CMVP Approved Security Functions: CMVP Validation Authority Updates to ISO/IEC 24759

Schaffer, Kim

doi:https://doi.org/10.6028/NIST.SP.800-140Cr1-draft

July 19, 2023: URLs for CSRC publication details pages have changed. Legacy URLs should automatically redirect to the new URLs. However, links to the actual publications have NOT changed (e.g., DOIs and PDFs on nvlpubs.nist.gov). Please send inquiries to csrc-inquiry@nist.gov.

NIST SP 800-140C Rev. 1 (Initial Public Draft)

Obsoleted on February 10, 2022 by SP 800-140C Rev. 1 (2nd Public Draft)

CMVP Approved Security Functions: CMVP Validation Authority Updates to ISO/IEC 24759

Documentation Topics

Date Published: August 2021
Comments Due: September 20, 2021 (public comment period is CLOSED)
Email Questions to: sp800-140-comments@nist.gov

Author(s)

Kim Schaffer (NIST)

Announcement

The NIST Special Publication (SP) 800-140x series supports Federal Information Processing Standards (FIPS) Publication 140-3, Security Requirements for Cryptographic Modules, and its associated validation testing program, the Cryptographic Module Validation Program (CMVP). The series specifies modifications to the derived test requirements (DTR) for FIPS 140-3 and is used in conjunction with ISO/IEC 24759.

Updates to the following publications within the subseries are now available for public comment:

Draft NIST SP 800-140C Rev. 1, CMVP Approved Security Functions: CMVP Validation Authority Updates to ISO/IEC 24759
Draft NIST SP 800-140D Rev. 1, CMVP Approved Sensitive Security Parameter Generation and Establishment Methods: CMVP Validation Authority Updates to ISO/IEC 24759
Draft NIST SP 800-140F Rev. 1, CMVP Approved Non-Invasive Attack Mitigation Test Metrics: CMVP Validation Authority Updates to ISO/IEC 2475

We encourage you to use this template when preparing your comments.

Abstract

NIST Special Publication (SP) 800-140C replaces the approved security functions of ISO/IEC 19790 Annex C. As a validation authority, the Cryptographic Module Validation Program (CMVP) may supersede this Annex in its entirety. This document supersedes ISO/IEC 19790 Annex C and ISO/IEC 24759 6.15.

Keywords

Cryptographic Module Validation Program; CMVP; FIPS 140 testing; FIPS 140; ISO/IEC 19790; ISO/IEC 2759; testing requirement; vendor evidence; vendor documentation; security policy

Control Families

None selected

Documentation

Publication:
https://doi.org/10.6028/NIST.SP.800-140Cr1-draft
Download URL

Supplemental Material:
Comment template (docx)

Other Parts of this Publication:
SP 800-140F Rev. 1

Document History:
08/20/21: SP 800-140C Rev. 1 (Draft)
02/10/22: SP 800-140C Rev. 1 (Draft)
05/20/22: SP 800-140C Rev. 1 (Final)

Topics

Security and Privacy

cryptography, testing & validation