[12-18-2007] FIPS 140-2 Annex A: Approved Security Functions [ PDF ] has been updated

Symmetric Key - Encryption, Number 1:
Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC - Added

[12-18-2007] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

New Implementation Guidance:

• 1.13 CAVP Requirements for Vendor Affirmation of NIST SP 800-38D

[11-16-2007] -- Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF] has been updated.

New Implementation Guidance

• 7.6 RNGs: Seeds, Seed Keys and Date/Time Vectors

[11-15-2007] -- CAVP release of CAVS - CAVS6.0

On November 14, 2007, the CAVP released a new version of CAVS - CAVS6.0 which adds testing for NIST SP 800-90 Deterministic Random Bit Generators.

A transition period of three months ending on February 15, 2008 addresses the impact to newly received FIPS 140-2 module test reports and the relationship to FIPS 140-2 IG 1.12.

During the transition period, new FIPS 140-2 module test reports received which implement SP 800-90 RNGs may operate the RNG in an Approved FIPS mode for key generation with reference to an issued CAVP SP 800-90 algorithm validation certificate, or vendor affirmation as indicated in FIPS 140-2 IG 1.12. The certificate annotation is provided in FIPS 140-2 IG G.13 and below:

• If reference to a CAVP algorithm certificate, the certificate entry would be: RNG (Cert. #nnn)
• If reference to FIPS 140-2 IG 1.12, the certificate entry would be: RNG (SP 800-90, vendor affirmed)

New FIPS 140-2 IG G.8 Scenario 3 and 5 module test reports received from CMT Laboratories after the transition period which implement SP 800-90 RNGs operating in an Approved FIPS mode for key generation shall reference a CAVP RNG algorithm certificate. At the end of the transition period, FIPS 140-2 IG 1.12 will be for reference only.

The CMVP will also review special conditions on a case-by-case basis.

[11-08-2007] -- Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF] has been updated.

Updated Implementation Guidance

• G.2 Completion of a test report: Information that must be provided to NIST and CSEC
  • Added clarification on output type of draft certificate.

[10-18-2007] -- URL links were updated in the following documents:

• FIPS 140-2 Annex A: Approved Security Functions [ PDF]
• FIPS 140-2 Annex C: Approved Random Number Generators [ PDF]
• FIPS 140-2 Annex D: Approved Key Establishment Technigues [ PDF]
• Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF]
• CMVP FAQ

[07-26-2007] -- Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF] has been updated.

• Minor editorial updates.

[07-03-2007] -- Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF] has been updated.

New Implementation Guidance

• 14.3 Logical Diagram for Software, Firmware and Hybrid Modules

[06-28-2007] -- Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF] has been updated.

New Implementation Guidance

• G.13 Instructions for completing a FIPS 140-2 Validation Certificate

[06-26-2007] -- Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF] has been updated.

Updated Implementation Guidance

• G.8 Revalidation Requirements
  • Additional guidelines for determining <30% change for Scenario 3.
• 7.1 Acceptable Key Establishment Protocols
  • Updated to reflect the publishing of NIST SP 800-56A.

[06-26-2007] -- FIPS 140-2 Annex D: Approved Key Establishment Techniques [ PDF] has been updated.

Symmetric Key Establishment Techniques:
Removed reference to FIPS 171. FIPS 171 was withdrawn February 08, 2005.

Asymmetric Key Establishment Techniques, Number 2:
Added references for additional schemes in FIPS 140-2 IG Section 7.1.

[06-22-2007] -- Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [PDF] has been updated.

Updated Implementation Guidance

• G.2 Completion of a test report: Information that must be provided to NIST and CSEC
  • Editorial changes for clarification.
• G.8 Revalidation Requirements
  • Editorial changes for clarification.

[06-21-2007] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

New Implementation Guidance:

• 1.11 CAVP Requirements for Vendor Affirmation of NIST SP 800-56A
• 1.12 CAVP Requirements for Vendor Affirmation of NIST SP 800-90

[06-14-2007] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

Updated Implementation Guidance:

• 3.1 Authorized Roles
  • Updated to reference hashing and RNG services

[06-14-2007] FIPS 140-2 Annex B: Approved Protection Profiles [ PDF ] has been updated

Updated document links. Added Protection Profile for Single-level Operating Systems in Environments Requiring Medium Robustness, Version 1.91.

[03-19-2007] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

Updated Implementation Guidance:

• Updated references to revision of NIST SP 800-57

[03-19-2007] FIPS 140-2 Annex C: Approved Random Number Generators [ PDF ] has been updated

Deterministic Random Number Generators, Number 6:
Recommendation for Random Number Generation Using Deterministic Random Bit Generators (Revised) - Updated to revised document.

[03-19-2007] FIPS 140-2 Annex D: Approved Key Establishment Techniques[ PDF ] has been updated

Asymmetric Key Establishment Techniques, Number 1:
Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography (Revised) - Updated to revised document.

[02-26-2007] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

Updated Implementation Guidance:

• 7.4 Zeroization of Power-Up Test Keys
  • Clarified text regarding Section 4.9.1 test keys

[01-26-2007] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

New Implementation Guidance:

• G.12 Post-Validation Inquiries

[01-25-2007] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

New Implementation Guidance:

• 1.10 Vendor Affirmation of Cryptographic Security Methods

Updated Implementation Guidance:

• G.8 Revalidation Requirements
  • Scenario 2, 1st paragraph clarification update.

• 7.5 Strength of Key Establishment Methods
  • Updated text on the calculation of key strength.

[01-24-2007] FIPS 140-2 Annex A: Approved Security Functions [ PDF ] has been updated

Random Number Generators, Number 1:
Annex C: Approved Random Number Generators for FIPS 140-2, Security Requirements for Cryptographic Modules - Updated reference document date

[01-24-2007] FIPS 140-2 Annex C: Approved Random Number Generators [ PDF ] has been updated

Deterministic Random Number Generators, Number 6:
Recommendation for Random Number Generation Using Deterministic Random Bit Generators - Added

[01-24-2007] FIPS 140-2 Annex D: Approved Key Establishment Techniques [ PDF ] has been updated

Asymmetric Key Establishment Techniques, Number 1:
Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography - Added