Transitioning to SP800-56A Rev3 (C23c)
The key establishment schemes defined by SP 800-56A form an integral part of the modules which are used in protocol-based implementations. Recently, the CMVP announced the decision to delay the transition of non-NIST Special Publication (SP) 800-56ARev3 compliant modules to the Historical list from January 1, 2022 to July 1, 2022. At the same time the CMVP is allowing submission of the module changes to address algorithm transitions under scenario 3B post September 22, 2021. This gives vendors an opportunity to keep their module compliant to Rev3 past July 1, 2022. The presentation aims to explain the FIPS 140-2 Implementation Guidance (IG) D.8 that includes the requirements to comply with SP 800-56A Rev3. This will guide vendors on the available options to make the module compliant to 56Arev3 and avoid transitioning to the historical list in 2022. Additionally, ACVP testing will also be required to comply to 56Arev3 which includes additional checks for Diffie-Hellman and EC Diffie-Hellman algorithms which were not present in the CAVS. The presentation will also include guidance to vendors on testing the SP 800-56A algorithms through ACVT. With the right knowledge of the requirements, and analysis of the available compliance scenarios, this presentation aims to help vendors have a smooth transition to SP 800-56A.