NIST Proposes to Revise SP 800-38B, “CMAC” and SP 800-38C, “CCM”

In June 2024, NIST's Crypto Publication Review Board initiated a review of the following publications:

• NIST Special Publication (SP) 800-38B, Recommendation for Block Cipher Modes of Operation: the CMAC Mode for Authentication, 2016
• SP 800-38C, Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality, 2007.

In response, NIST received public comments on SP 800-38B and SP 800-38C.

NIST proposes to revise both publications.  The main technical changes would be the following:

• Harmonize the tag length guidance in SP 800-38B with that of SP 800-38C (i.e., a minimum of 32 bits with a recommendation for at least 64 bits in general)
• Strengthen the example formatting function for CCM to a requirement
• Remove support for the disallowed Triple DES block cipher from CMAC

NIST would also consider other technical changes that were suggested in the public comments, in addition to editorial improvements.

Submit your comments on this decision proposal by February 28, 2025, to cryptopubreviewboard [at] nist.gov (cryptopubreviewboard[at]nist[dot]gov) with “Comments on SP 800-38B Decision Proposal" or "Comments on SP 800-38C Decision Proposal” in the subject line.  

Comments received in response to this request will be posted on the Crypto Publication Review Project site after the due date. Submitters’ names and affiliations (when provided) will be included, while contact information will be removed. See the project site for additional information about the review process.