NIST has released the second public draft of NIST SP 800-140B Rev. 1, which outlines security policy requirements for the CMVP validation program. This draft addresses concerns raised about the initial public draft, particularly regarding the structure of the security policy and the process for creating it. The publication is part of the NIST SP 800-140x series, which supports FIPS 140-3 and the CMVP validation testing program. The public comment period for this draft will remain open until December 5, 2022.
Keywords: ISO/IEC 19790, NIST SP 800-140, CMVP, FIPS, ISO/IEC 24759, Cryptographic Module Validation Program, Security Policy Requirements, Security Requirements for Cryptographic Modules, Security Policy, Cryptographic Modules
