Preparing for CMVP Validation Under SP 800-90C (C23a)
The generation of high-quality random bits is a cornerstone of modern cryptography and security applications. NIST Special Publication (SP) 800-90C, a crucial component of the SP 800-90 series, specifies the constructions for implementing robust Random Bit Generators (RBGs) by integrating approved Deterministic Random Bit Generators (DRBGs) (SP 800-90A) and validated entropy sources (SP 800-90B). Given the recent publication of SP 800-90C in September 2025 and CMVP validations expected to open soon, this talk will guide attendees through the essential steps and potential pitfalls of migrating to SP 800-90C compliance. the speakers will address key questions for a smooth transition: How can one effectively validate existing or new entropy sources against 800-90B guidelines? What are the best practices for integrating SP 800-90A compliant DRBGs into the overall RBG construction? Drawing on practical experience, this talk will provide actionable insights into planning, implementing, and validating SP 800-90C compliant systems. Key takeaways will include:
– Understanding the integrated requirements of the 90A, 90B, and 90C standards.
– Strategies for gap analysis in current RNG implementations.
– Practical validation methods for entropy sources and RBG construction.
Attendees will leave with a clear roadmap for achieving SP 800-90C compliance.