National Institute of Standards and Technology releases CMVP Security Policy Requirements: CMVP Validation Authority Updates to ISO/IEC 24759 and ISO/IEC 19790 Annex B

May 13, 2022 |

The National Institute of Standards and Technology today released its CMVP Security Policy Requirements: CMVP Validation Authority Updates to ISO/IEC 24759 and ISO/IEC 19790 Annex B.  it is a very technical document, even by NIST standards, coming in at 80 pages.

The publication amends NIST SP 800 – 140B by:

  1. Defining a more detailed structure and organization for the Security Policy
  2. Capturing Security Policy requirements that are defined outside of ISO/IEC 19790 and ISO/IEC 24759
  3. Building the Security Policy document as a combination of the subsection information
  4. Generating the approved algorithm table based on lab/vendor selections from the algorithm tests

The abstract provides:

NIST Special Publication (SP) 800-140Br1 is to be used in conjunction with ISO/IEC 19790 Annex B and ISO/IEC 24759 section 6.14. The special publication modifies only those requirements identified in this document. SP 800-140Br1 also specifies the content of the information required in ISO/IEC 19790 Annex B. As a validation authority, the Cryptographic Module Validation Program (CMVP) may modify, add, or delete Vendor Evidence (VE) and/or Test Evidence (TE) specified under paragraph 6.14 of the ISO/IEC 24759 and specify the order of the security policy as specified in ISO/IEC 19790:2012 B.1.

Leave a Reply





Verified by MonsterInsights