Cryptographic Module Validation Program

Programmatic Transitions

Program Related Transitions

The CMVP is offering an interim validation process for module submissions. This interim validation option is voluntary; however, CSTLs must notify CMVP of the vendor's intent prior to 1 Oct 2024.

Vendors do not need to take any action if they would prefer to wait for their full review to be completed to receive full, five-year validation.  Vendors who would like to elect the interim validation should follow the process below.

These module submissions will be reviewed for completeness by CMVP staff.  If needed, there will be a brief period of Coordination with the CST lab to resolve any questions.  Once this step is successfully completed:

A two-year sunset date (expiration date) will be awarded. 
The ‘Interim Validation” caveat will be added to the certificate validation entry to distinguish them from a full validation (see CMVP Caveats webpage for more information)
A supplementary follow-up submission, adhering to the SP 800-140Br1 format, may be submitted to the CMVP. This follow-up submission must be received by the CMVP prior to the two-year sunset date for the interim validation to remain on the active list until the completion of the follow-up submission.
Any non-compliance identified (e.g., during the follow-up review) will be resolved with existing processes and provide the opportunity for a timely resolution prior to moving the validation certificate to the Historical or Revocation lists (see FIPS 140-3 Management Manual 4.8 for more information).
After a successful review and completion of this follow-up, the "Interim Validation" status will be lifted, and the sunset date will be extended to accommodate an increase from two to five years for the total validation period.
The validation will be moved to the historical list if the follow-up submission is not received prior to the two-year sunset date.

The interim validation submission must meet the following criteria:

The vendor must inform the CMVP through their Cryptographic Security Testing (CST) lab if they elect to choose interim validation.
The requesting CST lab must be in an active status with NVLAP.
The original submission must have been received by the CMVP prior to 1 Jan 2024, and have not yet been validated. 
The submission must be fully tested and evaluated for conformance to the FIPS 140-3 standard by an active, accredited CST lab.
The submission much be recommended for validation by the accredited CST lab who performed the testing.
In addition to the original submission documents, the CST lab must also complete and sign a CMVP-provided requirement checklist.

Algorithm Related Transitions

Algorithm Testing and CMVP Submission Dates

Table updated Jan 30, 2024
Algorithm/Scheme	Standard	Relevant IG(s)[1]	ACVTS Prod Date[2]	Submission Date[3]
AES-CBC-CS	Addendum to SP 800-38A	FIPS 140-2: A.12	Prior to Jun 30, 2020	Sep 1, 2020
AES FF1	SP 800-38G	FIPS 140-2: A.10	Prior to Jun 30, 2020	Sep 1, 2020
cSHAKE, TupleHash, ParallelHash, KMAC	SP 800-185	FIPS 140-2: A.15	Prior to Jun 30, 2020	Sep 1, 2020
RSA 4096 bit modulus[4]	FIPS 186-4, SP 800-131A Rev. 2	FIPS 140-2: G.18	Prior to Jun 30, 2020	Sep 1, 2020
Higher level algorithms using FIPS 202 functions[5]	FIPS 202	FIPS 140-2: A.11 FIPS 140-3: C.C	Prior to Jun 30, 2020	Sep 1, 2020
ANS X9.42-2001 KDF	SP 800-135 Rev. 1	FIPS 140-2: G.20 FIPS 140-3: 2.4.B	Prior to Jun 30, 2020	Sep 1, 2020
ENT	SP 800-90B	FIPS 140-2: 7.18, 7.19 FIPS 140-3: D.J, D.K	N/A	Nov 7, 2020[6]
PBKDF	SP 800-132	FIPS 140-2: D.6 FIPS 140-3: D.N	Prior to Jun 30, 2020	Dec 31, 2020
KAS-RSA or KAS-RSA-SSC IFC	SP 800-56B Rev. 2	FIPS 140-2: D.8 FIPS 140-3: D.F	Sep 30, 2020	Dec 31, 2020
KTS-RSA IFC	SP 800-56B Rev. 2	FIPS 140-2: D.9 FIPS 140-3: D.G	Sep 30, 2020	Dec 31, 2020
KAS or KAS-SSC DLC (FFC or ECC)	SP 800-56A Rev. 3	FIPS 140-2: D.1-rev3, D.8 FIPS 140-3: D.F	Sep 30, 2020	Dec 31, 2020[7]
KDA[8]	SP 800-56C Rev. 1 (Withdrawn), SP 800-56C Rev. 2	FIPS 140-2: D.10	Sep 30, 2020	Dec 31, 2020
TLS 1.3 KDF	RFC 8446 - Sections 4.4.1 and 7.1	FIPS 140-2: G.20 FIPS 140-3: 2.4.B	Jan 22, 2021	Jun 30, 2021
RSADP 2.0 – adds support for 3072 and 4096 moduli in addition to 2048	SP 800-56B Rev. 2	FIPS 140-3: 2.4.C	Dec 28, 2022	Mar 31, 2023
ECDSA, EdDSA, RSA	FIPS 186-5, SP 800-186	FIPS 140-3: C.K	Feb 3, 2023	Jul 25, 2023[9]
ANSI X9.63-2001 KDF - adds support for SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384 and SHA3-512	SP 800-135 Rev. 1 FIPS 202	FIPS 140-2: A.11 FIPS 140-3: C.C	Mar 21, 2023	Jun 30, 2023
SRTP (using the 48-bit index value)	SP 800-135 Rev. 1 NIST Informative Note	FIPS 140-3: 2.4.C	Mar 21, 2023	Jun 30, 2023
Hash DRBG / HMAC DRBG - adds support for SHA3-224, SHA3-256, SHA3-384, and SHA3-512	SP 800-90A Rev. 1 FIPS 202	FIPS 140-2: A.11 FIPS 140-3: C.C	Oct 6, 2023	Mar 31, 2024
RSASP 2.0 – adds support for 3072 and 4096 moduli in addition to 2048	FIPS 186-4 & FIPS 186-5	FIPS 140-3: 2.4.C	Jan 18, 2024	Jun 30, 2024

[1] Most algorithm self-test requirements are in IG 9.4 (for FIPS 140-2) and IG 10.3.A (for FIPS 140-3).

