Publications

Displaying 1 - 25 of 37

Workshop on Enhancing Security of Devices and Components Across the Supply Chain

February 18, 2025

Author(s)

Sanjay Rekhi, David Kuhn, Kim Schaffer, Murugiah Souppaya, Noah Waller, Nelson Hastings, Michael Ogata, William Barker

NIST hosted an in-person, all-day workshop on February 27, 2024, to discuss existing and emerging cybersecurity threats and mitigation techniques for semiconductors throughout their life cycle. The workshop obtained valuable feedback from industry

Recommendations for Federal Vulnerability Disclosure Guidelines

May 24, 2023

Author(s)

Kim B. Schaffer, Peter Mell, Hung Trinh, Isabel Van Wyk

Receiving reports on suspected security vulnerabilities in information systems is one of the best ways for developers and services to become aware of issues. Formalizing actions to accept, assess, and manage vulnerability disclosure reports can help reduce

CMVP Approved Security Functions: CMVP Validation Authority Updates to ISO/IEC 24759

May 20, 2022

Author(s)

Kim B. Schaffer, Alexander Calis

The approved security functions listed in this publication replace the ones listed in ISO/IEC 19790 Annex C and ISO/IEC 24759 6.15, within the context of the Cryptographic Module Validation Program (CMVP). As a validation authority, the CMVP may supersede

CMVP Approved Sensitive Security Parameter Generation and Establishment Methods: CMVP Validation Authority Updates to ISO/IEC 24759

May 20, 2022

Author(s)

Kim B. Schaffer, Alexander Calis

The approved sensitive security parameter generation and establishment methods listed in this publication replace the ones listed in ISO/IEC 19790 Annex D and ISO/IEC 24759 paragraph 6.16, within the context of the Cryptographic Module Validation Program

CMVP Approved Authentication Mechanisms: CMVP Validation Authority Requirements for ISO/IEC 19790:2012 Annex E and ISO/IEC 24759:2017

March 20, 2020

Author(s)

Kim B. Schaffer

NIST Special Publication (SP) 800-140E replaces the approved authentication mechanism requirements of ISO/IEC 19790 Annex E. As a validation authority, the Cryptographic Module Validation Program (CMVP) may supersede this Annex in its entirety with its own

CMVP Approved Non-Invasive Attack Mitigation Test Metrics: CMVP Validation Authority Updates to ISO/IEC 24759:2017

March 20, 2020

Author(s)

Kim B. Schaffer

NIST Special Publication (SP) 800-140F replaces the approved non-invasive attack mitigation test metric requirements of ISO/IEC 19790 Annex F. As a validation authority, the Cryptographic Module Validation Program (CMVP) may supersede this Annex in its

CMVP Approved Security Functions: CMVP Validation Authority Updates to ISO/IEC 24759

March 20, 2020

Author(s)

Kim B. Schaffer

NIST Special Publication (SP) 800-140C replaces the approved security functions of ISO/IEC 19790 Annex C. As a validation authority, the Cryptographic Module Validation Program (CMVP) may supersede this Annex in its entirety. This document supersedes ISO

CMVP Approved Sensitive Security Parameter Generation and Establishment Methods: CMVP Validation Authority Updates to ISO/IEC 24759:2017(E)

March 20, 2020

Author(s)

Kim B. Schaffer

NIST Special Publication (SP) 800-140D replaces the approved sensitive security parameter generation and establishment methods requirements of ISO/IEC 19790 Annex D. As a validation authority, the Cryptographic Module Validation Program (CMVP) may

CMVP Documentation Requirements:CMVP Validation Authority Updates to ISO/IEC 24759

March 20, 2020

Author(s)

Kim B. Schaffer

NIST Special Publication (SP) 800-140A modifies the vendor documentation requirements of ISO/IEC 19790 Annex A. As a validation authority, the Cryptographic Module Validation Program (CMVP) may modify, add or delete Vendor Evidence (VE) and/or Test

CMVP Security Policy Requirements: CMVP Validation Authority Updates to ISO/IEC 24759 and ISO/IEC 19790 Annex B

March 20, 2020

Author(s)

Kim B. Schaffer

NIST Special Publication (SP) 800-140B is to be used in conjunction with ISO/IEC 19790 Annex B and ISO/IEC 24759 6.14. The special publication modifies only those requirements identified in this document. SP 800-140B also specifies the content of the

FIPS 140-3 Derived Test Requirements (DTR):CMVP Validation Authority Updates to ISO/IEC 24759

March 20, 2020

Author(s)

Kim B. Schaffer

NIST Special Publication (SP) 800-140 specifies the Derived Test Requirements (DTR) for Federal Information Processing Standard (FIPS) 140-3. SP 800-140 modifies the test (TE) and vendor (VE) evidence requirements of International Organization for

Rethinking Authentication

November 11, 2019

Author(s)

Kim B. Schaffer

In today's environment, there is little doubt that companies, organizations, and governments must make significant investments in developing, implementing, and supporting authentication for their digital systems. Perhaps because of this, an organization's

FIPS 140-3 Adopts ISO/IEC Standards

May 20, 2019

Author(s)

Kim B. Schaffer

This bulletin summarizes the information found in FIPS 140-3: Security Requirements for Cryptographic Modules which is applicable to all federal agencies that use cryptographic-based security systems to provide adequate information security for all agency

Search Publications by: