U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

NIST SP 800-140 (Initial Public Draft)

FIPS 140-3 Derived Test Requirements (DTR): CMVP Validation Authority Updates to ISO/IEC 24759

Date Published: October 2019
Comments Due: December 9, 2019 (public comment period is CLOSED)
Email Questions to: sp800-140-comments@nist.gov

Author(s)

Kim Schaffer (NIST)

Announcement

NIST has released the following Draft NIST Special Publications (the SP 800-140x “subseries”) for public comment. They directly support Federal Information Processing Standards Publication (FIPS) 140-3, Security Requirement for Cryptographic Modules, and its associated validation testing program, the Cryptographic Module Validation Program (CMVP).

  • Draft SP 800-140, FIPS 140-3 Derived Test Requirements (DTR)
  • Draft SP 800-140A, CMVP Documentation Requirements
  • Draft SP 800-140B, CMVP Security Policy Requirements
  • Draft SP 800-140C, CMVP Approved Security Functions
  • Draft SP 800-140D, CMVP Approved Sensitive Parameter Generation and Establishment Methods
  • Draft SP 800-140E, CMVP Approved Authentication Mechanisms
  • Draft SP 800-140F, CMVP Approved Non-Invasive Attack Mitigation Test Metrics

Public comments are due December 9, 2019. Also see an overview of the transition to FIPS 140-3.

Abstract

Keywords

Cryptographic Module Validation Program; CMVP; FIPS 140 testing; FIPS 140; ISO/IEC 19790; ISO/IEC 24759; testing requirement; vendor evidence
Control Families

None selected

Documentation

Publication:
Draft SP 800-140 (pdf)

Supplemental Material:
None available

Document History:
10/09/19: SP 800-140 (Draft)
03/20/20: SP 800-140 (Final)

Topics

Security and Privacy

cryptography, testing & validation