Transcription of Implementation Guidance for FIPS 140-3 - NIST
1 Implementation Guidance for FIPS 140-3 and the Cryptographic Module Validation Program National Institute of Standards and Technology Canadian Centre for Cyber Security Initial Release: September 21, 2020 Last Update: August 1, 2023 Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program National Institute of Standards and Technology CMVP 2 08/01/2023 Table of Contents OVERVIEW .. 4 SECTION 1 GENERAL .. 5 SECTION 2 CRYPTOGRAPHIC MODULE SPECIFICATION .. 6 BINDING OF CRYPTOGRAPHIC ALGORITHM VALIDATION CERTIFICATES .. 6 SUB-CHIP CRYPTOGRAPHIC SUBSYSTEMS.
2 8 PROCESSOR ALGORITHM ACCELERATORS (PAA) AND PROCESSOR ALGORITHM Implementation (PAI) .. 11 EXCLUDED COMPONENTS .. 15 DEFINITION AND USE OF A NON-APPROVED SECURITY FUNCTION .. 17 TRACKING THE COMPONENT VALIDATION LIST .. 22 APPROVED SECURITY SERVICE INDICATOR .. 24 SECTION 3 CRYPTOGRAPHIC MODULE INTERFACES .. 29 TRUSTED CHANNEL .. 29 SECTION 4 ROLES, SERVICES, AND AUTHENTICATION .. 32 AUTHORISED ROLES .. 32 MULTI-OPERATOR AUTHENTICATION .. 34 SECTION 5 SOFTWARE/FIRMWARE SECURITY .. 36 NON-RECONFIGURABLE MEMORY INTEGRITY TEST .. 36 SECTION 6 OPERATIONAL ENVIRONMENT.
3 37 SECTION 7 PHYSICAL SECURITY .. 38 TESTING TAMPER EVIDENT SEALS .. 38 HARD COATING TEST METHODS (LEVEL 3 AND 4) .. 39 SECTION 8 NON-INVASIVE SECURITY .. 41 SECTION 9 SENSITIVE SECURITY PARAMETER MANAGEMENT .. 42 ENTROPY CAVEATS .. 42 SSP ESTABLISHMENT AND SSP ENTRY AND OUTPUT .. 47 ACCEPTABLE ALGORITHMS FOR PROTECTING STORED SSPS .. 54 ZEROISATION OF ONE TIME PROGRAMMABLE (OTP) MEMORY .. 56 INDICATOR OF ZEROISATION .. 57 SECTION 10 SELF-TESTS .. 60 PRE-OPERATIONAL INTEGRITY TECHNIQUE SELF-TEST .. 60 CRYPTOGRAPHIC ALGORITHM SELF-TEST REQUIREMENTS .. 62 SELF-TEST FOR EMBEDDED CRYPTOGRAPHIC ALGORITHMS.
4 72 CONDITIONAL MANUAL ENTRY SELF-TEST REQUIREMENTS .. 73 ERROR LOGGING .. 74 PERIODIC SELF-TESTING .. 76 COMPLETE IMAGE REPLACEMENT VERSUS SOFTWARE/FIRMWARE LOADING .. 79 SECTION 11 LIFE-CYCLE ASSURANCE .. 83 CVE MANAGEMENT .. 83 SECTION 12 MITIGATION OF OTHER ATTACKS .. 86 MITIGATION OF OTHER ATTACKS .. 86 ANNEX A DOCUMENTATION REQUIREMENTS .. 87 Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program National Institute of Standards and Technology CMVP 3 08/01/2023 ANNEX B CRYPTOGRAPHIC MODULE SECURITY POLICY .. 88 ANNEX C APPROVED SECURITY FUNCTIONS.
5 89 USE OF NON-APPROVED ELLIPTIC CURVES .. 89 VALIDATION TESTING OF HASH ALGORITHMS AND HIGHER CRYPTOGRAPHIC ALGORITHM USING HASH ALGORITHMS .. 91 THE USE AND THE TESTING REQUIREMENTS FOR THE FAMILY OF FUNCTIONS DEFINED IN FIPS 92 USE OF A TRUNCATED HMAC .. 94 KEY GENERATION FOR RSA SIGNATURE ALGORITHM .. 95 APPROVED MODULUS SIZES FOR RSA DIGITAL SIGNATURE FOR FIPS 186-4 .. 96 SP 800-67 REV2 LIMIT ON THE NUMBER OF ENCRYPTIONS WITH THE SAME TRIPLE-DES 100 KEY/IV PAIR UNIQUENESS REQUIREMENTS FROM SP 800-38D .. 102 XTS-AES KEY GENERATION REQUIREMENTS .. 110 REQUIREMENTS FOR TESTING TO SP 800-38G.
