Important News:SafeLogic's CryptoComply Achieves FIPS 140-3 Validation and Receives FIPS 140-3 certificate #4781! Read the blog post!
The SafeLogic Blog
The Transition Is Here: RNGs Disallowed in 2016
January 14, 2016 •Mark Minnoch
Question: I'm hearing rumors that my FIPS 140-2 cryptographic module will be moved to NIST’s Legacy Validation List on January 31, 2016. Is this true?
Answer: The rumors are true for many organizations, unfortunately. If your cryptographic module contains any of the RNGs in FIPS 186-2, ANS X9.31, or ANS X.9.62-1998 on the “FIPS Approved algorithm” list, your certificate will be re-classified and moved to the Legacy Validation List unless it is reaffirmed otherwise. In addition, certificates that have not been updated since 2011 or prior will be relegated to the Legacy List next year, as part of a five year rolling expiration. More on that soon.
The bad news: Federal agencies have been instructed to strictly avoid products that have been moved to this Legacy Validation List. We know that DISA has already contacted technology vendors that are in danger of having their certificates moved to the Legacy Validation List. This is a demonstration of DISA's attention to this issue - they plan to be extremely proactive and solutions that fall out of compliance will not be able to slide under the radar. Every vendor with an RNG included on their FIPS certificate should immediately take action to keep their modules available for procurement.
NIST Special Publication 800-131A has been warning that these RNGs will be “disallowed” in 2016. The SP800-131A publication contains guidance for the use of stronger cryptographic keys and more robust algorithms. Concerns of increasing computing power and possible new attacks, the older RNGs have been dropped by the NIST Cryptographic Technology Group in favor of the newer SP800-90A DRBG algorithms: HASH_DRBG, HMAC_DRBG and CTR_DRBG. Since randomness in generating keying material is essential to strong cryptography, this is a proactive step by NIST to evolve to stronger security solutions for federal agencies.
The good news: SafeLogic customers will not be affected. Our clients will remain on NIST’s Active Validation Lists. Federal agencies will still be allowed to acquire products that are using SafeLogic’s cryptographic modules when enforcement begins on January 31, 2016, due to our strong support team and aggressive updates to ensure compliance. SafeLogic's dedication to certificate maintenance has saved our customers significant time, effort and heartache. With NIST's renewed commitment to keeping the validation list current, maintenance is more crucial than ever before. Neglecting your certificate can quickly render obsolete the product of years of work and significant investment - and that's never a good thing.
Whether you have questions about the RNG transition, want more information on SafeLogic’s drop-in FIPS solutions, or your current validation is being re-classified to the archive list, please contact us. SafeLogic can help!
Now that you know SafeLogic can take care of your FIPS cert, here's some RNG humor to help dissipate that stress:
Mark Minnoch
Mark Minnoch was a Technical Account Manager for SafeLogic.
Popular Posts
Search for posts
Tags
- FIPS 140 (106)
- FIPS validation (85)
- Encryption (70)
- cryptography (68)
- NIST (62)
- CryptoComply (60)
- SafeLogic (58)
- Industry News (54)
- cryptographic module (51)
- Conversations (49)
- CMVP (48)
- RapidCert (46)
- compliance (41)
- Ray Potter (33)
- SafeLogic News (33)
- Event (27)
- federal (27)
