Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

This is an archive
(replace .gov by .rip)
    Projects Cryptographic Module Validation Program IG Announcements Announcements Archive 2012-2011 Announcements Archive

Cryptographic Module Validation Program

2012-2011 Announcements Archive

2012

[12-21-2012] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

Updated Implementation Guidance:

  • G.5 Maintaining validation compliance of software or firmware cryptographic modules
    • Included reference to the impact to the generated key strength assurance when porting, and vendor Security Policy updates.
  • G.13 Instructions for Validation Information Formatting
    • For all embodiments, the OE shall be specified on the validation entry.
  • G.14 Validation of Transitioning Cryptographic Algorithms and Key Lengths
    • Addressed two-key Triple-DES requirements.
  • D.8 Key Agreement Methods
    • IG updated to address SP 800-135rev1.

[06-29-2012] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

Updated Implementation Guidance:

  • 7.7 Key Establishment and Key Entry and Output
    • References to key encryption changed to reference Key Establishment methods (e.g. Key Transport and Key Agreement).

[06-20-2012] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

Updated Implementation Guidance:

  • G.2 Completion of a test report: Information that must be provided to NIST and CSEC
    • Added transition date for report submissions using CRYPTIK integrated review process.
  • 1.19 non-Approved Mode of Operation
    • Re-written to associate with existing clauses in FIPS 140-2 and Implementation Guidance.
  • 7.12 Key Generation for RSA Signature Algorithm
    • Added Transition End Date.
  • 9.4 Known Answer Tests for Cryptographic Algorithms
    • Added Transition End Date.

[05-30-2012] FIPS 140-2 Annex A: Approved Security Functions has been updated.

Annex A: Replaced reference to FIPS 180-3 with FIPS 180-4.

[05-02-2012] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

New Implementation Guidance:

  • 3.3 Authentication Mechanisms for Software Modules
  • 3.4 Multi-Operator Authentication
  • 7.11 Definition of an NDRNG
  • 7.12 Key Generation for RSA Signature Algorithm
  • 7.13 Cryptographic Key Strength Modified by an Entropy Estimate
  • 9.8 Continuous Random Number Generator Tests

Updated Implementation Guidance:

  • G.13 Instructions for Validation Information Formatting
    • Added annotation note regarding EFP/EFT when Section 4.5 is Level 3.
  • 1.2 FIPS Approved Mode of Operation
    • Modified resolution and additional comments text.
  • 1.7 Multiple Approved Modes of Operation
    • Modified resolution and additional comments text.
  • 1.19 non-Approved Mode of Operation
    • Modified resolution when annotating non-Approved services.

[04-23-2012] FIPS 140-2 Annex D: Approved Key Establishment Techniques has been updated.

Annex D: Updated reference to SP 800-135 Revision 1.

[04-23-2012] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

New Implementation Guidance:

  • G.14 Validation of Transitioning Cryptographic Algorithms and Key Lengths
  • G.15 Validating the Transition from FIPS 186-2 to FIPS 186-3
  • 1.18 PIV Reference
  • 1.19 non-Approved Mode of Operation
  • D.8 Key Agreement Methods
  • D.9 Key Transport Methods
  • D.10 Requirements for Vendor Affirmation of SP 800-56C

Updated Implementation Guidance:

  • G.1 Request for Guidance from the CMVP and CAVP
    • Updated CSEC contact
  • G.2 Completion of a test report: Information that must be provided to NIST and CSEC
    • Added clause to 3rd bullet regarding physical security test evidence traceability to DTR. Added 5th bullet regarding table templates.
  • G.13 Instructions for Validation Information Formatting
    • Updated 2nd, 3rd, 4th, 8th, 9th and 10th bullets in the Module Information section.
  • 9.4 Known Answer Tests for Cryptographic Algorithms
    • IG revised and expanded.
  • 9.6 Self-Tests When Implementing the SP 800-56A Schemes
    • IG expanded and clarifications added.
  • A.3 Vendor Affirmation of Cryptographic Security Methods
    • Removed caveat examples and replaced with referenced to IG G.13.
  • D.2 Acceptable Key Establishment Protocols
    • Completely revised as an umbrella IG for Approved and allowed key establishment methods.
  • D.5 Requirements for Vendor Affirmation of SP 800-108
    • Transition end date of 06/23/2012 added and algorithm validation acronym reference updated.
  • D.6 Requirements for Vendor Affirmation of SP 800-132
    • Algorithm validation acronym reference updated.
  • D.7 Requirements for Vendor Affirmation of SP 800-135rev1
    • Transition end date of 06/23/2012 added and updated reference to SP 800-135 Revision 1.

