NIST just published - CMVP Validation Authority Updates: Second Drafts of NIST SP 800-140C/D Rev. 1 Available for Comment
The NIST Special Publication (SP) 800-140x series supports Federal Information Processing Standards (FIPS) Publication 140-3, Security Requirements for Cryptographic Modules, and its associated validation testing program, the Cryptographic Module Validation Program (CMVP). The series specifies modifications to ISO/IEC 19790 Annexes and ISO/IEC 24759 as permitted by the validation authority.
Revisions of the following publications within the subseries are now available for public comment:
- Second Draft NIST SP 800-140C Revision 1, CMVP Approved Security Functions: CMVP Validation Authority Updates to ISO/IEC 24759
- Second Draft NIST SP 800-140D Revision 1, CMVP Approved Sensitive Security Parameter Generation and Establishment Methods: CMVP Validation Authority Updates to ISO/IEC 24759
These documents introduce the naming conventions that will be used for validation submissions and certificates. In addition, the following four standards are being added: SP 800-208, Stateful Hash-Based Signature Schemes (October 2020), SP 800-133 Rev.2, Recommendation for Cryptographic Key Generation (June 2020), SP 800-56C Rev. 2, Recommendation for Key-Derivation Methods in Key-Establishment Schemes (August 2020), RFC 8446, The Transport Layer Security (TLS) Protocol Version 1.3, Section 7.1 (August 2018).
The public comment period for these documents is open through March 25, 2022. See the publication details for 800-140C and 800-140D to download the draft documents and get instructions for submitting comments.
Michael Roza CPA, CISA, CIA, MBA, Exec MBA