Blog

Drafts of the SP 800-140x document series are now available for public comment!

These modify the requirements of FIPS 140-3 from ISO 19790 and 24759. Comments are due December 9, 2019.

Read More »

International Conference on the EU Cybersecurity Act

The EU Cybersecurity Act revamps and strengthens the EU Agency for cybersecurity (ENISA) and establishes an EU-wide cybersecurity certification framework for digital products, services and processes.

Read More »

NIST releases new and updated FIPS 140-2 Implementation Guidance

    New Guidance:
  • IG G.18 Limiting the Use of FIPS 186-2
  • IG D.1-rev3 CAVP Requirements for Vendor Affirmation to SP 800-56A Rev3 and the Transition from the Validation to the Earlier Versions of the Standard
    Updated Guidance:
  • IG G.8 Revalidation Requirements – Updated Scenario 3A to permit a 3A submission to incorporate a Scenario 1 (non-security relevant) changes to be submitted as a single package.
  • IG 9.4 Known Answer Tests for Cryptographic Algorithms - Added a requirement in the symmetric-key algorithms section to self-test the forward and inverse cipher functions (if implemented by the module). Corrected the authenticated encryption mode hierarchy since item 2 (AES KW) testing should not cover item 3 (Triple-DES KW). Clarified how to meet the requirements of the bullets #1-#4 and how they relate to each other. Updated the Additional Comments paragraph to clarify when the PCT applies for an asymmetric key generation implementation.
  • IG D.8 Key Agreement Methods – Incorporated vendor affirmation to SP 800-56Arev3 and the new IG D.1rev3 into this IG.
  • IG D.10 Requirements for Vendor Affirmation of SP 800-56C - Updated to allow for vendor affirming to SP 800-56Crev1.
Read More »

Come see us at the ICMC this year in Vancouver, Canada

Read More »

We Look Forward To Hearing From You.