With this mini-update from the Cryptographic Technology Group (the responsible organization for developing the FIPS 140-3 publication), I am still comfortable with my guesses at the schedule I made in September 2012:
- 1Q of 2014 (January/February/March) - FIPS 140-3 becomes effective. The Derived Test Requirements have already been published by now. Modules may be validated by Labs for FIPS 140-3 requirements.
- 3Q of 2014 (July/August/September) - the transition period for completing FIPS 140-2 reports ends. All new validation reports submitted must be validated to FIPS 140-3 requirements.
- 2015 - Any products in the planning cycle that are to be released in 2015 must be designed to meet FIPS 140-3 requirements.