the Cryptographic Module Validation Program (CMVP). The series specifies modifications to ISO/IEC 19790 Annexes and ISO/IEC 24759 as permitted by the validation authority.

The public comment period is open through December 5, 2022. See the publication details for instructions on submitting comments.

Created October 17, 2022