Algorithm Validation

NIST maintains validation lists for each cryptographic standard testing program (past and present). As new algorithm implementations are validated by NIST and CSEC, they are added to the appropriate algorithm validation list.

What is the relationship of an algorithm validation to the FIPS 140-2 module validation?

A cryptographic module validated to FIPS 140-2 shall implement at least one Approved security function used in an Approved mode of operation. For an algorithm implementation to be listed on a cryptographic module validation certificate as an Approved security function, the algorithm implementation must meet all the requirements of FIPS 140-2 and must successfully complete the cryptographic algorithm validation process.

A product or implementation does not meet the FIPS 140-2 applicability requirements by simply implementing an Approved security function and acquiring validations for each of the implemented algorithms:

• AES Validation List
• Triple-DES Validation List
• Skipjack Validation List
• DSA Validation List
• RSA Validation List
• ECDSA Validation List
• SHS Validation List
• RNG Validation List
• DRBG Validation List
• CCM Validation List
• HMAC Validation List
• KAS Validation List
• KDF (SP800-108) Validation List
• Component Validation List (CVL)

The following lists are provided for historical purposes only. The algorithms are either no longer recognized as Approved security functions or testing is no longer available from the Cryptographic Algorithm Validation Program (CAVP):

• DES Validation List
• MAC Validation List
• FIPS 171 (ANSI X9.17 Key Management) Validation List