U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

Cryptographic Module Validation Program CMVP

Implementation Guidance Announcements

2021

 

[11-05-2021] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • New Guidance
    • D.14 SP 800-56C Rev2 One-Step Key Derivation Function Without a Counter
  • Updated Guidance:

    • G.8 Revalidation Requirements - Abbreviated Additional Comment #9 (was Additional Comment #8) as applicable text was moved to IG 1.23.  Added allowances to combine scenarios in Additional Comment #8.  Generalized Scenario 1B to be combined with viable revalidation scenarios.
    • G.13 Instructions for Validation Information Formatting - Added the caveat: “No assurance of minimum strength or security of keys”.  Removed MD5 from the approved algorithms line as it does not claim security per IG 1.23.  Added a space to ENT entries to ENT (P) or ENT (NP) and did this throughout the entire IG.
    • G.20 Tracking the Component Validation List - Added references to SP 800-56Arev3 for the ECC-CDH primitive CVL in Resolution #2.  Minor clean up including updating transition dates.
    • 1.23 Definition and Use of a non-Approved Security Function - Synchronized minor text edits in the Resolution to be consistent with IG 2.4.A (FIPS 140-3).  Clarified XOR example with a note.  Added Additional Comment #2 to further clarify when a vendor can apply this IG.
    • 7.18 Entropy Estimation and Compliance with SP 800-90B - Added Additional Comment #12 to clarify when other parties can write a labs’ entropy source description and its heuristic entropy analysis.
    • 9.4 Known Answer Tests for Cryptographic Algorithms - Spelled out the ENT self-test requirements to avoid ambiguity.
    • 14.5 Critical Security Parameters for the SP 800-90A DRBGs - Added Additional Comment on the CTR_DRBG without a derivation function.
    • A.2 Use of non-NIST-Recommended Elliptic Curves - Updated name and KAS examples to match what is in G.13.
    • A.14 Approved Modulus Sizes for RSA Digital Signature and Other Approved Public Key Algorithms - Added Table 1 with a more relaxed upper bound limit and introduced supporting text including adding two new Additional Comments.  Clarified the minimum number of the Miller-Rabin tests. Cleaned up old text in the Additional Comments.
    • D.1-rev3 CAVP Requirements for Vendor Affirmation to SP 800-56A Rev3 and the Transition from the Validation to the Earlier Versions of This Standard - Clarified that validated modules that vendor affirm to IG D.1-rev3 will not move to the Historical List come the SP 800-56A Rev3 transition, unless for another reason.
    • D.8 Key Agreement Methods - Added path (3) into Scenario X1.  Changed transition date in Additional Comment #11 to June 30, 2022.

[05-04-2021] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • New Guidance
    • IG 7.20 Combining Entropy from Multiple Sources
  • Updated Guidance:

    • G.8 Revalidation Requirements – Updated Scenario 3A and 3B to replace “since the original validation” with “since the submission of the original module”.
    • G.13 Instructions for Validation Information Formatting - Updated to align ENT references with that of IG 7.20.
    • 3.1 Authorized Roles - Clarified the requirements of the text “or other services that do not affect the security of the module”.
    • 7.18 Entropy Estimation and Compliance with SP 800-90B - Updated to align ENT references with that of IG 7.20.
    • 9.4 Known Answer Tests for Cryptographic Algorithms – Clarified self-test rules around the PBKDF Iteration Count parameter.
    • D.1-rev3 CAVP Requirements for Vendor Affirmation to SP 800-56A Rev3 and the Transition from the Validation to the Earlier Versions of This Standard & D.8 Key Agreement Methods – Updated SP 800-56Arev3 transition date from January 1, 2022 to July 1, 2022.
    • D.9 Key Transport Methods - Added “if applicable” for key confirmation under the first approved method.

