[cabfpub] Cryptographic module requirement in 6.2.7

Peter Bowen pzb at amzn.com
Sat Feb 27 00:59:04 UTC 2016

Last month, the NIST SP800-131A provision on RNGs went into effect.  This provision essentially says that all cryptographic modes are required to use one these CSPRNG/DRBGs: HASH_DRBG, HMAC_DRBG and CTR_DRBG.

This has resulted in NIST moving many existing cryptographic modules into a “historical category” (http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-historical.htm)

BR 6.2.7 says:

"Private Key Storage on Cryptographic Module 

The CA SHALL protect its Private Key in a system or device that has been validated as meeting at least FIPS 140 level 3 or an appropriate Common Criteria Protection Profile or Security Target, EAL 4 (or higher), which includes requirements to protect the Private Key and other assets against known threats.”

Given this requirement and the move to historical of many HSMs:

1) Is a device listed as “historical” suitable for continued CA key protection for keys already on the device?

2) Is a device listed as “historical” suitable for CA key protection for newly generated keys?

3) Must a device used for CA key protection be configured in “FIPS mode”?

4) Are there any requirements about algorithm validation, such as a requirement that the algorithm used for the keys be listed in the "FIPS Approved algorithms” list for the device and/or have a CAVP certificate?


More information about the Public mailing list