Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST Proposes to Revise SP 800-38B, “CMAC” and SP 800-38C, “CCM”

NIST's Crypto Publication Review Board is proposing to update Special Publications 800-38B, "The CMAC Mode for Authentication," and 800-38C, "The CCM Mode for Authentication and Confidentiality." Submit public comments through Friday, February 28, 2025.

In June 2024, NIST's Crypto Publication Review Board initiated a review of the following publications:

In response, NIST received public comments on SP 800-38B and SP 800-38C.

NIST proposes to revise both publications.  The main technical changes would be the following:

  • Harmonize the tag length guidance in SP 800-38B with that of SP 800-38C (i.e., a minimum of 32 bits with a recommendation for at least 64 bits in general)
  • Strengthen the example formatting function for CCM to a requirement
  • Remove support for the disallowed Triple DES block cipher from CMAC

NIST would also consider other technical changes that were suggested in the public comments, in addition to editorial improvements.

Submit your comments on this decision proposal by February 28, 2025, to cryptopubreviewboard [at] nist.gov (cryptopubreviewboard[at]nist[dot]gov) with “Comments on SP 800-38B Decision Proposal" or "Comments on SP 800-38C Decision Proposal” in the subject line.  

Comments received in response to this request will be posted on the Crypto Publication Review Project site after the due date. Submitters’ names and affiliations (when provided) will be included, while contact information will be removed. See the project site for additional information about the review process.  

Released January 29, 2025