U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

Secure websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to our website. Please do not share sensitive information with us.

SP 800-140B Rev. 1 (Draft)

CMVP Security Policy Requirements: CMVP Validation Authority Updates to ISO/IEC 24759 and ISO/IEC 19790 Annex B

Date Published: May 12, 2022
Comments Due: July 12, 2022 (public comment period is CLOSED)
Email Questions to: sp800-140-comments@nist.gov

Author(s)

David Hawes (NIST), Alexander Calis (NIST), Roy Crombie (Canadian Centre for Cyber Security)

Announcement

This draft introduces four significant changes to NIST SP 800-140B:

  1. Defines a more detailed structure and organization for the Security Policy
  2. Captures Security Policy requirements that are defined outside of ISO/IEC 19790 and ISO/IEC 24759
  3. Builds the Security Policy document as a combination of the subsection information
  4. Generates the approved algorithm table based on lab/vendor selections from the algorithm tests

The NIST SP 800-140x series supports Federal Information Processing Standards (FIPS) Publication 140-3, Security Requirements for Cryptographic Modules, and its associated validation testing program, the Cryptographic Module Validation Program (CMVP). The series specifies modifications to ISO/IEC 19790 Annexes and ISO/IEC 24759 as permitted by the validation authority.

Abstract

Keywords

Cryptographic Module Validation Program; CMVP; FIPS 140 testing; FIPS 140; ISO/IEC 19790; ISO/IEC 24759; testing requirement; vendor evidence; vendor documentation; security policy
Control Families

None selected

Documentation

Publication:
SP 800-140B Rev. 1 (Draft) (DOI)
Local Download

Supplemental Material:
None available

Document History:
05/12/22: SP 800-140B Rev. 1 (Draft)

Topics

Security and Privacy
cryptography; testing & validation