August 12, 2015

NIST Seeking Public Comments on ISO/IEC 19790:2012

NIST announced today that they are seeking public comments on using ISO/IEC standards for cryptographic algorithm and cryptographic module testing, conformance, and validation activities, currently specified by Federal Information Processing Standard (FIPS) 140-2.

The responses to this request will be used to plan possible changes to the FIPS standard or in a decision to use all or part of ISO/IEC 19790:2012, Security Requirements for Cryptographic Modules, for testing, conformance and validation of cryptographic algorithms and modules.

The comment period is 45 days (September 28, 2015) and all are encouraged to provide feedback.  Seeing as though the next revision of the FIPS standard is long overdue, the hope is that the comments that are provided help NIST converge on a solution.  Even if not all aspects of the current ISO standard are perfect, it is still a big improvement compared to continuing to test to FIPS 140-2.