Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

This is an archive
(replace .gov by .rip)

Cryptographic Module Validation Program CMVP

2004-2003 Announcements Archive

[11-04-2004] FIPS 140-2 Annex B: Approved Protection Profiles [ PDF ] has been updated

URL links for Approved protection profiles updated.


[09-23-2004] FIPS 140-2 Annex A: Approved Security Functions [ PDF ] has been updated

Message Authentication

National Institute of Standards and Technology, Recommendation for BlockCipher Modes of Operation: The CCM Mode for Authentication and Confidentiality, Special Publication 800-38C, May 2004. [ PDF ]


[09-22-2004] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

Updated Implementation Guidance:

  • 9.1 Known Answer Test for Keyed Hashing Algorithm (updated)
    • Removed requirement that a KAT must be implemented for every HMAC.

[08-19-2004] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

New and Updated Implementation Guidance:

  • G.5 Maintaining validation compliance of software or firmware cryptographic modules (updated)
    • Added references to firmware modules.
  • 1.5 Validation Testing of SHS Algorithms and Higher Cryptographic Algorithm Using SHS Algorithms (new)
  • 7.1 Acceptable Key Establishment Protocols (updated)
    • Added reference to password-based key establishment protocols.
  • 9.1 Known Answer Test for Keyed Hashing Algorithm (updated)
    • Added references to HMAC-SHA-224, HMAC-SHA-256, HMAC-SHA-384 and HMAC-SHA-512.
  • 9.2 Known Answer Test for Embedded Cryptographic Algorithms (updated)
    • Additional comment regarding SHA-1 within the FIPS 186-2 RNG.
  • 9.4 Cryptographic Algorithm Tests for SHS Algorithms and Higher Cryptographic Algorithms Using SHS Algorithms (new)

[08-18-2004] FIPS 140-2 Annex A: Approved Security Functions [ PDF ] has been updated

Asymmetric Key

DSA, RSA and ECDSA
National Institute of Standards and Technology, Digital Signature Standard (DSS), Federal Information Processing Standards Publication 186-2 with Change Notice 1, October 05, 2001.
Updated reference to include Change Notice 1.

RSA Laboratories, PKCS#1 v2.1: RSA Cryptography Standard, June 14, 2002.
Updated to reflect CMVP FAQ Section 6 entry "What is the status of PKCS#1?".


[07-26-2004] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

New and Updated Implementation Guidance:

  • G.1 Implementation guidance requests to NIST and CSEC (updated)
    • Distribution of CMT Lab guidance to all CMT Labs.
  • G.5 Maintaining validation compliance of software cryptographic modules (updated)
    • Addition of compliance caveat.
  • 1.4 Use of Cryptographic Algorithm Validation Certificates (new)
    • A transition period for conformance to IG 1.4 will end October 29, 2004. The CMVP will also review special conditions on a case-by-case basis.

[05-13-2004] FIPS 140-2 Annex A: Approved Security Functions [ PDF ] has been updated

Hashing

Secure Hash Standard (SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512)
National Institute of Standards and Technology, Secure Hash Standard, Federal Information Processing Standards Publication 180-2 with Change Notice 1, February 25, 2004. SHA-224 added as a reference.


[04-28-2004] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

New Guidance

  • 1.3 Firmware Designation

[03-29-2004] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

New Guidance

  • G.10 Physical Security Testing for Re-validation from FIPS 140-1 to FIPS 140-2
  • 6.3 Correction to Common Criteria Requirements on Operating System

[03-24-2004] The Derived Test Requirements [DTR] for FIPS PUB 140-2, Security Requirements for Cryptographic Modules [ PDF ] has been updated

Details can be found in the Change Notices section of the DTR. DTR Change Notice 5.


[03-24-2004] The Derived Test Requirements [DTR] for FIPS PUB 140-2, Security Requirements for Cryptographic Modules [ PDF ] has been updated

Details can be found in the Change Notices section of the DTR. DTR Change Notice 4.


[03-15-2004] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

New Guidance

  • 1.2 FIPS Approved Mode of Operation

[03-11-2004] FIPS 140-2 Annex A: Approved Security Functions [ PDF ] has been updated

Hashing

Secure Hash Standard (SHA-1, SHA-256, SHA-384 and SHA-512)
National Institute of Standards and Technology, Secure Hash Standard, Federal Information Processing Standards Publication 180-2, August 01, 2002.

Random Number Generators

Annex C: Approved Random Number Generators
National Institute of Standards and Technology, Annex C: Approved Random Number Generators for FIPS 140-2, Security Requirements for Cryptographic Modules, March 17, 2003.


[03-11-2004] [12-03-2002] FIPS PUB 140-2, Security Requirements for Cryptographic Modules [ PDF ] has been updated

Change Notices 2, 3 and 4 have been added. Change Notices 2, 3 and 4 will be mandatory for all modules submitted to NIST and CSEC for FIPS 140-2 validation after June 04, 2004. For Change Notice 2, the CMT Laboratories will begin performing validation testing of the FIPS-approved Random Number Generators.

