December 12, 2011

Power-on self-test guidance


The CMVP intends to release new FIPS 140-2 Implementation Guidance clarifying the power-on self-test required for cryptographic algorithms whose outputs do not vary for a given set of inputs (e.g. RSA).

A Known Answer Test (KAT) will be required in the future for cryptographic modules that perform RSA sign and verify when the outputs of those operations are deterministic.

The Implementation Guidance will include a transition date.  After that transition date, new FIPS 140-2 validation submissions must implement a Known Answer Test (for a deterministic mode of RSA) as a power-on self-test.  A Pairwise Consistency Test will no longer be acceptable as a power-on self-test (for a deterministic mode of RSA).

The release date of the Implementation Guidance and the transition date are not yet available. 

December 1, 2011

2011 FIPS 140-2 certificate totals



The number of FIPS 140-2 certificates issued through November 30, 2011 remains at a 20% slower pace compared to 2010.  Here are the totals by Lab for 2011:


 And the percentages: