Important News:SafeLogic's CryptoComply Achieves FIPS 140-3 Validation for 28 OEs and Receives Certificate #4781! Read the blog post!
The SafeLogic Blog
FIPS 140-3 Day!
September 23, 2020 •Walt Paley
Yesterday was quite the day. September 22, 2020.
It was the Autumnal Equinox - happy fall! It was also Ray Potter's speaking session at the virtual International Cryptographic Module Conference (ICMC 2020), and I'll post more on that soon. Most importantly, it was the day that NIST's Cryptographic Module Validation Program (CMVP) began FIPS 140-3 validation testing!
Like Y2K before it, FIPS 140-3 Day went off without the world melting down.
CMVP has had quite the backlog of validations recently. By most reports it has been around 9 months or so for a new FIPS certificate, due to dividing resources between preparations for 140-3 and the existing workload for 140-2. The deprecation of 186-2 on September 1, 2020 required significant attention as well. NIST confirmed today that FIPS 140-3 submissions will feed into the same queue, so there will be no shortcuts and the 9 month wait will still apply. Hopefully that will ease up, as some of the burden gets passed from CMVP to the labs and vendors who take on the unenviable role of guinea pigs for the first validations. Sure, it would be fun to be the first FIPS 140-3 validated module, but such a headache! As Ray blogged last year, there is plenty of time.
SafeLogic will be addressing it as we always do - methodically, strategically, and pragmatically - so that our customers and partners can reap the benefits of our expertise.
We will have more details to share on our roadmap soon, but in the meantime, do take a minute and refer to the transition calendar below and note how early we remain in the process. Our customers will continue to enjoy the effortless maintenance and support of their FIPS 140-2 validations for years to come, and we will continue to offer RapidCert validations for our existing modules right up until the last day of testing on September 22, 2021, unless conditions change.
[Update - conditions DID change! RapidCerts from SafeLogic will be continued to be allowed and processed past the testing deadline for FIPS 140-2!]
Walt Paley
Walter Paley is the VP of Communications for SafeLogic. He is responsible for strategy, content, marketing, and outreach. Walt has worked with a series of start-ups and companies in growth stages, including Nukona (acquired by Symantec), Qubole, Bitzer Mobile (acquired by Oracle), and TigerText, among others. An Alumnus of the psychology program at UC San Diego, Walt lives in Southern California with his wife, kids, and their black lab, Echo.
Popular Posts
Search for posts
Tags
- FIPS 140 (112)
- FIPS validation (85)
- Encryption (70)
- cryptography (68)
- NIST (62)
- CryptoComply (60)
- SafeLogic (58)
- Industry News (54)
- cryptographic module (51)
- Conversations (49)
- CMVP (48)
- RapidCert (46)
- compliance (41)
- Ray Potter (33)
- SafeLogic News (33)
- Event (27)
- federal (27)
- CAVP (23)
- Cybersecurity (23)
- FIPS 140-3 (19)
- OpenSSL (16)
- government (14)
- FedRAMP (13)
- CryptoCompact (12)
- Cryptology (12)
- DoD (12)
- RSA (12)
- healthcare (12)
- partners (12)
- post-quantum cryptography (12)
- NSA (11)
- PQC (10)
- Cloud (9)
- security (9)
- CMMC (8)
- Suite B (8)
- testing (8)
- whitepaper (8)
- Approved Products List (APL) (6)
- HITECH (6)
- ICMC (6)
- lab (6)
- CEO (5)
- NIST 800-171 (5)
- NIST 800-53 (5)
- OpenSSL 3.0 (5)
- iOS (5)
- procurement (5)
- C3PAO (4)
- Common Criteria (4)
- HITECH Act (4)
- OpenSSL 3.x (4)
- TLS 1.3 (4)
- deadline (4)
- encrypt (4)
- innovation (4)
- procure (4)
- public sector (4)
- Air Force (3)
- BSAFE (3)
- DFARS (3)
- HIPAA Safe Harbor (3)
- HITECH Safe Harbor (3)
- OpenSSL 1.1.1 (3)
- POA&M (3)
- magazine (3)
- queue (3)
- transition (3)
- 3PAO (2)
- ACVP (2)
- BAA (2)
- CIO (2)
- CSP (2)
- Cyber Defense Magazine (2)
- Defense Industrial Base (2)
- HIPAA security controls (2)
- Historical Status (2)
- MFA (2)
- OpenSSL 1.0.2 (2)
- SPRS (2)
- StateRAMP (2)
- entropy (2)
- excellence (2)
- finance (2)
- founder (2)
- gold (2)
- leader (2)
- maturity (2)
- overlap (2)
- pilot (2)
- rsa conference (2)
- solution (2)
- sponsors (2)
- sunset (2)
- vendor (2)
- year (2)
- Active Status (1)
- Alliance for Digital Innovation (1)
- Android (1)
- CIO Prime Views (1)
- DHS (1)
- DIU (1)
- DIUx (1)
- DOJ (1)
- DoDIN APL (1)
- Entropy Source Validation (1)
- FCA (1)
- FIPS Compliance (1)
- FISMA (1)
- GSA (1)
- HITRUST (1)
- Matt Cornelius (1)
- Matthew Cornelius (1)
- Maturity Model (1)
- NCCoE (1)
- OMB (1)
- SLED (1)
- SP800-131A (1)
- SP800-90A (1)
- TLS 1.1 (1)
- background (1)
- best (1)
- co-founder (1)
- codies (1)
- congress (1)
- cybertech (1)
- education (1)
- elliptic curve cryptography (1)
- extended (1)
- faq (1)
- fintech (1)
- fiscal (1)
- fiscal year (1)
- fraud (1)
- globee (1)
- hill (1)
- interview (1)
- kratos (1)
- libgcrypt (1)
- national cybersecurity strategy (1)
- opportunities (1)
- parallel (1)
- profile (1)
- public (1)
- representatives (1)
- reseller (1)
- senate (1)
- senators (1)
- simplify (1)
- state (1)
- stealth mode (1)
- story (1)
- terminology (1)
- trophy (1)
- whistleblower (1)
- whistleblowing (1)