NIST Releases Draft Standards for Cryptographic Module Validation
The National Institute of Standards and Technology (NIST) has published draft versions of NIST Special Publications (SP) 800-140x for public comment. These documents support the transition from FIPS 140-2 to the new FIPS 140-3 standard, which was approved in March 2019.
Key Points:
– The draft standards are available for public review and comment until December 9, 2019
– NIST expects to publish final versions by March 22, 2020
– The Cryptographic Module Validation Program (CMVP) is a joint effort between NIST and the Canadian Centre for Cyber Security
– The program aims to promote the use of validated cryptographic modules and provide federal agencies with a security metric for procuring equipment
The transition from FIPS 140-2 to FIPS 140-3 involves few major technical changes, but requires procedural adjustments in the management and execution of the validation process. The draft standards are available for public comment until December 9, 2019, after which NIST expects to publish final versions by March 22, 2020. Comments should be submitted to sp800-140-comments@nist.gov.
Keywords: FIPS 140-3, NIST Special Publications (SP 800-140x), Cryptographic Module Validation Program (CMVP)
