December 12, 2011

Power-on self-test guidance


The CMVP intends to release new FIPS 140-2 Implementation Guidance clarifying the power-on self-test required for cryptographic algorithms whose outputs do not vary for a given set of inputs (e.g. RSA).

A Known Answer Test (KAT) will be required in the future for cryptographic modules that perform RSA sign and verify when the outputs of those operations are deterministic.

The Implementation Guidance will include a transition date.  After that transition date, new FIPS 140-2 validation submissions must implement a Known Answer Test (for a deterministic mode of RSA) as a power-on self-test.  A Pairwise Consistency Test will no longer be acceptable as a power-on self-test (for a deterministic mode of RSA).

The release date of the Implementation Guidance and the transition date are not yet available. 

December 1, 2011

2011 FIPS 140-2 certificate totals



The number of FIPS 140-2 certificates issued through November 30, 2011 remains at a 20% slower pace compared to 2010.  Here are the totals by Lab for 2011:


 And the percentages:






October 5, 2011

3rd Quarter FIPS 140-2 certificate totals still trending down

At the end of 3Q 2011, the CMVP has posted 137 new FIPS 140-2 certificates for the year.  The projection for the year is 183 certificates which is 20% less than last year's total of 229.

The chart below shows the breakdown of FIPS 140-2 certificates by Laboratory for 2011 (through September 30, 2011).  The number between the Lab name and the percentage is the number of certificates for 2011.