CMVP Documentation Requirements: CMVP Validation Authority Updates to ISO/IEC 24759

Schaffer, Kim

July 19, 2023: URLs for CSRC publication details pages have changed. Legacy URLs should automatically redirect to the new URLs. However, links to the actual publications have NOT changed (e.g., DOIs and PDFs on nvlpubs.nist.gov). Please send inquiries to csrc-inquiry@nist.gov.

NIST SP 800-140A (Initial Public Draft)

Obsoleted on March 20, 2020 by SP 800-140A

CMVP Documentation Requirements: CMVP Validation Authority Updates to ISO/IEC 24759

Documentation Topics

Date Published: October 2019
Comments Due: December 9, 2019 (public comment period is CLOSED)
Email Questions to: sp800-140-comments@nist.gov

Author(s)

Kim Schaffer (NIST)

Announcement

NIST has released the following Draft NIST Special Publications (the SP 800-140x “subseries”) for public comment. They directly support Federal Information Processing Standards Publication (FIPS) 140-3, Security Requirement for Cryptographic Modules, and its associated validation testing program, the Cryptographic Module Validation Program (CMVP).

Draft SP 800-140, FIPS 140-3 Derived Test Requirements (DTR)
Draft SP 800-140A, CMVP Documentation Requirements
Draft SP 800-140B, CMVP Security Policy Requirements
Draft SP 800-140C, CMVP Approved Security Functions
Draft SP 800-140D, CMVP Approved Sensitive Parameter Generation and Establishment Methods
Draft SP 800-140E, CMVP Approved Authentication Mechanisms
Draft SP 800-140F, CMVP Approved Non-Invasive Attack Mitigation Test Metrics

Public comments are due December 9, 2019. Also see an overview of the transition to FIPS 140-3.

Abstract

NIST Special Publication (SP) 800-140A modifies the vendor documentation requirements of ISO/IEC 19790 Annex A. As a validation authority, the Cryptographic Module Validation Program (CMVP) may modify, add or delete Vendor Evidence (VE) and/or Test Evidence (TE) as specified under paragraph 5.2 of the ISO/IEC 19790. This document should be used in conjunction with ISO/IEC 19790 Annex A and ISO/IEC 24759 paragraph 6.13 as it modifies only those requirements identified in this document.

Keywords

Conformance testing; Cryptographic Module Validation Program; CMVP; FIPS 140 testing; FIPS 140; ISO/IEC 19790; ISO/IEC 24759; testing requirement; vendor evidence; vendor documentation

Control Families

None selected

Documentation

Publication:
Draft SP 800-140A (pdf)

Supplemental Material:
None available

Document History:
10/09/19: SP 800-140A (Draft)
03/20/20: SP 800-140A (Final)

Topics

Security and Privacy

cryptography, testing & validation