CMVP algorithm transitions can be a great source of anxiety for vendors who seek to attain or maintain compliance to the FIPS 140-2 and 140-3 standards. A great deal of diligence, patience and persistence are required to continually review and …
Entropy in OpenSSL 3.0
Vendors are increasingly looking to leverage OpenSSL 3.x as their cryptographic module of choice within their products. At the same time, entropy continues to a be a focus in both FIPS 140-3 and Common Criteria projects. For those transitioning from …
Introduction to the Quantum Computing Impact on Cryptography
Quantum computing continues to be a hot topic. Within the certification industry, it was most recently covered at the International Common Criteria Conference (ICCC) recently held in Spain. So, what is quantum computing and more importantly, what is the potential …
ESV and Me!
As of November 7, 2020, the Cryptographic Module Validation Program (CMVP) required that all FIPS 140-2 and FIPS 140-3 module validation submissions include documentation justifying conformance of the entropy source to NIST SP 800-90B, if the module is “either generating the …
Entropy Validation in FIPS 140-3 (ENT vs ESV)
To get an entropy source approved under FIPS 140-3 there are two options: ENT (P) or ENT (NP) entry on the FIPS module validation certificate (until October 1st, 2022) ESV certificate awarded by NIST’s Entropy Source Validation Testing (ESVT) This …
Five Steps to Algorithm (CAVP) Validations at Lightship
Algorithm validation testing is a critical path issue for FIPS 140-3 validations and for NIAP Protection Profile-based Common Criteria evaluations. Equipment vendors are often surprised at the level of effort and the potential challenges in successfully completing the algorithm testing …
Vulnerabilities and FIPS 140-3
Our previous article discussed how vulnerabilities are dealt with under the Common Criteria certification program in North America. All commercial product assurance programs deal with flaws and vulnerabilities in different ways, often with overlapping requirements, techniques and outcomes. In this …
Understanding the IUT and MIP Lists and Their Wait Times
The most common question we receive from clients on the FIPS Validation process is: “after my validation report has been sent to the Cryptographic Module Validation Program (“CMVP”), how long will it take to complete the Validation?”. This post outlines …
Beyond the testing: FIPS 140-3 documentation inputs
First time vendors to the FIPS 140 validation process are often not aware of the scope of supporting documentation and evidence required. These documentation inputs are integral to the lab being able to perform and finalize the full validation process. …
FIPS 140-3 Is Here!
The countdown is on. As of September 22, 2021, FIPS 140-2 will be sunset and only FIPS 140-3 validations can be submitted to the Cryptographic Module Validation Program (CMVP). In this latest post, we cover the key differences in the …
- Page 1 of 2
- 1
- 2