 

[01-05-2021] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • Updated Guidance
    • IG G.8 Revalidation Requirements – Introduced a new Scenario 3B for algorithm transitions.
    • IG G.13 Instructions for Validation Information Formatting – Clarified in section 9 that bound/embedded security functions must be included in the binding/embedding module’s security policy and distinct from the module’s implemented security functions.
    • IG 7.18 Entropy Estimation and Compliance with SP 800-90B - Changed language surrounding bound and embedded modules that are compliant to IG 7.15.  Added references to IG 7.19.
    • IG 9.4 Known Answer Tests for Cryptographic Algorithms – Reformatted Question/Problem.  Consolidated and clarified several algorithm self-test requirements, including SHA-3 (permutation-based, extendable-output functions and derived functions), ENT, PBKDF, KDA, key agreement and key transport schemes.  Added optimization option for the DRBG KAT.  Clarified language surrounding if different implementations of a single algorithm are implemented, with a reference to multiple approved modes.
    • IG A.3 Vendor Affirmation of Cryptographic Security Methods - Changed Background and some of the Question/Problem to be more applicable.  Included transition schedule for CAVP testing.  Combined two sections on vendor affirmation into one.
    • IG A.5 Key/IV Pair Uniqueness Requirements from SP 800-38D – Removed Scenario 2’s second and fourth bullets and added the reasoning as Additional Comment #4.

2020

 

[08-26-2020] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • New Guidance:
    • IG 7.19 Interpretation of SP 800-90B Requirements
  • Updated Guidance
    • Incorporated algorithm transition dates where testing is now supported by the CAVP (IGs G.20, A.12, A.15, D.1rev2, D.1rev3, D.6, D.8, D.9, D.10)

[08-12-2020] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • New Guidance:
    • IG G.20: Tracking the Component Validation List
  • Updated Guidance:
    • IG G.13 Instructions for Validation Information FormattingAdded approved Key Agreement examples for compliance to SP 800-56Brev2 or SP 800-56Arev3.  Added additional non-approved but allowed MQV examples.  Added an example and two notes for the tested KDA (SP 800-56C Rev1/Rev2).  Moved a paragraph from the top of Section 10 to the middle as it fits more logically.  Small changes to footnotes for additional clarity.
    • IG 7.8 The Use of Post-Processing in Key Generation MethodsMinor update to address the second revision of SP 800-133.
    • IG A.10 Requirements for Vendor Affirmation of SP 800-38GRemoved the allowance to vendor affirm the FF3 mode.  Added a paragraph in the Background to explain the FF3 vulnerability and the draft of SP 800-38Grev1.  Added a transition end date for vendor affirming to FF1.  Moved two additional comments into the Resolution section.  Added two additional comments (4, 5) to address FF1 testing (4) and what happens when SP 800-38Grev1 is published (5).
    • IG D.1rev3 CAVP Requirements for Vendor Affirmation to SP 800-56A Rev3 and the Transition from the Validation to the Earlier Versions of This StandardRevised with new SP 800-56Arev3 transition schedule.
    • IG D.8 Key Agreement MethodsRevised with new SP 800-56Arev3 transition schedule.  Specified transition rules when complying to the original SP 800-56B.  Updated with guidance on CAVP testing options, self-test requirements, and documentation requirements when implementing SP 800-56Arev3 (scenario X1) or SP 800-56Brev2 (scenario 2) key agreement schemes.
    • IG D.9 Key Transport MethodsClarified the self-test description based on lab comments. 
    • IG D.12 Requirements for Vendor Affirmation to SP 800-133Updated to address the second revision of SP 800-133.  Updated Additional Comment #1 to account for the case where post processing is applied.

