CMVP Transitions Update (July 2023)

James Ramage FIPS 140-3

CMVP algorithm transitions can be a great source of anxiety for vendors who seek to attain or maintain compliance to the FIPS 140-2 and 140-3 standards. A great deal of diligence, patience and persistence are required to continually review and …

ESV and Me!

James Ramage Entropy, FIPS 140-3

As of November 7, 2020, the Cryptographic Module Validation Program (CMVP) required that all FIPS 140-2 and FIPS 140-3 module validation submissions include documentation justifying conformance of the entropy source to NIST SP 800-90B, if the module is “either generating the …

Vulnerabilities and FIPS 140-3

James Ramage FIPS 140-3

Our previous article discussed how vulnerabilities are dealt with under the Common Criteria certification program in North America. All commercial product assurance programs deal with flaws and vulnerabilities in different ways, often with overlapping requirements, techniques and outcomes. In this …

FIPS 140-3 Is Here!

Jason Lawlor and James Ramage FIPS 140-3

The countdown is on. As of September 22, 2021, FIPS 140-2 will be sunset and only FIPS 140-3 validations can be submitted to the Cryptographic Module Validation Program (CMVP). In this latest post, we cover the key differences in the …