Updates to CMVP’s Sunsetting Policy

From the CMVP on their validation Sunsetting Policy:

The CMVP is adopting a five year validation sunsetting policy, effective February 1, 2017. The CMVP will move all validation entries with most recent validation dates** prior to February 1, 2012 and all FIPS 140-1 validation entries from the Active Validation Lists to the Historical Validation List.

The Historical Validation List is not to be used for procurement by federal agencies. To maintain compliance with FISMA, agencies that use modules on the Historical List must make a risk management decision whether to continue to use these modules or replace them with compliant modules from the Active Validation Lists.

Through January 31, 2017, vendors may reinstate affected modules in one of the following two ways:

  1. Modules fully compliant with the latest standard and guidance:
    1SUB scenarios, reaffirming the validation. Vendors must work with one of the NVLAP accredited Cryptographic and Security Testing Laboratories to prepare the submission for CMVP. The laboratory will review the module and confirm it complies with all applicable transitions (e.g. 2-key Triple-DES, RNG).
  2. Modules that require some maintenance changes:
    Review all revalidation scenarios: FIPS 140-2 Implementation Guidance – G.8.

**Note: The most recent validation date for a module is the latest update of the validation certificate as the result of the original submission or any of the available revalidation scenarios (1SUB, 2SUB, 4SUB).

  • Effective July 1, 2016, for validation entries on the Historical List, the CMVP will only accept 1SUBs for administrative updates (e.g. updating contact information). The CMVP will not accept 1SUBs for any other types of updates (e.g. adding operating environments).
  • Effective February 1, 2017, 1A and 1BSUB scenarios will inherit the sunset date of the original certificate.
  • Effective February 1, 2017, 1SUB scenarios will not reset the sunset date.

Subscribe to Corsec emails and receive updates directly to your inbox!