NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage
Search CSRC:

Notices

[04-23-2012] -- Validation of Transitioning Cryptographic Algorithms and Key Lengths

The Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated to include IG G.14 which addresses how the validation of cryptographic algorithms by the CAVP and the validation of cryptographic modules by the CMVP will be affected during the transition as specified in SP 800-131A. This transition guidance was originally drafted as SP800-131B but has been moved to the CMVP Implementation Guidance IG G.14.

[04-23-2012] -- Validating the Transition from FIPS 186-2 to FIPS 186-3

The Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF ] has been updated to include IG G.15 which addresses the transition plan specific to the validation of FIPS 186-2 and FIPS 186-3. This transition plan addresses both the cryptographic algorithm validations and the cryptographic module validations that are conducted by the CAVP and CMVP, respectively. This transition guidance was originally drafted as SP800-131C but has been moved to the CMVP Implementation Guidance IG G.15

[11-24-2010] -- References to NIST Draft Special Publications of interest: NIST Draft Special Publications

Nov. 19, 2010 Special Publication 800-78-3 DRAFT Cryptographic Algorithms and Key Sizes for PIV

Sep. 23, 2010 Special Publication 800-56C DRAFT Recommendation for Key Derivation through Extraction-then-Expansion

Aug. 30, 2010 Special Publication 800-135 DRAFT Recommendation for Existing Application-Specific Key Derivation Functions

Jun. 24, 2010 Special Publication 800-132 DRAFT Recommendation for Password-Based Key Derivation - Part 1: Storage Applications

Jun. 16, 2010 Special Publication 800-131 DRAFT Recommendation for the Transitioning of Cryptographic Algorithms and Key Sizes

[08-17-2009] -- Comments received on White Paper: The Transitioning of Cryptographic Algorithms and Key Sizes

Updated comments as of August 14, 2009.

[07-02-2009] -- White Paper: The Transitioning of Cryptographic Algorithms and Key Sizes

Comments are requested on the white paper "The Transitioning of Cryptographic Algorithms and Key Sizes" by August 3, 2009. Please provide comments to CryptoTransitions@nist.gov.

Comments received as of July 24, 2009.

[11-30-2007] -- Non-Compliance update to Certificate #733

RNG (Cert. #216) changed to non-compliant. This RNG shall not be used for any services requiring the use of random bits.

[10-12-2007] -- Federal Register Notice
DEPARTMENT OF COMMERCE
National Institute of Standards and Technology
Docket No. 070321067–7068–01[ PDF ]

Public Draft of Federal Information Processing Standard (FIPS) 140-3, a revision of FIPS 140-2, Security Requirements for Cryptographic Modules

AGENCY: National Institute of Standards and Technology (NIST), Department of Commerce.
ACTION: Public comment period has closed.

[07-13-2007] -- Federal Register Notice
DEPARTMENT OF COMMERCE
National Institute of Standards and Technology
Docket No. 070321067–7068–01[ PDF ]

Announcing Public Draft of Federal Information Processing Standard (FIPS) 140-3, a revision of FIPS 140-2, Security Requirements for Cryptographic Modules

AGENCY: National Institute of Standards and Technology (NIST), Department of Commerce.
ACTION: Notice; request for comments.

[01-28-2003] [Updated 04-19-2006] [Updated 10-19-2006] [Updated 01-24-2007] [Updated 06-07-2007] NIST CMVP Cost Recovery:

Cost recovery is a fee levied by NIST for the validation tasks and the program management responsibilities performed at NIST by the CMVP. There are two fees applicable to cost recovery: Base and Extended. The Base fee is applicable to all validation test reports received by NIST CMVP under FIPS 140-2 IG G.8-5 (new module) where the vendor has contracted with an CMT Laboratory after July 18, 2002. The Extended fee is applicable to all validation test reports received by NIST CMVP under FIPS 140-2 IG G.8 (all five change scenarios) that are in REVIEW PENDING in the NIST CMVP queue as of October 19, 2006.

The fees vary by overall Security Level:

  • Security Level 1: Base fee: $2750, Extended fee: $1250
  • Security Level 2: Base fee: $3750, Extended fee: $1750
  • Security Level 3: Base fee: $5250, Extended fee: $2250
  • Security Level 4: Base fee: $7250, Extended fee: $3500

The Extended fee is applicable when a validation test report requires significant additional effort by the validators. A number of factors may lead to the application of the Extended fee for a test report that is received by the CMVP from the testing CMT Laboratory. For example: the test report review uncovered a non-compliance to the standard that was not identified by the CMT Laboratory; a test report is received incomplete (Refer to FIPS 140-2 IG G.2) and this is determined once the report has moved to IN REVIEW; the quality of the received test report is unacceptable; or the review and COORDINATION took significant additional effort. The CMVP may impose the Extended fee for a particular report on other specific conditions as applicable.

