CVE Management: When is the Right Time to Revalidate? (U23a)
The number of Common Vulnerability and Exposures (CVEs) continues to grow each year. The FIPS 140-3 standard introduced more defined CVE management requirements for cryptographic modules. Managing CVEs are critical to maintaining the security and compliance of products and of cryptographic modules. With the onset of FIPS 140-3, vendors should consider their CVE management plan to ensure their products meet the security needs of the customer as well as remain in compliance with the FIPS 140 standards. This presentation will address the current FIPS 140-3 CVE management requirements and recommend several strategies the vendor should consider in making the decision as to when, or if to update a FIPS 140 validation.