Date Published: October 2019
Comments Due:
Email Questions to:
Author(s)
Kim Schaffer (NIST)
Announcement
NIST has released the following Draft NIST Special Publications (the SP 800-140x “subseries”) for public comment. They directly support Federal Information Processing Standards Publication (FIPS) 140-3, Security Requirement for Cryptographic Modules, and its associated validation testing program, the Cryptographic Module Validation Program (CMVP).
- Draft SP 800-140, FIPS 140-3 Derived Test Requirements (DTR)
- Draft SP 800-140A, CMVP Documentation Requirements
- Draft SP 800-140B, CMVP Security Policy Requirements
- Draft SP 800-140C, CMVP Approved Security Functions
- Draft SP 800-140D, CMVP Approved Sensitive Parameter Generation and Establishment Methods
- Draft SP 800-140E, CMVP Approved Authentication Mechanisms
- Draft SP 800-140F, CMVP Approved Non-Invasive Attack Mitigation Test Metrics
Public comments are due December 9, 2019. Also see an overview of the transition to FIPS 140-3.
NIST Special Publication (SP) 800-140 specifies the Derived Test Requirements (DTR) for Federal Information Processing Standard (FIPS) 140-3. SP 800-140 modifies the test (TE) and vendor (VE) evidence requirements of International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 24759. As a validation authority, the Cryptographic Module Validation Program (CMVP) may modify, add or delete TEs and/or VEs as specified under paragraph 5.2 of ISO/IEC 24759. This NIST Special Publication should be used in conjunction with ISO/IEC 24759 as it modifies only those requirements identified in this document.
NIST Special Publication (SP) 800-140 specifies the Derived Test Requirements (DTR) for Federal Information Processing Standard (FIPS) 140-3. SP 800-140 modifies the test (TE) and vendor (VE) evidence requirements of International Organization for Standardization/International Electrotechnical...
See full abstract
NIST Special Publication (SP) 800-140 specifies the Derived Test Requirements (DTR) for Federal Information Processing Standard (FIPS) 140-3. SP 800-140 modifies the test (TE) and vendor (VE) evidence requirements of International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 24759. As a validation authority, the Cryptographic Module Validation Program (CMVP) may modify, add or delete TEs and/or VEs as specified under paragraph 5.2 of ISO/IEC 24759. This NIST Special Publication should be used in conjunction with ISO/IEC 24759 as it modifies only those requirements identified in this document.
Hide full abstract
Keywords
Cryptographic Module Validation Program; CMVP; FIPS 140 testing; FIPS 140; ISO/IEC 19790; ISO/IEC 24759; testing requirement; vendor evidence
Control Families
None selected
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