[Updated 06-07-2007] A validation certificate will not be issued for a validation report submitted to NIST pending receipt of payment of the cost recovery fee or applicable extended cost recovery fee.

For billing inquiries contact NIST Billing: Phone: 301-975-3880, FAX: 301-975-8943 and e-mail: billing@nist.gov.

[05-21-2007] DES Transition Plan and SP 800-57 Transition Plan has ended on May 19, 2007.

The Cryptographic Module Validation Program (CMVP) DES Transition Plan addresses the use of single key DES by Federal agencies, which are incorporated in cryptographic modules, validated to FIPS 140-1 or FIPS 140-2. Single key DES has been an Approved security function since the inception of the CMVP and the signing of FIPS 140-1 on January 11, 1994. The DES transition plan was developed to allow Federal agencies and vendors to smoothly transition to the stronger Approved security functions, specifically AES and Triple-DES.

The Cryptographic Module Validation Program (CMVP) NIST Special Publication (SP) 800-57 Transition Plan addresses the use of a minimum of 80 bits of security strength used by Federal agencies, as incorporated in cryptographic modules validated to FIPS 140-1 or FIPS 140-2. The SP 800-57 transition plan was developed to allow Federal agencies and vendors to smoothly transition to the use of a minimum of 80 bits of security strength.

CMVP Actions:

  • References to DES as an Approved Security Function has been removed from FIPS 140-2 Annex A.
  • All cryptographic module validation entries for DES as an Approved Security Function have been changed and DES has been moved as a non-Approved Security Function.
  • All cryptographic module validation entries for security methods less than 80-bits of security strength have been modified to indicate these methods are not Approved for use in a FIPS Approved mode of operations.
  • Referenced Security Policies or Certificate images have not been modified or updated. Vendors are encourage to provide updated Security Policies. Per FIPS 140-2 FAQ, certificate images are only provided representing initial validation and are not updated when validation changes occur.
  • As a result of the above changes, if a cryptographic module validation is no longer valid, this module entry will be marked as "Revoked" with a link to the transition plan document.

CAVP Actions:

  • The DES Algorithm Validation List has been archived and is still accessible for historical purposes only.
  • The Triple-DES Algorithm Validation List has been modified to only recognize those implementations that support keying option 1 (K1, K2, and K3 are independent) and keying option 2 (K1=K2, and K3 is independent). If an implementation previously tested supported only keying option 3 (which is equivalent to DES), it has been marked as no longer NIST-Approved.
  • The DSA Algorithm Validation List has been modified to only recognize those implementations that support 80-bits or more of security strength. This includes implementations that use a modulus size of 1024 bits. If an implementation previously tested did not support mod size of 1024 bits, it has been marked as no longer NIST-Approved.

Please contact the NIST Security Technology Group for additional information regarding the transition. William Burr 301-975-2914.

[10-19-2006 to 11-29-2006] Employment Position [Keyword Search "CMVP"] Posting Period has closed.

NIST has posted the following employment announcement numbers: ITL-2006-0010 and ITL-2006-0013

Mathematician, ZP-1520-III (Non-Status) - OPEN PERIOD: Friday, October 13, 2006 to Wednesday, November 29, 2006
IT Specialist INFO SECURITY, ZP-2210-III (Non-Status) - OPEN PERIOD: Friday, October 13, 2006 to Wednesday, November 29, 2006

Both positions are posted starting at the ZP-III level (which is equivalent to the GS-11/12 grade levels) with promotion potential to ZP-IV level (which is equivalent to the GS-13/14 grade levels).

Candidates may be hired at either the ZP-III or ZP-IV level depending on qualifications.

Interested candidates are encouraged to apply and submit resumes.

[03-06-2006] SP 800-57 Transition Plan

The Cryptographic Module Validation Program (CMVP) NIST Special Publication (SP) 800-57 Transition Plan addresses the use of a minimum of 80 bits of security strength used by Federal agencies, as incorporated in cryptographic modules validated to FIPS 140-1 or FIPS 140-2. The SP 800-57 transition plan was developed to allow Federal agencies and vendors to smoothly transition to the use of a minimum of 80 bits of security strength.

[09-20-2005] Key Establishment methods and Key Strength

NIST Special Publication 800-57, Recommendation for Key Management - Part 1: General, was published August, 2005. The CMVP is determining transition applicability to FIPS 140-2. Until this is determined, all new module validation certificates with key establishment schemes will include a caveat with the following text, IF the strength of the key establishment method does not equal the strength of the keys established per SP 800-57. For certificates issued prior to this notice, SP 800-57 Table 2 provides information regarding comparable key strengths.

