U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

NIST SP 800-140C Rev. 1 (2nd Public Draft)

CMVP Approved Security Functions: CMVP Validation Authority Updates to ISO/IEC 24759

Date Published: February 10, 2022
Comments Due: March 25, 2022 (public comment period is CLOSED)
Email Questions to: sp800-140-comments@nist.gov

Author(s)

Kim Schaffer (NIST)

Announcement

The NIST Special Publication (SP) 800-140x series supports Federal Information Processing Standards (FIPS) Publication 140-3, Security Requirements for Cryptographic Modules, and its associated validation testing program, the Cryptographic Module Validation Program (CMVP). The series specifies modifications to ISO/IEC 19790 Annexes and ISO/IEC 24759 as permitted by the validation authority.

Revisions of the following subseries publications are now available for public comment:

  • Second Draft NIST SP 800-140C Rev. 1, CMVP Approved Security Functions: CMVP Validation Authority Updates to ISO/IEC 24759
  • Second Draft NIST SP 800-140D Rev. 1, CMVP Approved Sensitive Security Parameter Generation and Establishment Methods: CMVP Validation Authority Updates to ISO/IEC 24759

These documents introduce the naming conventions that will be used for validation submissions and certificates. In addition, the following four standards are being added: SP 800-208, Stateful Hash-Based Signature Schemes (October 2020), SP 800-133 Rev.2, Recommendation for Cryptographic Key Generation (June 2020), SP 800-56C Rev. 2, Recommendation for Key-Derivation Methods in Key-Establishment Schemes (August 2020), RFC 8446, The Transport Layer Security (TLS) Protocol Version 1.3, Section 7.1 (August 2018).

Abstract

Keywords

Cryptographic Module Validation Program; CMVP; FIPS 140 testing; FIPS 140; ISO/IEC 19790; testing requirement; vendor evidence; vendor documentation; security policy; ISO/IEC 24759
Control Families

None selected

Documentation

Publication:
https://doi.org/10.6028/NIST.SP.800-140Cr1-draft2
Download URL

Supplemental Material:
None available

Document History:
08/20/21: SP 800-140C Rev. 1 (Draft)
02/10/22: SP 800-140C Rev. 1 (Draft)
05/20/22: SP 800-140C Rev. 1 (Final)

Topics

Security and Privacy

cryptography, testing & validation