Cloud Key Management

NIST SP 800-140Br1 ipd DRAFT FOR COMMENT CMVP Security Policy Requirements: CMVP Validation Authority Updates to ISO/IEC 24759 and ISO/IEC 19790 Annex B

  • 1.  NIST SP 800-140Br1 ipd DRAFT FOR COMMENT CMVP Security Policy Requirements: CMVP Validation Authority Updates to ISO/IEC 24759 and ISO/IEC 19790 Annex B

    Posted May 12, 2022 09:56:00 AM
      |   view attached
    Hi All,

    NIST just published for Comment NIST SP 800-140Br1 ipd CMVP Security Policy Requirements: CMVP Validation Authority Updates to ISO/IEC 24759 and ISO/IEC 19790 Annex B

    The initial public draft of NIST Special Publication (SP) 800-140Br1 (Revision 1), CMVP Security Policy Requirements: CMVP Validation Authority Updates to ISO/IEC 24759 and ISO/IEC 19790 Annex B, is now available for public comment. This draft introduces four significant changes to NIST SP 800-140B:

    1. Defines a more detailed structure and organization for the Security Policy
    2. Captures Security Policy requirements that are defined outside of ISO/IEC 19790 and ISO/IEC 24759
    3. Builds the Security Policy document as a combination of the subsection information
    4. Generates the approved algorithm table based on lab/vendor selections from the algorithm tests

    The NIST SP 800-140x series supports Federal Information Processing Standards (FIPS) Publication 140-3, Security Requirements for Cryptographic Modules, and its associated validation testing program, the Cryptographic Module Validation Program (CMVP). The series specifies modifications to ISO/IEC 19790 Annexes and ISO/IEC 24759 as permitted by the validation authority.

    The public comment period for this initial public draft is open through July 12, 2022. See the publication details for instructions on submitting comments.



    ------------------------------
    Michael Roza CPA, CISA, CIA, MBA, Exec MBA
    ------------------------------