The Cryptographic Module Validation Program (CMVP) is a part of the National Institute of Standards and Technology (NIST) which operates under the Department of Commerce.  The CMVP’s role is to promote the use of validated cryptographic modules and provide Federal agencies with a security metric to use in procuring equipment containing validated cryptographic modules, this primarily occurs through management and oversight of the testing required as part of the FIPS 140-2 / FIPS 140-3 validation standards.

The CMVP is currently experiencing longer than usual evaluation periods within the FIPS 140 programs. To rectify and hopefully assist in shortening those wait times, the CMVP is looking to automate processes and procedures related to the evaluation and testing of these cryptographic modules.

To support this newly identified objective, the CMVP has developed a draft document which outlines assumptions, challenges, current architectures, requirements, and guidance.  The ultimate goal is to identify ideas and recommendations on how to automate some of the more tedious and manual elements of the FIPS 140 evaluation process.  Specifically stating they hope to improve efficiencies and timelines within CMVP operations.

Some of the current challenges outlined include:

• An increase in complex modules being evaluated
• A lack of human resources to address the influx in evaluations
• Insufficient information/documentation submissions
• Operating Environment Updates

This is not the first time the CMVP has turned to automation, as they recently implemented a change to the methods for testing algorithms within the Cryptographic Algorithm Validation Program (CAVP). Read more about that transition here.

Although the effects of such an effort are not expected to make an impact in the near term, it is a positive sign that the CMVP is actively trying to improve things in the long run.

###

Press Contact:

Press Contact:

Recent Implementation Guidance (IG) from NIST could impact vendor algorithms. The following overview has been created to summarize those critical dates and associated algorithms.

AES CBC-CS1, CBC-CS2, CBC-CS3 (IG A.12)

• Until Sep. 1, 2020, implementations that claim vendor affirmation to NIST SP 800-38A Addendum A will be accepted for submission.
• After Sep. 1, 2020, only implementations that are CAVP-tested for compliance toNIST SP 800-38A Addendum A will be accepted for submission.

SHAKE and KECCAK-based hash algorithms (IG A.15)

• Until Sep. 1, 2020, implementations that claim vendor affirmation to NIST SP 800-185 will be accepted for submission.
• After Sep. 1, 2020, only implementations that are CAVP-tested for compliance toNIST SP 800-185 will be accepted for submission.

PBKDF (IG D.6)

• Until Dec. 31, 2020, implementations that claim vendor affirmation to NIST SP 800-132 will be accepted for submission.
• After Dec. 31, 2020, only implementations that are CAVP-tested for compliance to NIST SP 800-132 will be accepted for submission.

Key agreement schemes (IG G.20, IG D.1-rev2, IG D.1-rev3, and IG D.8)

• New submissions (3SUB, 5SUB) with previous NIST SP 800-56A-based acceptance scenarios will no longer be accepted after Dec. 31, 2020. These scenarios include, for example, allowances for leveraging a shared secret CVL and a KDF CVL to claim a compliant KAS.
• Implementations under the previous NIST SP 800-56A-based acceptance scenarios will no longer be acceptable for use in FIPS mode after Dec. 31, 2021.
  • CVL certificates used to claim compliance for key agreement schemes will become obsolete after Dec. 21, 2021.
  • New submissions with these CVL certificates will not be accepted after Dec. 21, 2021.
  • Modules with claims of compliance to NIST SP 800-56A or NIST SP 800-56Arev2 will be moved to the Historical List effective Jan 1, 2022.

• Until Dec. 31, 2020, implementations that claim vendor affirmation to NIST SP 800-56Arev3 will be accepted for submission.
• After Dec. 31, 2020, only implementations that are CAVP-tested for compliance toNIST SP 800-56Arev3 will be accepted for submission.

Key transport schemes (IG D.9)

• RSA-based implementations that claim compliance to NIST SP 800-56Brev3 will require CAVP testing after Dec. 31, 2020.
• New submissions (3SUB, 5SUB) with RSA-based implementations that are vendor-affirmed to NIST SP 800-56B will no longer be accepted after Dec. 31, 2020.
• RSA-based implementations that are vendor-affirmed to NIST SP 800-56B will be disallowed after Dec. 31, 2023.
• Non-compliant implementations of RSA key wrap will be allowed until Dec. 31, 2023.
• New submissions (3SUB, 5SUB) with non-compliant implementations of RSA key wrap will no longer be accepted after Dec. 21, 2020.