- CAVP (23)
- Cybersecurity (23)
- FIPS 140-3 (17)
- #LoveOurCustomers (15)
- OpenSSL (15)
- government (14)
- FedRAMP (13)
- CryptoCompact (12)
- Cryptology (12)
- DoD (12)
- RSA (12)
- compatible (12)
- healthcare (12)
- partners (12)
- NSA (11)
- post-quantum cryptography (10)
- AES (9)
- Apple (9)
- Cloud (9)
- health (9)
- security (9)
- time (9)
- CMMC (8)
- HIPAA (8)
- IoT (8)
- PQC (8)
- Suite B (8)
- hack (8)
- testing (8)
- whitepaper (8)
- client (7)
- constrained devices (7)
- Advisories (6)
- Approved Products List (APL) (6)
- HITECH (6)
- ICMC (6)
- holiday (6)
- lab (6)
- vulnerability (6)
- Acumen (5)
- CEO (5)
- Dual EC DRBG (5)
- Microsoft (5)
- NIST 800-171 (5)
- NIST 800-53 (5)
- OpenSSL 3.0 (5)
- Wes Higaki (5)
- Whit Diffie (5)
- ePHI (5)
- healthIT (5)
- heartbleed (5)
- mHealth (5)
- procurement (5)
- vulnerable (5)
- C3PAO (4)
- Common Criteria (4)
- Google (4)
- Google Glass (4)
- HHS (4)
- HITECH Act (4)
- Mark Minnoch (4)
- deadline (4)
- encrypt (4)
- health IT (4)
- iOS (4)
- innovation (4)
- military (4)
- procure (4)
- public sector (4)
- AFCEA (3)
- Air Force (3)
- BSAFE (3)
- CSE (3)
- DFARS (3)
- DISA (3)
- EMM (3)
- FIPS 186 (3)
- FIPS-approved (3)
- HIMSS (3)
- HIPAA Safe Harbor (3)
- HITECH Safe Harbor (3)
- Implementation Guidance (3)
- Implementation Under Testing (3)
- InfoSec (3)
- NVLAP (3)
- National Institute of Standards and Technology (3)
- OCR (3)
- OpenSSL 1.1.1 (3)
- OpenSSL 3.x (3)
- POA&M (3)
- TLS 1.3 (3)
- competition (3)
- connected (3)
- constrained (3)
- data at rest (3)
- editorial (3)
- forum (3)
- goals (3)
- healthcare IT (3)
- iPhone (3)
- liberty (3)
- magazine (3)
- open source (3)
- patriotic (3)
- privacy (3)
- queue (3)
- revalidation (3)
- software (3)
- speaking (3)
- transition (3)
- vulnerabilities (3)
- 3PAO (2)
- ACVP (2)
- BA (2)
- BAA (2)
- CIO (2)
- CSEC (2)
- CSP (2)
- CoIT (2)
- Coalfire (2)
- Cyber Defense Magazine (2)
- Cyberattack (2)
- DIY (2)
- Defense Industrial Base (2)
- Diffie-Hellman (2)
- ECDH (2)
- EHR (2)
- FBI (2)
- FIPS 197 (2)
- FIPS 199 (2)
- FIPS ready (2)
- FinalCode (2)
- Firefox (2)
- HIPAA security controls (2)
- Historical Status (2)
- IPsec (2)
- IPsec VPN (2)
- Java (2)
- Level 1 (2)
- Level 2 (2)
- Level 3 (2)
- Level 4 (2)
- MFA (2)
- MSFT (2)
- Maribel Lopez (2)
- Module in Process (2)
- NIST 800-111 (2)
- NIST 800-38 (2)
- NSS (2)
- Network Security Services (2)
- OpenSSL 1.0.2 (2)
- RNG (2)
- RSA BSAFE (2)
- RSA Security (2)
- SHA (2)
- SPRS (2)
- SSL (2)
- SSL VPN (2)
- Securonix (2)
- StateRAMP (2)
- Steve Marquess (2)
- Suite A (2)
- TLS (2)
- U.S. (2)
- U.S. Armed Forces (2)
- UK (2)
- US (2)
- US Armed Forces (2)
- USA (2)
- Up (2)
- VPN (2)
- Walt Paley (2)
- backdoor (2)
- benchmark (2)
- code (2)
- competitor (2)
- constrained device (2)
- consultant (2)
- consultants (2)
- consulting (2)
- cost (2)
- cyber terrorism (2)
- data in motion (2)
- developer (2)
- doctor (2)
- entropy (2)
- excellence (2)
- fast (2)
- federal acquisition (2)
- federal procurement (2)
- federal shutdown (2)
- finance (2)
- firmware (2)
- founder (2)
- freedom (2)
- goal (2)
- gold (2)
- guest (2)
- hardware (2)
- hurdle (2)
- hybrid (2)
- iOS 6 (2)
- key management (2)
- leader (2)
- legacy (2)
- mandate (2)
- maturity (2)
- medal (2)
- overlap (2)
- patch (2)
- patches (2)
- patient (2)
- penalties (2)
- pilot (2)
- re-validation (2)
- regulated industry (2)
- research (2)
- rival (2)
- rsa conference (2)
- security breach (2)
- session (2)
- shutdown (2)
- solution (2)
- speed (2)
- sponsors (2)
- startup (2)
- sunset (2)