Example caveat: RSA (key wrapping, key establishment methodology provides 80 bits of encryption strength);

[05-19-2005] Federal Register Notice

DEPARTMENT OF COMMERCE
National Institute of Standards and Technology
[Docket No. 040602169-5002-02]

Announcing Approval of the Withdrawal of Federal Information Processing Standard (FIPS) 46-3, Data Encryption Standard (DES); FIPS 74, Guidelines for Implementing and Using the NBS Data Encryption Standard; and FIPS 81, DES Modes of Operation

AGENCY: National Institute of Standards and Technology (NIST), Commerce.

[05-19-2005] DES Transition Plan

The Cryptographic Module Validation Program (CMVP) DES Transition Plan addresses the use of single key DES by Federal agencies, which are incorporated in cryptographic modules, validated to FIPS 140-1 or FIPS 140-2. Single key DES has been an Approved security function since the inception of the CMVP and the signing of FIPS 140-1 on January 11, 1994. The DES transition plan was developed to allow Federal agencies and vendors to smoothly transition to the stronger Approved security functions, specifically AES and Triple-DES.

[02-09-2005] DES Testing and Algorithm Validation

The CMT laboratories shall no longer accept DES algorithm implementations for validation by the CAVP. As of today, February 9, 2005, the CAVP will no longer issue algorithm certificates for DES algorithm implementations not under contract for testing by the CMT laboratories at the time of receipt of this notice.

[01-12-2005] Federal Register Notice

DEPARTMENT OF COMMERCE
National Institute of Standards and Technology
[Docket No. 041217352-4352-01]

Announcing Development of Federal Information Processing Standard (FIPS) 140-3, a revision of FIPS 140-2, Security Requirements for Cryptographic Modules

AGENCY: National Institute of Standards and Technology (NIST), Commerce.

ACTION: Notice; request for comments.

[12-16-2003] AES MAC for OTAR for use in radios.

Effective December 12, 2003, the CMVP will recognize the use of AES MAC (CBC-MAC based on AES defined in Project 25 TIA-102.AACA-1) for the Digital Radio Over-the-Air Rekeying (OTAR) Protocol when operated in a FIPS Approved mode. Further details in CMVP FAQ.

[08-07-2003] With the passage of the Federal Information Security Management Act of 2002, there is no longer a statutory provision to allow for agencies to waive mandatory Federal Information Processing Standards. For further information, please go to the CMVP FAQs Section 3.2.

[06-12-2003] -- CNSS Policy No. 15, Fact Sheet No. 1: [ PDF ]

National Policy on the Use of the Advanced Encryption Standard (AES) to Protect National Security Systems and National Security Information, June 2003.

[02-10-2003] -- Development of Cryptographic Module Validation Program Management Processes:

The U.S. National Institute of Standards and Technology (NIST) and the Communications Security Establishment Canada (CSEC) jointly manage the Cryptographic Module Validation Program (CMVP). The CMVP validates commercial cryptographic modules to Federal Information Processing Standard (FIPS) 140-2 and other cryptography based standards such as algorithms. Products validated as conforming to FIPS 140-1 or FIPS 140-2 are accepted by the Federal agencies of both countries for the protection of sensitive but unclassified information (Government of the United States) or designated information (Government of Canada).

In the CMVP, vendors of commercial cryptographic modules use independent, accredited Cryptographic Module Testing (CMT) laboratories to have their modules tested. Laboratories accredited by National Voluntary Laboratory Accreditation Program (NVLAP) perform cryptographic module compliance/conformance testing.

The CMVP Team has begun the process of reviewing and updating its CMVP management processes. The intent is to better define the policies and processes that govern the CMVP Team, the laboratories and the vendors.

The deliverable is the CMVP Management Manual that will refine the already existing policies and collate them in one document. The CMVP Team will also add new policies, processes and requirements that will affect present and new CMT laboratories, and the vendors of validated cryptographic modules. Amongst other things, new requirements will be added in the areas of:

  • CMT laboratory personnel
  • Communication between the CMVP, CMT laboratories, vendors and consulting firms

The first draft of the CMVP Management Manual is expected to be available for public review during the fall of 2003 and will be finalized during the winter of 2004.

[02-04-2002] -- FIPS PUB 140-2 Page v, Implementation Schedule:

"Agencies may retain and use FIPS 140-1 validated products that have been purchased before the end of the transition period." Clarification: Agencies may continue to purchase, retain and use FIPS 140-1 validated products after May 25, 2002.