6 111 TRANSITION FROM FIPS 186-4 TO FIPS 186-5 AND SP 800-186 .. 112 SP 800-107 REQUIREMENTS .. 115 ANNEX D APPROVED SENSITIVE SECURITY PARAMETER GENERATION AND ESTABLISHMENT METHODS .. 117 ACCEPTABLE SSP ESTABLISHMENT PROTOCOLS .. 117 STRENGTH OF SSP ESTABLISHMENT METHODS .. 119 REFERENCES TO THE SUPPORT OF INDUSTRY PROTOCOLS .. 122 ELLIPTIC CURVES AND THE FFC SAFE-PRIME GROUPS IN SUPPORT OF INDUSTRY PROTOCOLS .. 124 MOVED TO .. 126 KEY AGREEMENT METHODS .. 127 KEY TRANSPORT METHODS .. 131 REQUIREMENTS FOR VENDOR AFFIRMATION TO SP 800-133 .. 135 THE USE OF POST-PROCESSING IN KEY GENERATION METHODS.
7 137 ENTROPY ESTIMATION AND COMPLIANCE WITH SP 800-90B .. 140 INTERPRETATION OF SP 800-90B REQUIREMENTS .. 143 CRITICAL SECURITY PARAMETERS FOR THE SP 800-90A DRBGS .. 150 USING THE SP 800-108 KDFS IN AN APPROVED MODE .. 152 SP 800-132 PASSWORD-BASED KEY DERIVATION FOR STORAGE 153 COMBINING ENTROPY FROM MULTIPLE SOURCES .. 155 SP 800-56 CREV2 ONE-STEP KEY DERIVATION FUNCTION WITHOUT A COUNTER .. 157 TRANSITION OF THE TLS KDF TO SUPPORT THE EXTENDED MASTER SECRET .. 159 HASH FUNCTIONS ACCEPTABLE FOR USE IN THE SP 800-90A DRBGS .. 161 ANNEX E APPROVED AUTHENTICATION MECHANISMS.
8 162 APPLICABILITY OF REQUIREMENTS FROM SP 800-63B .. 162 ANNEX F APPROVED NON-INVASIVE ATTACK MITIGATION TEST 164 WITHDRAWN 165 ASSURANCE OF THE VALIDITY OF A PUBLIC KEY FOR SSP ESTABLISHMENT .. 165 CHANGE SUMMARY .. 167 NEW Guidance .. 167 MODIFIED Guidance .. 167 MAPPING FIPS 140-2 IGS TO FIPS 140-3 .. 171 END OF DOCUMENT .. 174 Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program National Institute of Standards and Technology CMVP 4 08/01/2023 Overview This Implementation Guidance document is issued and maintained by the Government's National Institute of Standards and Technology (NIST) and the Canadian Centre for Cyber Security (CCCS), which serve as the validation authorities of the Cryptographic Module Validation Program (CMVP) for their respective governments.
9 The CMVP validates the test results of National Voluntary Laboratory Accreditation Program (NVLAP) accredited Cryptographic and Security Testing (CST) Laboratories which test cryptographic modules for conformance to Federal Information Processing Standard Publication (FIPS) 140-3 , Security Requirements for Cryptographic Modules. The Cryptographic Algorithm Validation Program (CAVP) addresses the testing of Approved Security Functions and Approved Sensitive Security Parameter Generation and Establishment Methods w hich are referenced in the SP 800-140 series of FIPS 140-3 .
10 This document is intended to provide programmatic Guidance of the CMVP, and in particular, clarifications and Guidance pertaining to ISO/IEC 24759:2017(E), Test requirements for cryptographic modules, which are further clarified in FIPS PUB 140-3 Derived Test Requirements (DTR), which are used by CST Laboratories to test for a cryptographic module's conformance to FIPS 140-3 . Guidance presented in this document is based on responses issued by NIST and CCCS to questions posed by the CST Labs, vendors, and other interested parties. Information in this document is subject to change by NIST and CCCS.
