Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

This is an archive
(replace .gov by .rip)
    Projects Cryptographic Module Validation Program IG Announcements Announcements Archive

Cryptographic Module Validation Program CMVP

2010-2009 Announcements Archive

2010

[12-23-2010] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

New Implementation Guidance:

  • 1.16 Software Module
  • 1.17 Firmware Module
  • 2.1 Trusted Path
  • 5.5 Physical Security Level 3 Augmented with EFP/EFT
  • 9.7 Software/Firmware Load Test
  • 14.5 Critical Security Parameters for the SP 800-90 DRBGs

Updated Implementation Guidance:

  • 9.6 Self-Tests When Implementing the SP 800-56A Schemes
    • Requirements changed

[11-24-2010] FIPS 140-2 Annex A: Approved Security Functions [ PDF ], FIPS 140-2 Annex C: Approved Random Number Generators [ PDF ] and FIPS 140-2 Annex D: Approved Key Establishment Techniques [ PDF ] have been updated.

Annex A: Added Addendum to Special Publication 800-38A, October 2010: Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode and updated the revision date for FIPS 198-1, July 2008: The Keyed-Hash Message Authentication Code (HMAC)

Annex C: Updated the revision date for ANSI X9.62-2005 – Annex D: Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA)

Annex D: Changed references from FIPS 140-2 Implementation Guidance 7.1 to D.2 and split the Asymmetric Key Establishment Techniques section into three parts.

[08-03-2010] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated.

Updated Implementation Guidance:

  • 08/03/2010: G.8 Revalidation Requirements
    • For scenarios 1 and 4 added clarification on required submission documents sent to the CMVP.

[06-15-2010] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated.

Updated Implementation Guidance:

  • 06/10/2010: 5.4 Level 3: Hard Coating Test Methods
    • Removed reference to environmental conditions other than temperature and added Security Policy requirements.

[06-10-2010] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated.

Updated Implementation Guidance:

  • 06/10/2010: G.2 Completion of a test report: Information that must be provided to NIST and CSEC
    • Updated submission and billing information requirements.
  • 06/10/2010: G.13 Instructions for completing a FIPS 140-2 Validation Certificate
    • Additional caveat examples.
  • 06/10/2010: 1.3 Firmware Designation
    • Updated platform versioning requirements if physical security is Level 2, 3 or 4.
  • 06/10/2010: 5.4 Level 3: Hard Coating Test Methods
    • Modified temperature testing limits and removed testing methods using solvents.
  • 06/10/2010: 7.5 Strength of Key Establishment Methods
    • Added reference to draft NIST SP 800-131.
  • 06/10/2010: A.6 CAVP Requirements for Vendor Affirmation of FIPS 186-3 Digital Signature Standard
    • Updated with transition end date for ECDSA.

[04-13-2010] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated.

Updated Implementation Guidance:

  • 03/19/2010: G.13 Instructions for completing a FIPS 140-2 Validation Certificate
    • Added examples for software-hybrid and firmware-hybrid modules.
  • 03/19/2010: 1.9 Definition and Requirements of a Hybrid Cryptographic Module
    • Updated the annotation for software-hybrid and, firmware-hybrid modules.
  • 04/09/2010: A.6 CAVP Requirements for Vendor Affirmation of FIPS 186-3 Digital Signature Standard
    • Updated with transition end date.
  • 04/09/2010: A.7 CAVP Requirements for Vendor Affirmation of NIST SP800-38E
    • Updated with transition end date.

[01-27-2010] FIPS 140-2 Annex A: Approved Security Functions [ PDF ] has been updated

Symmetric Key, Number 1:
Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices - Added

2009

[10-22-2009] FIPS 140-2 Annex A: Approved Security Functions [ PDF ] has been updated.

Annex A: Key Management, Number 1:
Recommendation for Key Derivation Using Pseudorandom Functions - Added

[10-22-2009] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated.

