Instead, let's use "FIPS 140-4" to identify the follow-on standard that the United States Department of Commerce will eventually approve.
Here are the latest developments and my projections for FIPS 140-4:
- The Division Chief of NIST's Computer Security Division has moved into a new role. Matthew Scholl is now the Acting Division Chief.
- Since Matt Scholl is serving in an "Acting" role, expect no progress on FIPS 140-4 until the Division Chief role is officially filled. (NOTE: This is absolutely no dig on Matt -- he understands the FIPS 140 revision history very well and I imagine he is being asked to focus on other matters as Acting Division Chief)
- I suspect the new Division Chief will have someone in NIST put a bow on ISO/IEC 19790:2012 and present it as FIPS 140-4 to the Secretary of Commerce for signature.
With these developments and projections in mind, here is my guess at a FIPS 140-4 schedule:
|3-6 months||Division Chief role filled at NIST; FIPS 140-4 presented to
the Secretary of Commerce
|Up to 6 months||Secretary of Commerce signs FIPS 140-4||Feb-Apr 2015|
|6 months||FIPS 140-4 effective; FIPS 140-2 transition period begins||Aug-Oct 2015|
|6 months||FIPS 140-2 transition period ends||Feb-Apr 2016|
The FIPS 140-2 transition period is expected to be a 6 month period where cryptographic modules may be tested to FIPS 140-2 requirements or FIPS 140-4 requirements.