Date Published: October 2019
Comments Due:
Email Questions to:
Author(s)
Kim Schaffer (NIST)
Announcement
NIST has released the following Draft NIST Special Publications (the SP 800-140x “subseries”) for public comment. They directly support Federal Information Processing Standards Publication (FIPS) 140-3, Security Requirement for Cryptographic Modules, and its associated validation testing program, the Cryptographic Module Validation Program (CMVP).
- Draft SP 800-140, FIPS 140-3 Derived Test Requirements (DTR)
- Draft SP 800-140A, CMVP Documentation Requirements
- Draft SP 800-140B, CMVP Security Policy Requirements
- Draft SP 800-140C, CMVP Approved Security Functions
- Draft SP 800-140D, CMVP Approved Sensitive Parameter Generation and Establishment Methods
- Draft SP 800-140E, CMVP Approved Authentication Mechanisms
- Draft SP 800-140F, CMVP Approved Non-Invasive Attack Mitigation Test Metrics
Public comments are due December 9, 2019. Also see an overview of the transition to FIPS 140-3.
NIST Special Publication (SP) 800-140B is to be used in conjunction with ISO/IEC 19790 Annex B and ISO/IEC 24759 6.14. The special publication modifies only those requirements identified in this document. SP 800-140B also specifies the content of the tabular and graphical information required in ISO/IEC 19790 Annex B. As a validation authority, the Cryptographic Module Validation Program (CMVP) may modify, add, or delete Vendor Evidence (VE) and/or Test Evidence (TE) specified under paragraph 6.14 of the ISO/IEC 24759 and specify the order of the security policy as specified in ISO/IEC 19790:2012 B.1.
NIST Special Publication (SP) 800-140B is to be used in conjunction with ISO/IEC 19790 Annex B and ISO/IEC 24759 6.14. The special publication modifies only those requirements identified in this document. SP 800-140B also specifies the content of the tabular and graphical information required in...
See full abstract
NIST Special Publication (SP) 800-140B is to be used in conjunction with ISO/IEC 19790 Annex B and ISO/IEC 24759 6.14. The special publication modifies only those requirements identified in this document. SP 800-140B also specifies the content of the tabular and graphical information required in ISO/IEC 19790 Annex B. As a validation authority, the Cryptographic Module Validation Program (CMVP) may modify, add, or delete Vendor Evidence (VE) and/or Test Evidence (TE) specified under paragraph 6.14 of the ISO/IEC 24759 and specify the order of the security policy as specified in ISO/IEC 19790:2012 B.1.
Hide full abstract
Keywords
Cryptographic Module Validation Program; CMVP; FIPS 140 testing; FIPS 140; ISO/IEC 19790; ISO/IEC 2759; testing requirement; vendor evidence; vendor documentation; security policy
Control Families
None selected
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
