Cryptographic Module Validation Program (CMVP) Security Policy Requirements: CMVP Validation Authority Updates to ISO/IEC 24759 and ISO/IEC 19790 Annex B

Hawes, David; Calis, Alexander; Crombie, Roy

doi:https://doi.org/10.6028/NIST.SP.800-140Br1

NIST SP 800-140B Rev. 1

Cryptographic Module Validation Program (CMVP) Security Policy Requirements: CMVP Validation Authority Updates to ISO/IEC 24759 and ISO/IEC 19790 Annex B

Documentation

Date Published: November 2023

Supersedes: SP 800-140B (03/20/2020)

Author(s)

David Hawes (NIST), Alexander Calis (NIST), Roy Crombie (Canadian Centre for Cyber Security)

Abstract

NIST Special Publication (SP) 800-140Br1 is to be used in conjunction with ISO/IEC 19790 Annex B and ISO/IEC 24759 section 6.14. The special publication modifies only those requirements identified in this document. SP 800-140Br1 also specifies the content of the information required in ISO/IEC 19790 Annex B. As a validation authority, the Cryptographic Module Validation Program (CMVP) may modify, add, or delete Vendor Evidence (VE) and/or Test Evidence (TE) specified under paragraph 6.14 of the ISO/IEC 24759 and specify the order of the security policy as specified in ISO/IEC 19790:2012 B.1.

Keywords

Cryptographic Module Validation Program; CMVP; FIPS 140 testing; FIPS 140; ISO/IEC 19790; ISO/IEC 24759; testing requirement; vendor evidence; vendor documentation; security policy

Control Families

None selected

Documentation

Publication:
https://doi.org/10.6028/NIST.SP.800-140Br1
Download URL

Supplemental Material:
SP 800-140B: CMVP Security Policy Requirements

Publication Parts:
SP 800-140
SP 800-140A
SP 800-140C Rev. 2
SP 800-140D Rev. 2
SP 800-140E
SP 800-140F

Document History:
05/12/22: SP 800-140B Rev. 1 (Draft)
10/17/22: SP 800-140B Rev. 1 (Draft)
11/17/23: SP 800-140B Rev. 1 (Final)