Algorithm Transition Dates

Recent Implementation Guidance (IG) from NIST could impact vendor algorithms. The following overview has been created to summarize those critical dates and associated algorithms.

AES CBC-CS1, CBC-CS2, CBC-CS3 (IG A.12)

  • Until Sep. 1, 2020, implementations that claim vendor affirmation to NIST SP 800-38A Addendum A will be accepted for submission.
  • After Sep. 1, 2020, only implementations that are CAVP-tested for compliance toNIST SP 800-38A Addendum A will be accepted for submission.

SHAKE and KECCAK-based hash algorithms (IG A.15)

  • Until Sep. 1, 2020, implementations that claim vendor affirmation to NIST SP 800-185 will be accepted for submission.
  • After Sep. 1, 2020, only implementations that are CAVP-tested for compliance toNIST SP 800-185 will be accepted for submission.

PBKDF (IG D.6)

  • Until Dec. 31, 2020, implementations that claim vendor affirmation to NIST SP 800-132 will be accepted for submission.
  • After Dec. 31, 2020, only implementations that are CAVP-tested for compliance to NIST SP 800-132 will be accepted for submission.

Key agreement schemes (IG G.20, IG D.1-rev2, IG D.1-rev3, and IG D.8)

  • New submissions (3SUB, 5SUB) with previous NIST SP 800-56A-based acceptance scenarios will no longer be accepted after Dec. 31, 2020. These scenarios include, for example, allowances for leveraging a shared secret CVL and a KDF CVL to claim a compliant KAS.
  • Implementations under the previous NIST SP 800-56A-based acceptance scenarios will no longer be acceptable for use in FIPS mode after Dec. 31, 2021.
    • CVL certificates used to claim compliance for key agreement schemes will become obsolete after Dec. 21, 2021.
    • New submissions with these CVL certificates will not be accepted after Dec. 21, 2021.
    • Modules with claims of compliance to NIST SP 800-56A or NIST SP 800-56Arev2 will be moved to the Historical List effective Jan 1, 2022.
  • Until Dec. 31, 2020, implementations that claim vendor affirmation to NIST SP 800-56Arev3 will be accepted for submission.
  • After Dec. 31, 2020, only implementations that are CAVP-tested for compliance toNIST SP 800-56Arev3 will be accepted for submission.

Key transport schemes (IG D.9)

  • RSA-based implementations that claim compliance to NIST SP 800-56Brev3 will require CAVP testing after Dec. 31, 2020.
  • New submissions (3SUB, 5SUB) with RSA-based implementations that are vendor-affirmed to NIST SP 800-56B will no longer be accepted after Dec. 31, 2020.
  • RSA-based implementations that are vendor-affirmed to NIST SP 800-56B will be disallowed after Dec. 31, 2023.
  • Non-compliant implementations of RSA key wrap will be allowed until Dec. 31, 2023.
  • New submissions (3SUB, 5SUB) with non-compliant implementations of RSA key wrap will no longer be accepted after Dec. 21, 2020.

Key derivations schemes (IG D.10)

  • Vendors may continue to claim vendor affirmation to NIST SP 800-56Crev1 thru Dec. 31, 2020.
  • Implementations that claim compliance to NIST SP 800-56Crev1 will require CAVP testing after Dec. 31, 2020.

Need Support?

Contact Corsec to discuss your resolution path and determine if you need to take action for your validation.

###

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Press Contact:

Jake Nelson
Corsec Director of Marketing
jnelson@corsec.com

LinkedIn     Twitter    Facebook