Getting Ready for FIPS 140-3 (C32a)
On behalf of the Cryptographic Module User’s Forum (CMUF) FIPS 140-3 Transition Working Group (WG), the speaker will report the work performed by the WG to assist the Cryptographic Module Validation Program (CMVP) with a smooth transition from FIPS 140-2 to FIPS 140-3. The WG has provided comparison documents to highlight the differences between the two standards. The WG studied the existing FIPS 140-2 Implmentation Guidances (IGs) and provided feedback for IG dispositions. The WG commented on NIST Special Publication (SP) 800-140x drafts, which are indispensable, integral supporting documents for FIPS 140-3. The CMVP’s adoption of ISO/IEC 19790 and ISO/IEC 24759 implies that they inherit all of the shall statements from the ISO standards and the CMVP won’t overwrite any of them via supplemental documents such as IGs. For the requirements that need to be clarified by the ISO standards, the WG also submitted comments on the ISO standards which are undergoing a study period until March 2020. The WG plans to continuously support the CMVP’s transition effort by offering assistance on the FIPS 140-3 Management Manual, IG, and Web Cryptik Tool whenever input is sought.