[02-16-2012] FIPS 140-2 Annex C: Approved Random Number Generators has been updated.

Annex C: Updated reference to NIST PUB 800-90A.

2011

[12-20-2011] FIPS 140-2 Annex D: Approved Key Establishment Techniques has been updated.

Annex D: Added reference to NIST SP 800-56C.

[09-26-2011] Non-Invasive Attack Testing Workshop (NIAT)

A workshop was hosted by the CMVP (NIST and CSEC) and AIST Japan to address new non-invasive attack testing methods for cryptographic modules. Presentations and papers presented at the NIAT Workshop.

[08-12-2011] FIPS 140-2 Annex B: Approved Protection Profiles has been updated.

Annex B: Added new protection profile reference.

[07-26-2011] FIPS 140-2 Annex A: Approved Security Functions, FIPS 140-2 Annex C: Approved Random Number Generators and FIPS 140-2 Annex D: Approved Key Establishment Techniques have been updated.

Annexes A, C and D: Added references to NIST SP 800-131A Transitions.

[07-15-2011] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

New Implementation Guidance:

  • 11.1 Mitigation of Other Attacks
  • D.4 Requirements for Vendor Affirmation of NIST SP 800-56B
  • D.5 Requirements for Vendor Affirmation of NIST SP 800-108
  • D.6 Requirements for Vendor Affirmation of NIST SP 800-132
  • D.7 Requirements for Vendor Affirmation of NIST SP 800-135

Updated Implementation Guidance:

  • G.3 Partial Validations and Not Applicable Areas of FIPS 140-2
    • Modified in regard to new IG 11.1
  • G.6 Modules with both a FIPS mode and a non-FIPS mode
    • Clarification that all implemented algorithms shall be referenced on the validation certificate.
  • G.8 Revalidation Requirements
    • Added security policy requirements for revalidation Scenarios 1 and 4
  • G.13 Instructions for Validation Information Formatting
    • Added examples for CVL and KTS
  • 1.4 Binding of Cryptographic Algorithm Validation Certificates
    • Added examples of an operational environment change
  • D.1 CAVP Requirements for Vendor Affirmation of NIST SP 800-56A
    • Modified the testing for primitives
  • D.2 Acceptable Key Establishment Protocols
    • Modified the transition text and key agreement guidance

[06-14-2011] FIPS 140-2 Annex C: Approved Random Number Generators has been updated.

Annex C: Replaced reference to ANSI X9.62-2005 – Annex D with ANSI X9.62-1998 – Annex A.4)

[03-03-2011] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program has been updated.

Updated Implementation Guidance:

  • G.2 Completion of a test report: Information that must be provided to NIST and CSEC
    • Changes relative to the release of CRYPTIK v8.6b
  • G.13 Instructions for Validation Information Formatting
    • Changes relative to the release of CRYPTIK v8.6b
  • A.2 Use of Non-NIST-Recommended Asymmetric Key Sizes and Elliptic Curves
    • Updated for consistency with recent standards
  • A.6 CAVP Requirements for Vendor Affirmation of FIPS 186-3 Digital Signature Standard
    • Transition end date for FIPS 186-3 RSA is defined
  • D.2 Acceptable Key Establishment Protocols
    • Changed NIST CSD CT Group Contact to Mr. Tim Polk

[01-04-2011] FIPS 140-2 Annex A: Approved Security Functions and FIPS 140-2 Annex D: Approved Key Establishment Techniques have been updated.

Annex A: Moved Key Management/Establishment references to FIPS 140-2 Annex D.

Annex D: References reorganized; Added references: FIPS 186-3 – asymmetric key generation; Special Publication 800-108; Special Publication 800-132; Special Publication 800-135

[01-04-2011] Derived Test Requirements for FIPS PUB 140-2, Security Requirements for Cryptographic Modules has been updated.

Please review DTR Change Notices 6, 7 and 8

 

Contacts

Beverly Trapnell - NIST CMVP Acting Program Manager
cmvp@nist.gov

Carolyn French - CCCS CMVP Program Manager
CMVP@cyber.gc.ca

Topics

Security and Privacy: cryptography, testing & validation

Technologies: firmware, hardware, software

Created October 11, 2016, Updated August 16, 2019