Key derivations schemes (IG D.10)

• Vendors may continue to claim vendor affirmation to NIST SP 800-56Crev1 thru Dec. 31, 2020.
• Implementations that claim compliance to NIST SP 800-56Crev1 will require CAVP testing after Dec. 31, 2020.

Need Support?

Contact Corsec to discuss your resolution path and determine if you need to take action for your validation.

A Federal Register Notice has been issued for the “Federal Information Processing Standard (FIPS) 140-3, Security Requirements for Cryptographic Modules”.

Having now been signed by the U.S. Commerce Secretary, it is official, FIPS 140-3 has been approved!

“This notice announces the Secretary of Commerce’s issuance of Federal Information Processing Standard (FIPS) 140-3, Security Requirements for Cryptographic Modules. FIPS 140-3 includes references to two existing international standards: International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 19790:2012(E) Information technology — Security techniques — Security requirements for cryptographic modules, and ISO/IEC 24759:2017(E) Information technology — Security techniques — Test requirements for cryptographic modules. As permitted by those standards, NIST Special Publication (SP) series 800-140 will specify updates, replacements, or additions to the currently-cited ISO/IEC standard, as necessary. Those new SP 800-140 documents (currently under development) will consolidate implementation guidance and administrative guidance, and will be made available for public review and comment.”

Key Dates:

Companies actively working on or planning a FIPS validation will inevitably face decisions around which standard to work towards. The following dates will be critical for those projects:

• Draft For Comments: Complete
• Effective Date: Complete
• Publication of the Standard: Complete
• Supporting Documents for FIPS 140-2 & the CMVP Released: Complete
• New Testing Begins: 9/22/20
• 140-3 Mandated & The Last Day for 140-2 Submissions: 9/22/21 (This means Labs must submit their Lab reports to CMVP by this date)

Documentation:

CMVP wants to minimize the content in the series of NIST SP 800-140 documents because they hope to be as close to the international standard as possible. These are the documents that we believe will replace the existing FIPS 140-2 DTR, Appendices, and Annexes:

• NIST SP 800-140 – FIPS 140-3 Derived Test Requirements
• NIST SP 800-140A – CMVP Documentation Requirements
• NIST SP 800-140B – CMVP Security Policy Requirements
• NIST SP 800-140C – CMVP Approved Security Functions
• NIST SP 800-140D – CMVP Approved Sensitive Security Parameter Generation and Establishment Methods
• NIST SP 800-140E – CMVP Approved Authentication Mechanisms
• NIST SP 800-140F – CMVP Approved Non-Invasive Attack Mitigation Test Metrics

A notable omission from the new SP 800-140 series is any reference document for Approved Protection Profiles from Common Criteria (a CC-certified operating system was required for software validations at level 2 and above).

Early Review and Analysis:

This release has been a long time coming. We still expect additional updates and changes to come, but Corsec has reviewed the public documents and found the following areas to be of interest:

• Rather than encompassing the module requirements directly, FIPS 140-3 references ISO/IEC 19790:2012. The testing for these requirements will be in accordance with ISO/IEC 24759:2017
• This version of FIPS 140-3 retains the 4 levels of validation
• The sections in FIPS 140-3 are now as follows:
  1. Cryptographic Module Specification
  2. Cryptographic Module Interfaces
  3. Roles, Services, And Authentication
  4. Software/Firmware Security
  5. Operating Environment
  6. Physical Security
  7. Non-Invasive Security
  8. Sensitive Security Parameter Management*
  9. Self-Tests
  10. Life-Cycle Assurance
  11. Mitigation of Other Attacks

*Sensitive Security Parameters is a new category – SSPs include both CSPs and PSPs (Public Security Parameters)

**Finite State Model was removed but may have been absorbed into section 11

***EMI/EMC was removed. There was no mention of EMI/EMC in the draft ISO 24759 either

Moving Forward:

1. Get Ahead: Be the first to complete the new standard (FIPS 140-3)
2. Revalidate Early: Avoid the new requirements prior to the mandated transition date and add 5 years to your current FIPS 140-2 validation
3. Plan Accordingly – Products being evaluated against FIPS 140-2 during testing transition may face problems completing their certification under old requirements.

Corsec participates in numerous committees, technical working groups, certification leadership positions, and industry events. As more information develops, we will deliver updates. Stay informed on all the program details, requirements, and timelines associated with FIPS 140-3 – Subscribe

For more information on the current FIPS 140-2 program, requirements, and process – visit here.

For any questions on how this will affect current or future FIPS projects, contact Corsec!

###

Press Contact: