Below you'll find a list of all posts that have been categorized as “FIPS 140-3”
[Update Sept 2024: These Standards have been published.] In our last article on Post Quantum Crypto (PQC) titled “Introduction to the Quantum Computing Impact on Cryptography”, we introduced quantum computing concepts and the potential impact on computer security and cryptography. …
CMVP algorithm transitions can be a great source of anxiety for vendors who seek to attain or maintain compliance to the FIPS 140-2 and 140-3 standards. A great deal of diligence, patience and persistence are required to continually review and …
Vendors are increasingly looking to leverage OpenSSL 3.x as their cryptographic module of choice within their products. At the same time, entropy continues to a be a focus in both FIPS 140-3 and Common Criteria projects. For those transitioning from …
Quantum computing continues to be a hot topic. Within the certification industry, it was most recently covered at the International Common Criteria Conference (ICCC) recently held in Spain. So, what is quantum computing and more importantly, what is the potential …
As of November 7, 2020, the Cryptographic Module Validation Program (CMVP) required that all FIPS 140-2 and FIPS 140-3 module validation submissions include documentation justifying conformance of the entropy source to NIST SP 800-90B, if the module is “either generating the …
To get an entropy source approved under FIPS 140-3 there are two options: ENT (P) or ENT (NP) entry on the FIPS module validation certificate (until October 1st, 2022) ESV certificate awarded by NIST’s Entropy Source Validation Testing (ESVT) This …
Algorithm validation testing is a critical path issue for FIPS 140-3 validations and for NIAP Protection Profile-based Common Criteria evaluations. Equipment vendors are often surprised at the level of effort and the potential challenges in successfully completing the algorithm testing …
Our previous article discussed how vulnerabilities are dealt with under the Common Criteria certification program in North America. All commercial product assurance programs deal with flaws and vulnerabilities in different ways, often with overlapping requirements, techniques and outcomes. In this …
The most common question we receive from clients on the FIPS Validation process is: “after my validation report has been sent to the Cryptographic Module Validation Program (“CMVP”), how long will it take to complete the Validation?”. This post outlines …
First time vendors to the FIPS 140 validation process are often not aware of the scope of supporting documentation and evidence required. These documentation inputs are integral to the lab being able to perform and finalize the full validation process. …