 

[06-29-2020] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • Updated Guidance:

 

  • IG G.8 Revalidation Requirements – Made it clear in the Resolution that all scenarios must be processed and submitted to the CMVP by a CST Laboratory.  Modified Scenario 1 to prevent allowing security relevant functions or services that were not tested but testing was available during the original validation (this should be a 3sub). Added language to Scenario 1 indicating a no-cost ECR may be applicable.  Added a requirement to include an up-to-date entropy report for Scenario 1 (4) - adding new OE’s to the module certificate - after November 7, 2020.  Added a new requirement to Scenario 2 to submit an IG summary table as part of the change letter.  Added language to make it clear that an up-to-date entropy report is required for Scenario 2 submissions, if applicable per IG 7.14. 
  • IG G.13 Instructions for Validation Information Formatting – Added missing KMAC and SHA-3-Customized (IG A.15) to the list of approved algorithms with footnotes to explain each of them.  Added approved algorithm examples for compliance to SP 800-56Brev2.
  • IG 9.4 Known Answer Tests for Cryptographic Algorithms – Added bullet #3 under the RSA algorithm to address IG D.9 self-test requirements.
  • IG A.5 Key/IV Pair Uniqueness Requirements from SP 800-38D – Introduced Scenario 5 which allows the vendor to extend the industry protocol-specific cases of Scenario 1.  Added version numbers to the protocol references mentioned throughout this IG.
  • IG D.9 Transport Methods – Introduced support for compliance to SP 800-56Brev2 and provided transition rules for compliance to the original SP 800-56B or non-compliance to any version of SP 800-56B.  Clarified self-test requirements for SP 800-56Br2 compliance.
  •  

Back to Top


2019

 

[12-03-2019] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • Updated Guidance:
  • IG G.8 Revalidation Requirements – Removed “rev1” from a reference to SP 800-131A to apply to any revision of this standard.
  • IG G.13 Instructions for Validation Information Formatting – Added KAS-SSC (IG D.8) and KDA (IG D.10) to the list of approved algorithms with footnotes to explain each of them.  Added a KTS example and footnote for AES that uses different certificate numbers for encryption and authentication.  Added footnotes in the Allowed algorithms section to explain the reference to SP 800-56C and SP 800-56C Rev1.  A footnote for the EC DiffieHellman entry has been clarified to reference IG D.8 applicable scenarios.
  • IG G.18 Limiting the Use of FIPS 186-2 – Extended the transition date to two months after ACVP Transition Date.  Clarified which modules will be moved to the historical list, and the methods to remain on (or be moved back to) the active list.
  • IG 7.16 Acceptable Algorithms for Protecting Stored Keys and CSPs – Added an Additional Comment about the general SP 800-131A notation.
  • IG 7.18 Entropy Estimation and Compliance with SP 800-90B  – Updated to explain the validation rules for the modules which receive their entropy from an embedded module.
  • IG 9.8 Continuous Random Number Generator Tests  – Small formatting corrections and updated for consistency with SP 800-90B.
  • IG 9.9 Pair-Wise Consistency Self-Test When Generating a Key Pair – Cleaned up wording when referencing individual sections in each version of SP 800-56A.
  • IG A.2 Use of non-NIST-Recommended Asymmetric Key Sizes and Elliptic Curves – Introduced SP 800-56A Rev3 and scenario X2 of IG D.8.
  • IG A.5 Key/IV Pair Uniqueness Requirements from SP 800-38D  – Introduced compliance methods for SSH protocol AES GCM IV generation.  Added a reference to SP 800-52 Rev 2 in the TLS protocol IV generation section.
  • IG A.8 Use of Truncated HMAC – Changed the IG title: removing a reference to HMACSHA-1, as this IG also applies to other forms of HMAC.  Added an Additional Comment about the general SP 800-131A notation.
  • IG A.14 Approved Modulus Sizes for RSA Digital Signature and Other Approved Public Key Algorithms – Accounted for the existence of the different revisions of SP 800-56A (older revisions perform the key agreement while the newer revisions only a shared secret computation).  Accommodated SP 800-131A Rev2.  Addressed an approval of all RSA key transport modulus sizes ≥ 2048 bits.  Changed the non-approved elliptic curve reference from FIPS 186-4 to IG A.2.
  • D.1-rev3 CAVP Requirements for Vendor Affirmation to SP 800-56A Rev3 and the Transition from the Validation to the Earlier Versions of This Standard  – Removed “to be published soon” from SP 800-131 rev1 reference.
  • D.2 Acceptable Key Establishment Protocols  – Changed a reference for the key generation methods from IG 7.8 to SP 800-133.
  • D.3 Assurance of the Validity of a Public Key for Key Establishment  – Updated outdated text and provisions.  Added additional comment 1 and 3 for clarity on newer standard revisions for SP 800-56A and SP 800-56B.  Additional comments: removed unnecessary text and turned remaining text into additional comment 2.
  • D.12 Requirements for Vendor Affirmation to SP 800-133  – Updated to the new revision of SP 800-133. Updated language to clarify when CKG terminology is applicable.
  • D.13 Elliptic Curves and the MODP Groups in Support of Industry Protocols – Reworked the Resolution section to say that the use of safe primes is now approved.  Explained that in each safe-prime triple (p, q, g) currently used in the IETF protocols, g is equal to 2.  Changed additional comment reference from SP 800-56A Rev2 to Rev3.  Eliminated altogether a reference to SP 800-131A

