Transitioning to SP800-56A Rev3 (C42b)
Recently, FIPS 140-2 Implementation Guidance (IG) D.8 and D.1-rev3 have been updated to state the requirements for vendor affirmation to NIST Special Publication (SP) 800-56A Rev3 and the transition from validating Rev1/Rev2 to the Rev3 of this standard. The key establishment schemes defined by SP 800-56A form an integral part of the modules which are used in protocol-based implementations. Therefore, vendors will be keen to keep their module compliant to either Rev3 or scenario X2 of IG D.8 past January 1, 2021. This presentation will guide vendors on the available scenarios and suggest how to go about the transition. Additionally, ACVP testing will become mandatory starting July 1, 2020 which includes additional checks for Diffie-Hellman and EC Diffie-Hellman algorithms which were not present in the CAVS. The presentation will also include guidance to vendors on testing the SP 800-56A algorithms through ACVT. With the right knowledge of the requirements and analysis of the available compliance scenarios, the presentation aims to help the vendors to have a smooth transition for SP 800-56A.