U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.


We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

SP 800-140A (Draft)

CMVP Documentation Requirements: CMVP Validation Authority Updates to ISO/IEC 24759

Date Published: October 2019
Comments Due: December 9, 2019 (public comment period is CLOSED)
Email Questions to: sp800-140-comments@nist.gov


Kim Schaffer (NIST)


NIST has released the following Draft NIST Special Publications (the SP 800-140x “subseries”) for public comment. They directly support Federal Information Processing Standards Publication (FIPS) 140-3, Security Requirement for Cryptographic Modules, and its associated validation testing program, the Cryptographic Module Validation Program (CMVP).

  • Draft SP 800-140, FIPS 140-3 Derived Test Requirements (DTR)
  • Draft SP 800-140A, CMVP Documentation Requirements
  • Draft SP 800-140B, CMVP Security Policy Requirements
  • Draft SP 800-140C, CMVP Approved Security Functions
  • Draft SP 800-140D, CMVP Approved Sensitive Parameter Generation and Establishment Methods
  • Draft SP 800-140E, CMVP Approved Authentication Mechanisms
  • Draft SP 800-140F, CMVP Approved Non-Invasive Attack Mitigation Test Metrics

Public comments are due December 9, 2019. Also see an overview of the transition to FIPS 140-3.



Conformance testing; Cryptographic Module Validation Program; CMVP; FIPS 140 testing; FIPS 140; ISO/IEC 19790; ISO/IEC 24759; testing requirement; vendor evidence; vendor documentation
Control Families

None selected


Draft SP 800-140A

Supplemental Material:
None available

Other Parts of this Publication:
SP 800-140 (Draft)
SP 800-140B (Draft)
SP 800-140C (Draft)
SP 800-140D (Draft)
SP 800-140E (Draft)
SP 800-140F (Draft)

Document History:
10/09/19: SP 800-140A (Draft)
03/20/20: SP 800-140A (Final)


Security and Privacy
cryptography; testing & validation