 

[10-23-2019] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • ​​​​New Guidance:
    • IG G.19 Operational Equivalency Testing for HW Modules

[08-16-2019] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • ​​​​New Guidance:
    • IG G.18 Limiting the Use of FIPS 186-2
    • IG D.1-rev3 CAVP Requirements for Vendor Affirmation to SP 800-56A Rev3 and the Transition from the Validation to the Earlier Versions of This Standard
  • Updated Guidance:
    • IG G.8 Revalidation Requirements – Updated Scenario 3A to permit a 3A submission to incorporate a Scenario 1 (non-security relevant) changes to be submitted as a single package.
    • IG 9.4 Known Answer Tests for Cryptographic Algorithms - Added a requirement in the symmetric-key algorithms section to self-test the forward and inverse cipher functions (if implemented by the module). Corrected the authenticated encryption mode hierarchy since item 2 (AES KW) testing should not cover item 3 (Triple-DES KW). Clarified how to meet the requirements of the bullets #1-#4 and how they relate to each other. Updated the Additional Comments paragraph to clarify when the PCT applies for an asymmetric key generation implementation.
    • IG D.8 Key Agreement Methods – Incorporated vendor affirmation to SP 800-56Arev3 and the new IG D.1rev3 into this IG.
    • IG D.10 Requirements for Vendor Affirmation of SP 800-56C - Updated to allow for vendor affirming to SP 800-56Crev1.

[05-07-2019] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • ​​​​New Guidance:
    • IG 7.18 - Entropy Estimation and Compliance with SP 800-90B
  • Updated Guidance:
    • IG G.13 - Instructions for Validation Information Formatting - Added the new "ENT" entry for 90B compliant modules per IG 7.18 Entropy Estimation and Compliance with SP 800-90B.
    • IG 7.14 - Entropy Caveats - Added additional comment #5 to address the caveat required when a module generates random strings that are not keys, or generates both strings and keys. Added additional comment #6 to address the case where two entropy caveats can be applied, but only the stronger caveat is required.
    • IG 7.15 - Entropy Assessment - Added a reference to the IG 7.18 Entropy Estimation and Compliance with SP 800-90B.

 

[02-07-2019] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

  • Updated Guidance:
    • IG 2.1 - Updated to allow enforcement of the Trusted Path by applying cryptographic protection.  Updated to explain the applicability of FIPS 140-2 Sections 4.2 and 4.7 to the input and output requirements for keys and CSPs. Updated documentation requirements when claiming the Trusted Path.

For older announcements, see the FIPS 140-2 Announcements Archive.

Back to Top

Created October 11, 2016, Updated December 06, 2021