Algorithm Transition Dates

Recent Implementation Guidance (IG) from NIST could impact vendor algorithms. The following overview has been created to summarize those critical dates and associated algorithms.

AES CBC-CS1, CBC-CS2, CBC-CS3 (IG A.12)

  • Until Sep. 1, 2020, implementations that claim vendor affirmation to NIST SP 800-38A Addendum A will be accepted for submission.
  • After Sep. 1, 2020, only implementations that are CAVP-tested for compliance toNIST SP 800-38A Addendum A will be accepted for submission.

SHAKE and KECCAK-based hash algorithms (IG A.15)

  • Until Sep. 1, 2020, implementations that claim vendor affirmation to NIST SP 800-185 will be accepted for submission.
  • After Sep. 1, 2020, only implementations that are CAVP-tested for compliance toNIST SP 800-185 will be accepted for submission.

PBKDF (IG D.6)

  • Until Dec. 31, 2020, implementations that claim vendor affirmation to NIST SP 800-132 will be accepted for submission.
  • After Dec. 31, 2020, only implementations that are CAVP-tested for compliance to NIST SP 800-132 will be accepted for submission.

Key agreement schemes (IG G.20, IG D.1-rev2, IG D.1-rev3, and IG D.8)

  • New submissions (3SUB, 5SUB) with previous NIST SP 800-56A-based acceptance scenarios will no longer be accepted after Dec. 31, 2020. These scenarios include, for example, allowances for leveraging a shared secret CVL and a KDF CVL to claim a compliant KAS.
  • Implementations under the previous NIST SP 800-56A-based acceptance scenarios will no longer be acceptable for use in FIPS mode after Dec. 31, 2021.
    • CVL certificates used to claim compliance for key agreement schemes will become obsolete after Dec. 21, 2021.
    • New submissions with these CVL certificates will not be accepted after Dec. 21, 2021.
    • Modules with claims of compliance to NIST SP 800-56A or NIST SP 800-56Arev2 will be moved to the Historical List effective Jan 1, 2022.
  • Until Dec. 31, 2020, implementations that claim vendor affirmation to NIST SP 800-56Arev3 will be accepted for submission.
  • After Dec. 31, 2020, only implementations that are CAVP-tested for compliance toNIST SP 800-56Arev3 will be accepted for submission.

Key transport schemes (IG D.9)

  • RSA-based implementations that claim compliance to NIST SP 800-56Brev3 will require CAVP testing after Dec. 31, 2020.
  • New submissions (3SUB, 5SUB) with RSA-based implementations that are vendor-affirmed to NIST SP 800-56B will no longer be accepted after Dec. 31, 2020.
  • RSA-based implementations that are vendor-affirmed to NIST SP 800-56B will be disallowed after Dec. 31, 2023.
  • Non-compliant implementations of RSA key wrap will be allowed until Dec. 31, 2023.
  • New submissions (3SUB, 5SUB) with non-compliant implementations of RSA key wrap will no longer be accepted after Dec. 21, 2020.

Key derivations schemes (IG D.10)

  • Vendors may continue to claim vendor affirmation to NIST SP 800-56Crev1 thru Dec. 31, 2020.
  • Implementations that claim compliance to NIST SP 800-56Crev1 will require CAVP testing after Dec. 31, 2020.

Need Support?

Contact Corsec to discuss your resolution path and determine if you need to take action for your validation.

###

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Press Contact:

Jake Nelson
Corsec Director of Marketing
jnelson@corsec.com

LinkedIn     Twitter    Facebook

Algorithm Transition Dates

Recent Implementation Guidance (IG) from NIST could impact vendor algorithms. The following overview has been created to summarize those critical dates and associated algorithms.

AES CBC-CS1, CBC-CS2, CBC-CS3 (IG A.12)

  • Until Sep. 1, 2020, implementations that claim vendor affirmation to NIST SP 800-38A Addendum A will be accepted for submission.
  • After Sep. 1, 2020, only implementations that are CAVP-tested for compliance toNIST SP 800-38A Addendum A will be accepted for submission.

SHAKE and KECCAK-based hash algorithms (IG A.15)

  • Until Sep. 1, 2020, implementations that claim vendor affirmation to NIST SP 800-185 will be accepted for submission.
  • After Sep. 1, 2020, only implementations that are CAVP-tested for compliance toNIST SP 800-185 will be accepted for submission.

PBKDF (IG D.6)

  • Until Dec. 31, 2020, implementations that claim vendor affirmation to NIST SP 800-132 will be accepted for submission.
  • After Dec. 31, 2020, only implementations that are CAVP-tested for compliance to NIST SP 800-132 will be accepted for submission.

Key agreement schemes (IG G.20, IG D.1-rev2, IG D.1-rev3, and IG D.8)

  • New submissions (3SUB, 5SUB) with previous NIST SP 800-56A-based acceptance scenarios will no longer be accepted after Dec. 31, 2020. These scenarios include, for example, allowances for leveraging a shared secret CVL and a KDF CVL to claim a compliant KAS.
  • Implementations under the previous NIST SP 800-56A-based acceptance scenarios will no longer be acceptable for use in FIPS mode after Dec. 31, 2021.
    • CVL certificates used to claim compliance for key agreement schemes will become obsolete after Dec. 21, 2021.
    • New submissions with these CVL certificates will not be accepted after Dec. 21, 2021.
    • Modules with claims of compliance to NIST SP 800-56A or NIST SP 800-56Arev2 will be moved to the Historical List effective Jan 1, 2022.
  • Until Dec. 31, 2020, implementations that claim vendor affirmation to NIST SP 800-56Arev3 will be accepted for submission.
  • After Dec. 31, 2020, only implementations that are CAVP-tested for compliance toNIST SP 800-56Arev3 will be accepted for submission.

Key transport schemes (IG D.9)

  • RSA-based implementations that claim compliance to NIST SP 800-56Brev3 will require CAVP testing after Dec. 31, 2020.
  • New submissions (3SUB, 5SUB) with RSA-based implementations that are vendor-affirmed to NIST SP 800-56B will no longer be accepted after Dec. 31, 2020.
  • RSA-based implementations that are vendor-affirmed to NIST SP 800-56B will be disallowed after Dec. 31, 2023.
  • Non-compliant implementations of RSA key wrap will be allowed until Dec. 31, 2023.
  • New submissions (3SUB, 5SUB) with non-compliant implementations of RSA key wrap will no longer be accepted after Dec. 21, 2020.

Key derivations schemes (IG D.10)

  • Vendors may continue to claim vendor affirmation to NIST SP 800-56Crev1 thru Dec. 31, 2020.
  • Implementations that claim compliance to NIST SP 800-56Crev1 will require CAVP testing after Dec. 31, 2020.

Need Support?

Contact Corsec to discuss your resolution path and determine if you need to take action for your validation.

###

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Press Contact:

Jake Nelson
Corsec Director of Marketing
jnelson@corsec.com

LinkedIn     Twitter    Facebook