Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

This is an archive
(replace .gov by .rip)

Cryptographic Module Validation Program CMVP

2010-2009 Announcements Archive

2010

[12-23-2010] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

New Implementation Guidance:

  • 1.16 Software Module
  • 1.17 Firmware Module
  • 2.1 Trusted Path
  • 5.5 Physical Security Level 3 Augmented with EFP/EFT
  • 9.7 Software/Firmware Load Test
  • 14.5 Critical Security Parameters for the SP 800-90 DRBGs

Updated Implementation Guidance:

  • 9.6 Self-Tests When Implementing the SP 800-56A Schemes
    • Requirements changed

[11-24-2010] FIPS 140-2 Annex A: Approved Security Functions [ PDF ], FIPS 140-2 Annex C: Approved Random Number Generators [ PDF ] and FIPS 140-2 Annex D: Approved Key Establishment Techniques [ PDF ] have been updated.

Annex A: Added Addendum to Special Publication 800-38A, October 2010: Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode and updated the revision date for FIPS 198-1, July 2008: The Keyed-Hash Message Authentication Code (HMAC)

Annex C: Updated the revision date for ANSI X9.62-2005 – Annex D: Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA)

Annex D: Changed references from FIPS 140-2 Implementation Guidance 7.1 to D.2 and split the Asymmetric Key Establishment Techniques section into three parts.


[08-03-2010] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated.

Updated Implementation Guidance:

  • 08/03/2010: G.8 Revalidation Requirements
    • For scenarios 1 and 4 added clarification on required submission documents sent to the CMVP.

[06-15-2010] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated.

Updated Implementation Guidance:

  • 06/10/2010: 5.4 Level 3: Hard Coating Test Methods
    • Removed reference to environmental conditions other than temperature and added Security Policy requirements.

[06-10-2010] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated.

Updated Implementation Guidance:

  • 06/10/2010: G.2 Completion of a test report: Information that must be provided to NIST and CSEC
    • Updated submission and billing information requirements.
  • 06/10/2010: G.13 Instructions for completing a FIPS 140-2 Validation Certificate
    • Additional caveat examples.
  • 06/10/2010: 1.3 Firmware Designation
    • Updated platform versioning requirements if physical security is Level 2, 3 or 4.
  • 06/10/2010: 5.4 Level 3: Hard Coating Test Methods
    • Modified temperature testing limits and removed testing methods using solvents.
  • 06/10/2010: 7.5 Strength of Key Establishment Methods
    • Added reference to draft NIST SP 800-131.
  • 06/10/2010: A.6 CAVP Requirements for Vendor Affirmation of FIPS 186-3 Digital Signature Standard
    • Updated with transition end date for ECDSA.

[04-13-2010] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated.

Updated Implementation Guidance:

  • 03/19/2010: G.13 Instructions for completing a FIPS 140-2 Validation Certificate
    • Added examples for software-hybrid and firmware-hybrid modules.
  • 03/19/2010: 1.9 Definition and Requirements of a Hybrid Cryptographic Module
    • Updated the annotation for software-hybrid and, firmware-hybrid modules.
  • 04/09/2010: A.6 CAVP Requirements for Vendor Affirmation of FIPS 186-3 Digital Signature Standard
    • Updated with transition end date.
  • 04/09/2010: A.7 CAVP Requirements for Vendor Affirmation of NIST SP800-38E
    • Updated with transition end date.

[01-27-2010] FIPS 140-2 Annex A: Approved Security Functions [ PDF ] has been updated

Symmetric Key, Number 1:
Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices - Added

2009

[10-22-2009] FIPS 140-2 Annex A: Approved Security Functions [ PDF ] has been updated.

Annex A: Key Management, Number 1:
Recommendation for Key Derivation Using Pseudorandom Functions - Added

[10-22-2009] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated.

New Implementation Guidance:

  • 10/22/2009: 7.10 Using the SP 800-108 KDFs in FIPS Mode
  • 10/21/2009: 9.6 Self-Tests When Implementing the SP 800-56A Schemes
  • 10/21/2009: D.3 Assurance of the Validity of a Public Key for Key Establishment

Updated Implementation Guidance:

  • 10/21/2009: To align Implementation Guidance that is associated with underlying algorithmic standards referenced in FIPS 140-2 Annexes A, C and D, the following algorithm specific IGs have been moved to new IG Annex sections: Moved IG 1.5 to IG A.1, IG 1.6 to IG A.2, IG 1.10 to A.3, IG 1.11 to IG D.1, IG 1.12 t IG C.1, IG 1.13-15 to IG A..4-6, IG 7.1 to IG D.2 and IG 7.3 to IG C.2
  • 10/20/2009: G.1 Request for Guidance from the CMVP and CAVP
    • Updated contact information.
  • 10/20/2009: G.2 Completion of a test report: Information that must be provided to NIST and CSEC
    • Minor editorial changes
  • 10/20/2009: G.13 Instructions for completing a FIPS 140-2 Validation Certificate
    • Added FIPS 186-3 and SP 800-56A annotation examples.
  • 10/20/2009: D.1 (formerly 1.11) CAVP Requirements for Vendor Affirmation of NIST SP 800-56A
    • Added reference to the annotation requirements in IG G.13.
  • 10/20/2009: A.6 (formerly 1.15) CAVP Requirements for Vendor Affirmation of FIPS 186-3 Digital Signature Standard
    • Added transition information and reference to the annotation requirements in IG G.13.
  • 10/20/2009: D.2 (formerly 7.1) Acceptable Key Establishment Protocols
    • Added transition information.
  • 08/31/2009: D.2 (formerly 7.1) Acceptable Key Establishment Protocols
    • Added references to DTLS.

[10-08-2009] FIPS 140-2 Annex A: Approved Security Functions [ PDF ] and FIPS 140-2 Annex D: Approved Key Establishment Techniques [ PDF ] have been updated.

Annex A: Editorial Changes to align the references with the CAVP validation listings.

Annex D: Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography, NIST SP 800-38B - Added.


[08-04-2009] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated.

Updated Implementation Guidance:

  • 7.1 For Key Agreement; removed the KDF specified in the SRTP protocol (IETF RFC 3711). For Key Transport; added reference to EAP-FAST and PEAP-TLS.

[07-21-2009] FIPS 140-2 Annex A: Approved Security Functions [ PDF ] and FIPS 140-2 Annex C: Approved Random Number Generators [ PDF ] have been updated

Reference to archived FIPS 186-2 added.


[07-07-2009] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated.

New Implementation Guidance:

  • 1.15 CAVP Requirements for Vendor Affirmation of FIPS 186-3 Digital Signature Standard

[06-18-2009] FIPS 140-2 Annex A: Approved Security Functions [ PDF ] has been updated.

Asymmetric Key - Signature, Number 1:
Digital Signature Standard (DSS) - FIPS 186-3 replaces FIPS 186-2


[04-01-2009] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

New Implementation Guidance:

  • 3.2 Bypass Capability in Routers
  • 9.5 Module Initialization during Power-Up

[03-24-2009] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

New Implementation Guidance:

  • 7.9 Procedural CSP Zeroization

[03-10-2009] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

New Implementation Guidance:

  • 1.14 Key/IV Pair Uniqueness Requirements from NIST SP 800-38D
  • 5.3 Physical Security Assumptions
  • 7.8 Key Generation Methods Allowed in FIPS mode

Updated Implementation Guidance:

  • G.1 Request for Guidance from the CMVP
    • Updated NIST POC
  • G.5 Maintaining validation compliance of software or firmware cryptographic modules.
    • Updated references to firmware and hybrid modules.
  • G.13 Instructions for completing a FIPS 140-2 Validation Certificate
    • Updated examples
  • 1.9 Definition and Requirements of a Hybrid Cryptographic Module
    • Updated to include hybrid firmware modules.
  • 7.1 Acceptable Key Establishment Protocols
    • For Key Agreement; added the KDF specified in the SRTP protocol (IETF RFC 3711) is allowed only for use as part of the SRTP key derivation protocol. For Key Transport; wrapping a key using the GDOI Group Key Management Protocol described in the IETF RFC 3547.

 

Created October 11, 2016, Updated June 29, 2020