New Implementation Guidance:

  • 10/22/2009: 7.10 Using the SP 800-108 KDFs in FIPS Mode
  • 10/21/2009: 9.6 Self-Tests When Implementing the SP 800-56A Schemes
  • 10/21/2009: D.3 Assurance of the Validity of a Public Key for Key Establishment

Updated Implementation Guidance:

  • 10/21/2009: To align Implementation Guidance that is associated with underlying algorithmic standards referenced in FIPS 140-2 Annexes A, C and D, the following algorithm specific IGs have been moved to new IG Annex sections: Moved IG 1.5 to IG A.1, IG 1.6 to IG A.2, IG 1.10 to A.3, IG 1.11 to IG D.1, IG 1.12 t IG C.1, IG 1.13-15 to IG A..4-6, IG 7.1 to IG D.2 and IG 7.3 to IG C.2
  • 10/20/2009: G.1 Request for Guidance from the CMVP and CAVP
    • Updated contact information.
  • 10/20/2009: G.2 Completion of a test report: Information that must be provided to NIST and CSEC
    • Minor editorial changes
  • 10/20/2009: G.13 Instructions for completing a FIPS 140-2 Validation Certificate
    • Added FIPS 186-3 and SP 800-56A annotation examples.
  • 10/20/2009: D.1 (formerly 1.11) CAVP Requirements for Vendor Affirmation of NIST SP 800-56A
    • Added reference to the annotation requirements in IG G.13.
  • 10/20/2009: A.6 (formerly 1.15) CAVP Requirements for Vendor Affirmation of FIPS 186-3 Digital Signature Standard
    • Added transition information and reference to the annotation requirements in IG G.13.
  • 10/20/2009: D.2 (formerly 7.1) Acceptable Key Establishment Protocols
    • Added transition information.
  • 08/31/2009: D.2 (formerly 7.1) Acceptable Key Establishment Protocols
    • Added references to DTLS.

[10-08-2009] FIPS 140-2 Annex A: Approved Security Functions [ PDF ] and FIPS 140-2 Annex D: Approved Key Establishment Techniques [ PDF ] have been updated.

Annex A: Editorial Changes to align the references with the CAVP validation listings.

Annex D: Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography, NIST SP 800-38B - Added.

[08-04-2009] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated.

Updated Implementation Guidance:

  • 7.1 For Key Agreement; removed the KDF specified in the SRTP protocol (IETF RFC 3711). For Key Transport; added reference to EAP-FAST and PEAP-TLS.

[07-21-2009] FIPS 140-2 Annex A: Approved Security Functions [ PDF ] and FIPS 140-2 Annex C: Approved Random Number Generators [ PDF ] have been updated

Reference to archived FIPS 186-2 added.

[07-07-2009] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated.

New Implementation Guidance:

  • 1.15 CAVP Requirements for Vendor Affirmation of FIPS 186-3 Digital Signature Standard

[06-18-2009] FIPS 140-2 Annex A: Approved Security Functions [ PDF ] has been updated.

Asymmetric Key - Signature, Number 1:
Digital Signature Standard (DSS) - FIPS 186-3 replaces FIPS 186-2

[04-01-2009] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

New Implementation Guidance:

  • 3.2 Bypass Capability in Routers
  • 9.5 Module Initialization during Power-Up

[03-24-2009] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

New Implementation Guidance:

  • 7.9 Procedural CSP Zeroization

[03-10-2009] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated

New Implementation Guidance:

  • 1.14 Key/IV Pair Uniqueness Requirements from NIST SP 800-38D
  • 5.3 Physical Security Assumptions
  • 7.8 Key Generation Methods Allowed in FIPS mode

Updated Implementation Guidance:

  • G.1 Request for Guidance from the CMVP
    • Updated NIST POC
  • G.5 Maintaining validation compliance of software or firmware cryptographic modules.
    • Updated references to firmware and hybrid modules.
  • G.13 Instructions for completing a FIPS 140-2 Validation Certificate
    • Updated examples
  • 1.9 Definition and Requirements of a Hybrid Cryptographic Module
    • Updated to include hybrid firmware modules.
  • 7.1 Acceptable Key Establishment Protocols
    • For Key Agreement; added the KDF specified in the SRTP protocol (IETF RFC 3711) is allowed only for use as part of the SRTP key derivation protocol. For Key Transport; wrapping a key using the GDOI Group Key Management Protocol described in the IETF RFC 3547.

 

Contacts

Beverly Trapnell - NIST CMVP Acting Program Manager
cmvp@nist.gov

Carolyn French - CCCS CMVP Program Manager
CMVP@cyber.gc.ca

Topics

Security and Privacy: cryptography, testing & validation

Technologies: hardware, software & firmware

Created October 11, 2016, Updated June 29, 2020