CMVP Has Begun Archiving!

As previously mentioned, CMVP announced that all FIPS 140-2 validations that use Random Number Generators (RNG), as well as certifications that use both the NIST 800-90A DRBG and RNG will be required to re-validate, otherwise, they will be placed on an unprocurable products list, which mandates reaffirmation with CMVP that you can meet new standards.

Today, CMVP began to take those certifications off their site. They have updated the active validation lists, and moved modules with RNGs to a legacy list. That list has been posted and by count, 1,332 certifications have been removed.  This is just the first phase of the process, as CMVP has not yet finished this first step in archiving.  This list will continue to grow.  Additional modules are marked “This module is in process for the RNG transition”, furthering the assumption that more and more certifications will be removed.  Visit the site to make sure you have not been affected.

You can also take a look at the updated list of validated products that are still viable here.

Remember, this does not include those validations that will be removed as part of the five year sunsetting program.  Make sure to get ahead of the process and start your certification maintenance prior to being removed.

Contact Corsec to get get back on the approved list or to check the status of validated cryptographic modules that are relevant to your product.