Press Contact:

The Cryptographic Module Validation Program (CMVP) is a part of the National Institute of Standards and Technology (NIST) which operates under the Department of Commerce.  The CMVP’s role is to promote the use of validated cryptographic modules and provide Federal agencies with a security metric to use in procuring equipment containing validated cryptographic modules, this primarily occurs through management and oversight of the testing required as part of the FIPS 140-2 / FIPS 140-3 validation standards.

The CMVP is currently experiencing longer than usual evaluation periods within the FIPS 140 programs. To rectify and hopefully assist in shortening those wait times, the CMVP is looking to automate processes and procedures related to the evaluation and testing of these cryptographic modules.

To support this newly identified objective, the CMVP has developed a draft document which outlines assumptions, challenges, current architectures, requirements, and guidance.  The ultimate goal is to identify ideas and recommendations on how to automate some of the more tedious and manual elements of the FIPS 140 evaluation process.  Specifically stating they hope to improve efficiencies and timelines within CMVP operations.

Some of the current challenges outlined include:

• An increase in complex modules being evaluated
• A lack of human resources to address the influx in evaluations
• Insufficient information/documentation submissions
• Operating Environment Updates

This is not the first time the CMVP has turned to automation, as they recently implemented a change to the methods for testing algorithms within the Cryptographic Algorithm Validation Program (CAVP). Read more about that transition here.

Although the effects of such an effort are not expected to make an impact in the near term, it is a positive sign that the CMVP is actively trying to improve things in the long run.

###

As the Cryptographic Module Validation Program (CMVP) prepares for the transition to automated algorithm testing, more and more algorithms are being subjected to the testing process.

Testing for the key agreement schemes specified in NIST Special Publication (SP) 800-56A is currently under development. Once available, FIPS 140-2 validated modules that implement those schemes will be required to comply with revision 3 of that recommendation and will be required to undergo algorithm testing. Modules that include untested implementations will be transitioned to the Historical List on January 1, 2022.

Further Details

Cryptographic Algorithm Validation Program (CAVP) testing was limited as outlined within NIST SP 800-56A, as such, Vendors were allowed to use the Diffie-Hellman and Elliptic Curve Diffie-Hellman key scheme agreements as “Non-Approved but allowed” algorithms. As the program has evolved, new guidance specified within SP 800-56A rev3 indicates Vendors will no longer be allowed to use the schemes as “non-Approved but allowed”, but instead must submit “Vendor Affirmation”, which requires substantial work, including code review.

Moreover, ACVT testing (the newly adopted form of automated algorithm testing) is under development for rev3. Once completed, that “Vendor Affirmation” will no longer be accepted.

Once testing is available, modules that include implementations to the old standard AND implementations that are vendor-affirmed will all be moved to the Historical List.

Solution

Contact Corsec to discuss your resolution path and determine if you need to take action for your validation.

New guidance from the National Institute of Standards and Technology (NIST) regarding the use of Digital Signatures (FIPS 186-2) will be impacting a number of FIPS 140-2 validations in the near future. This guidance will send many vendor certifications to the dreaded Historical list; NIST specifically outlines that Federal agencies should not include products listed on the Historical site for new procurements.

Background

Digital signatures are used to detect unauthorized modifications to data and to authenticate the identity of the signatory. In January of 2000, NIST published the FIPS 186-2, Digital Signature Standard (DSS) which specified a suite of algorithms which could be used to generate a digital signature. In 2009 FIPS 186-2 was replaced by FIPS 186-3 which was in turn replaced by FIPS 186-4 in 2013. The latest iteration raises the minimum modulus size for most signature function to 2048 bits but continued to allow for a 1024-bit modulus for digital signature verification as a legacy function.

Because of this legacy function, algorithm testing against FIPS 186-2 has continued along with testing against the newer standard.

To ensure the cryptographic modules adhere to the newer standard, NIST has issued Implementation Guidance (IG) G.18 – Limiting the Use of FIPS 186-2. This IG extended the transition date to two months after ACVP Transition Date and clarified which modules will be moved to the historical list, and the methods to remain on (or be moved back to) the active list.

IG G.18 Impact

NIST has released the following information which will impact those companies leveraging FIPS 186-2:

1. Algorithm testing of signature verification implementations for their compliance with FIPS 186-2 will continue to be allowed for legacy purposes. The CAVP will stop validation testing to all other functions of FIPS 186-2 (including key generation and signature generation) on July 1, 2020.
2. On September 1, 2020, the CMVP will place modules on the historical list that were CAVP tested for the following:
   • FIPS 186-2 RSA SigGen when the modulus size is lower than 4096 – Modules that support testing to FIPS 186-4 SigGen at 2048 and/or 3072 bits and FIPS 186-2 RSA SigGen at 4096 bits only will not be moved to the historical list. It will be assumed to be done as an added assurance rather than claiming compliance to FIPS 186-2.
   • FIPS 186-2 RSA KeyGen at all modulus sizes – Modules that support testing to FIPS 186-2 RSA KeyGen will be moved to the historical list on the date referenced above

Products that leverage an internal FIPS module which support FIPS 186-2 KeyGen / SigGen will either need to be updated by the owner of the validation or the module will need to be replaced.

This guidance also relates to some of the confusion surrounding archiving of FIPS 140-2 validations that utilize OpenSSL FIPS Object Modules. It has been announced that support for these modules will not continue and they will be retired.

Solution

The good news is there are ways to correct the issue and keep your certification on the validated modules list. Depending on your scenario, you could correct the issue through a 1SUB or 3SUB.

Contact Corsec to discuss your resolution path.