[2] Date in which the algorithm was moved onto the ACVTS production server.

[3] After this date, module submissions that modify or reset the sunset date must CAVP test the applicable algorithm(s) that are used in an approved mode and perform the required self-tests. The provision from the previous sentence is applicable even prior to this date if there is no vendor affirmed IG for this algorithm. For FIPS 140-3 submissions, algorithms that show a Submission Date on or before December 31, 2020 are immediately transitioned rather than following the date listed in this table.

[4] This entry represents an addition of the RSA 4096-bit modulus testing to FIPS 186-4 (e.g. KeyGen, SigGen, SigVer).

[5] Not all higher-level algorithms support CAVP testing using FIPS 202 functions (e.g. DRBG, DSA, all CVL KDFs besides ANS x9.42, RSA). This date applies to the following higher-level algorithms (unless the algorithm itself has a later transition date) which do support FIPS 202 functions: ECDSA, HKDF, HMAC, KAS/KAS-RSA/SSC (SP 800-56Arev3 and SP 800-56Brev2), KBKDF, ANS x9.42 CVL, PBKDF. This table may need to be updated in the future.

[6] SP 800-90B compliance is required after November 7, 2020 for FIPS 140-2. This entry will be updated once ENT certification becomes available. In addition, this date is applicable to the vetted conditioning components specified in SP 800-90B section 3.1.5.1.1 which must be CAVP tested if implemented as part of an approved SP 800-90B compliant ENT.

[7] This date is applicable to the Safe Primes Groups as specified in SP 800-56Arev3 Appendix D which must be CAVP tested if implemented as part of an approved SP 800-56Arev3 compliant KAS.

[8] This includes the HKDF which is compliant to SP 800-56C (Rev.1 and Rev.2) and separately CAVP testable.

[9] Per IG C.K, "It is strongly recommended for modules submitted to the CMVP to comply with FIPS 186-5 and SP 800-186, even before the transition dates specified in this IG" if all applicable requirements are met, including algorithm self-tests per IG 10.3.A.

Algorithm Historical List Dates

Algorithm/Scheme	Standard	Relevant IG(s)	Submission Date[1]	Historical Date[2]
FIPS 186-2 RSA Key Gen or Sig Gen[3]	FIPS 186-2 (Withdrawn), SP 800-131A Rev. 2	FIPS 140-2: G.18 FIPS 140-3: N/A	August 31, 2020	September 1, 2020
RSA-based KAS or KTS compliant to SP 800-56B	SP 800-56B (Withdrawn)[4]	FIPS 140-2: D.4, D.8, D.9 FIPS 140-3: N/A	December 31, 2020	N/A
RSA-based key transport schemes that are not compliant to either SP 800-56B or SP 800-56B Rev. 2		FIPS 140-2: Allowed per D.9 FIPS 140-3: N/A	December 31, 2020	N/A
RSA-based key transport schemes that only use PKCS#1-v1.5 padding[5]	RFC 2313 Section 8.1	Allowed per FIPS 140-2: D.9 FIPS 140-3: D.G	December 31, 2023	FIPS 140-2: N/A FIPS 140-3: January 1, 2024
DLC-based KAS compliant to SP 800-56A	SP 800-56A Revised (Withdrawn)	FIPS 140-2: D.8 FIPS 140-3: N/A	December 31, 2020	July 1, 2022
DLC-based KAS compliant to SP 800-56A Rev. 2	SP 800-56A Rev. 2 (Withdrawn)[6]	FIPS 140-2: D.1rev2 FIPS 140-3: N/A	December 31, 2020	July 1, 2022
Key agreement schemes that are not compliant with any version of SP 800-56A		FIPS 140-2: D.8 FIPS 140-3: N/A	December 31, 2020	July 1, 2022
Triple-DES encryptions[7]	SP 800-67 Rev. 2, SP 800-131A Rev. 2		December 31, 2023	FIPS 140-2: N/A FIPS 140-3: January 1, 2024
FIPS 186-4 DSA Key Gen, Sig Gen, or PQG Gen [8]; FIPS 186-4 X9.31 RSA Key Gen, RSA Sig Gen	FIPS 186-4	FIPS 140-3: C.K	February 4, 2024	N/A
AES-CBC-MAC within OTAR	P25 OTAR (Over-The-Air-Rekeying) defined in TIA-102.AACA-B	FIPS 140-3: D.C	October 31, 2023	N/A
ENT [9]	SP 800-90B	FIPS 140-3: D.J	January 1, 2023	N/A

Table updated November 6, 2024

[1] The last date that a module that implements this algorithm in the approved mode can be submitted to the CMVP. Submissions that do not modify or initiate a sunset date can still be submitted after this date.

[2] Date in which modules that implement these algorithms in an approved mode will be moved to the historical list. If marked N/A, the module will NOT be moved to the historical list based on this transition.

Cryptographic Module Validation Program CMVP

Project Links

Programmatic Transitions

Program Related Transitions

Algorithm Related Transitions