Transition Summary
NIST CAVP sent the email “CAVS retirement and transition to ACVTS in FY2020” to all accredited CST laboratories on 18 October 2019:
UPDATE 09 March 2020: There is a change to 5.a. below. NIST CAVP will not do any cost recovery billing for ACVTS in FY 2020. Algorithm validations using ACVTS will be free of charge until 01 October 2020.
Dear CSTLs, In response to questions and requests from some of you, as well as a further review of our internal transition process, NIST CAVP have decided on the following:
Please let me know if you have questions on any of the above. Best regards,
|
ACVTS Testing for Algorithms not Supported by CAVS
As ACVP testing continues active development, testing for Approved algorithms (i.e., security functions) that are not supported by CAVS will become available. Per (4.) above, if the ACVTS Prod server supports testing for an Approved algorithm that CAVS does not support, then any IUT that implements that Approved algorithm must be tested using ACVTS. Per (4.b.), this requirement does not override or take precedence over a current FIPS 140-2 Implementation Guidance (IG) that allows for vendor affirmation of an Approved algorithm for the purposes of FIPS 140-2 module validation.
The table below lists algorithms not supported by CAVS for which ACVP testing is available on the ACVTS Prod server. It indicates if there is a FIPS 140-2 IG that allows vendor affirmation or not.
Algorithm Name (FIPS or NIST SP) |
ACVTS Demo | ACVTS Prod | Vendor Affirmation (IG #) |
Notes |
---|---|---|---|---|
AES-CBC-CS (Addendum to NIST SP 800-38A) | YES | YES | YES (IG A.12) |
|
PBKDF (NIST SP 800-132) | YES | YES | YES (IG D.6) |
|
AES FF1 (NIST SP 800-38G) | YES | YES | YES (IG A.10) |
|
cSHAKE, TupleHash, ParallelHash, KMAC (NIST SP 800-185) | YES | YES | YES (IG A.15) |
|
RSA 4096 bit modulus (FIPS 186-4, NIST SP 800-131A Rev. 2) | YES | YES |
NO |
FIPS 186-2 4096-bit RSA tests in CAVS (see IG G.18) |
ANS X9.42-2001 KDF (NIST SP 800-135 Rev. 1) | YES | YES | NO |
May use ANS X9.63-2001 KDF testing in CAVS (is equivalent) |
ECDSA, EdDSA, RSA (Draft FIPS 186-5, Request for Comment) | YES | NO | NO | NIST-recommended elliptic curves in Draft NIST SP 800-186 |
KTS/KAS IFC (NIST SP 800-56B Rev. 2) | YES | NO |
NO |
IGs D.4 and D.9 only cover the original SP 800-56B. |
KAS-SSC FFC/ECC (NIST SP 800-56A Rev. 3) | YES | NO |
YES (IG D.1-rev3) |
|
Key-Derivation Methods in Key-Establishment Schemes (NIST SP 800-56C Rev. 1) | YES | NO |
YES (IG D.10) |
KDFs used with schemes in 56A Rev. 3 and 56B Rev. 2. |
Security and Privacy: assurance, cryptography, testing & validation