Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.


The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

FIPS 140-3 Derived Test Requirements (DTR):CMVP Validation Authority Updates to ISO/IEC 24759



Kim B. Schaffer


NIST Special Publication (SP) 800-140 specifies the Derived Test Requirements (DTR) for Federal Information Processing Standard (FIPS) 140-3. SP 800-140 modifies the test (TE) and vendor (VE) evidence requirements of International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 24759. As a validation authority, the Cryptographic Module Validation Program (CMVP) may modify, add or delete TEs and/or VEs as specified under paragraph 5.2 of ISO/IEC 24759. This NIST Special Publication should be used in conjunction with ISO/IEC 24759 as it modifies only those requirements identified in this document.
Special Publication (NIST SP) - SP 800-140
Report Number
SP 800-140


Cryptographic Module Validation Program, CMVP, FIPS 140 testing, FIPS 140, ISO/IEC 19790, ISO/IEC 24759, testing requirement, vendor evidence
Created March 20, 2020, Updated May 24, 2020