During the transition period prior to June 04, 2004, the following requirements are applicable:

  • Change Notice 2: FIPS PUB 140-2 Section 4.9.1, Power-Up Tests: Statistical random number generator tests are not required and will not be tested. The additional changes specified by Change Notice 2 are not mandatory until June 04, 2004. For example, the RNG KAT will not be required until after the transition period.
  • Change Notice 3: Until such time a FIPS-approved key agreement method is available, there is no pair-wise consistency test required for key agreement. When a FIPS-approved key agreement method is available, the FIPS 140-2 conditional test requirements will be developed.
  • Change Notice 4: Clarification.

Details can be found in the Change Notices section of the standard.


[03-02-2004] The Derived Test Requirements [DTR] for FIPS PUB 140-2, Security Requirements for Cryptographic Modules [ PDF ] has been updated

Details can be found in the Change Notices section of the DTR.


[02-27-2004] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

New Guidance

  • 1.1 Cryptographic Module Name

[02-23-2004] FIPS 140-2 Annex D: Approved Key Establishment Techniques [ PDF ] has been updated

MQV and EC MQV added as Asymmetric Key Establishment Techniques for use in a FIPS Approved mode.


[02-10-2004] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

New Guidance

  • 5.1 Opacity and Probing of Cryptographic Modules with Fans, Ventilation Holes or Slits at Level 2
  • 7.1 Acceptable Key Establishment Protocols
  • 9.1 Known Answer Test for Keyed Hashing Algorithm
  • 9.2 Known Answer Test for Embedded Cryptographic Algorithms
  • 9.3 KAT for Algorithms used in an Integrity Test Technique

[01-09-2004] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

G.1 Implementation guidance requests to NIST and CSEC
Personnel change.

G.2 Completion of a test report
Requirements for submission of documents and termination of initial review.

[12-16-2003] FIPS 140-2 Annex A: Approved Security Functions [PDF ] has been updated

Removed Asymmetric Key references to ANSI X9.31-1998 and ANSI X 9.62-1998.
These are referenced FIPS 186-2.


[09-11-2003] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

6.2 Applicability of Operational Environment Requirements to JAVA Smart Cards updated for clarity.


[08-28-2003] FIPS 140-2 Annex D: Approved Key Establishment Techniques [ PDF ] has been updated

Clarification of Asymmetric Key Establishment Techniques for use in a FIPS Approved mode.


[08-21-2003] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

G.1 and G.2 NIST CMVP contacts changed.


[08-06-2003] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

G.5 Maintaining validation compliance of software cryptographic modules

Software modules that require any source code modifications to be recompiled and ported to another General Purpose Computer (GPC) or operational environment must be reviewed by a CMT laboratory and revalidated per IG G.8 (1) [non-security relevant changes].

The effective date for the modified guidance is September 15, 2003.


[07-02-2003] FIPS 140-2 Annex B: Approved Protection Profiles [ PDF ] has been updated

URL link for CAPP updated.


[05-29-2003] A modification has been made to the NIST CMVP FIPS 140-1 and FIPS 140-2 Validation listings.

Bookmarking has been added within each list for each individual certificate. Either while browsing the list, or by link from another web page, one can easily navigate directly to a single certificate entry. If browsing the list, simply append #nnn (where nnn is the 1-3 digit certificate number) to the link, hit enter, and you will go directly to the certificate number.If referencing from another web page, an example syntax would be: http://csrc.nist.rip/cryptval/140-1/140val-all.htm#nnn


[05-20-2003] Vendor Product Link

A cryptographic module may either be a component of a product, or a standalone product. NIST directs user inquiries to cryptographic module vendors to determine specific products that use a validated cryptographic module. Typically there are a large number of security products available that use every validated cryptographic module.

While the CMVP cannot maintain a list of vendor products that utilize an embedded validated cryptographic module, we would like to provide potential users and customers a way to find information on these products. Therefore we have added an optional 2nd URL below the Certificate link on each validation list entry. The 1st URL is the traditional link to the cryptographic module vendor's home page. It is intended that the 2nd URL would link to a vendor provided product page that contains a concise listing of those vendor products that use the validated cryptographic module or, if the module is a standalone product, additional pertinent information.

Providing a direct link for a user or customer to locate products that use validated cryptographic modules should make it easier for users and customers to deploy solutions with validated modules.

The directed link is vendor maintained and optional. NIST and the CMVP do not endorse the views expressed or the facts presented at the directed link. Further, NIST and the CMVP do not endorse any commercial products that may be advertised or available at the directed link.


[05-20-2003] FIPS 140-2 Annex D: Approved Key Establishment Techniques [ PDF ] has been updated

Reference to FIPS 171 added for symmetric keys.


[03-17-2003] FIPS 140-2 Annex C: Approved Random Number Generators [ PDF ] has been updated

Reference to ANSI X9.31-1998 - Appendix A changed to ANSI X9.31-1998 - Appendix A.2.4.


[02-19-2003] FIPS 140-2 Annex A: Approved Security Functions [ Error! Hyperlink reference not valid. ] has been updated

NIST Special Publication 800-38A reference added.


[02-12-2003] The Derived Test Requirements [DTR] for FIPS PUB 140-2, Security Requirements for Cryptographic Modules [ PDF ] has been updated

Details can be found in the Change Notices section of the DTR.

 

Created October 11, 2016, Updated June 29, 2020