- support (2)
- team (2)
- technology (2)
- terrorism (2)
- terrorist (2)
- use case (2)
- vendor (2)
- year (2)
- year end (2)
- (ISC)2 (1)
- 21st Century Cures Act (1)
- Active Status (1)
- Alliance for Digital Innovation (1)
- Android (1)
- BYOD (1)
- Brent Cook (1)
- Bruce Schneier (1)
- CCEVS (1)
- CES (1)
- CIO Prime Views (1)
- CIO Story (1)
- CIOstory (1)
- CNET (1)
- CNN (1)
- CNSA (1)
- CNSS (1)
- COTS (1)
- CSF (1)
- CTR_DRBG (1)
- CUI (1)
- Cryptographic Technology Group (1)
- Cryptsoft (1)
- CsfC (1)
- Cupertino (1)
- Cyber Monday (1)
- D-FLIP (1)
- DES (1)
- DHS (1)
- DIU (1)
- DIUx (1)
- DNA (1)
- DOJ (1)
- Daniel Franke (1)
- David Cameron (1)
- David Hook (1)
- DoDIN APL (1)
- EPCS (1)
- Entropy Source Validation (1)
- Erlich Bachman (1)
- Extended Support (1)
- FCA (1)
- FF1 (1)
- FF3 (1)
- FIPS Compliance (1)
- FISMA (1)
- FITARA (1)
- FOM (1)
- FOM 2.0 (1)
- FPE (1)
- FUD (1)
- Fed (1)
- Federal IT Sales Summit (1)
- G.18 (1)
- GCHQ (1)
- GNU (1)
- GNU Project (1)
- GSA (1)
- Gavin Belson (1)
- GnuPG (1)
- GoBe (1)
- HASH_DRBG (1)
- HIIPA (1)
- HIPPA (1)
- HIT (1)
- HITRUST (1)
- HITRUST CSF (1)
- HMAC_DRBG (1)
- Healbe (1)
- Hunter S. Thompson (1)
- IBM (1)
- ICMC 2013 (1)
- ICS (1)
- ICS-ISAC (1)
- IPB (1)
- ISO (1)
- ISO 24759 (1)
- ITexpo West (1)
- ITexpo West 2014 (1)
- Immix (1)
- In Progress (1)
- In Progress List (1)
- Inauguration (1)
- Industrial Control System (1)
- Infogard (1)
- Intel (1)
- Investigatory Powers Bill (1)
- Iron Mountain (1)
- JAR (1)
- JCE (1)
- JITC (1)
- JLTV (1)
- JSSE (1)
- Jack Barker (1)
- KAS (1)
- KBKDF (1)
- LRSB (1)
- Lockheed Martin (1)
- MDMPP (1)
- MDPP (1)
- MIT (1)
- MWC (1)
- Marissa Mayer (1)
- Mark Amtower (1)
- Matt Caswell (1)
- Matt Cornelius (1)
- Matthew Cornelius (1)
- Matthew Green (1)
- Maturity Model (1)
- Michael Leonard (1)
- MicroStrategy (1)
- Microsoft Surface (1)
- Multifactor (1)
- NCCoE (1)
- NCSL (1)
- NSA Suite B (1)
- Northrup Grumman (1)
- OCS (1)
- OMB (1)
- ONC (1)
- OSL (1)
- OSSL 1.1 (1)
- OSSL Foundation (1)
- OVS (1)
- Office 365 (1)
- Pulse Secure (1)
- Q4 (1)
- Quantum Dawn (1)
- Quest (1)
- RAR (1)
- REDCOM (1)
- RFP (1)
- Ralph C. Jensen (1)
- Ralph Jensen (1)
- Readiness Assessment Report (1)
- SLED (1)
- SP (1)
- SP 800-113 (1)
- SP 800-56 (1)
- SP 800-77 (1)
- SP800-131A (1)
- SP800-90A (1)
- SSLv3 (1)
- Sean Kerner (1)
- SecureAuth (1)
- Security B-Sides (1)
- Security Compass (1)
- SecurityToday (1)
- Sergey Brin (1)
- Seth Rosenblatt (1)
- Sethi (1)
- St Regis (1)
- Steve Jobs (1)
- Susan McAndrew (1)
- TLS 1.1 (1)
- TSMC (1)
- Tanuj Gulati (1)
- Theresa May (1)
- Tim Hudson (1)
- U.K. (1)
- U.S. Air Force (1)
- U.S. Marines (1)
- U.S. Military (1)
- U.S. Navy (1)
- US Air Force (1)
- US Army (1)
- US Marines (1)
- US Military (1)
- US Navy (1)
- USMC (1)
- United Kingdom (1)
- United States (1)
- United States of America (1)
- Up24 (1)
- Vectra (1)
- Vectra Networks (1)
- WEST (1)
- WEST 2020 (1)
- WolfSSL (1)
- Yier Jin (1)
- background (1)
- ban (1)
- banish (1)
- banished (1)
- banishment (1)
- banned (1)
- batterygate (1)
- benchmarks (1)
- best (1)
- checkmarks (1)
- chief (1)
- chip (1)
- chipgate (1)
- choice (1)
- choose (1)
- chosen (1)
- cipher (1)
- citizen (1)
- citizenship (1)
- co-founder (1)
- codebase (1)
- codies (1)
- comment period (1)
- compete (1)
- competitive (1)
- competitive advantage (1)
- complaint (1)
- complaints (1)
- concurrent (1)
- congress (1)
- contract (1)
- crime (1)
- criminal (1)
- cryptographer (1)
- cybertech (1)
- data (1)
- data center (1)
- data centers (1)
- data security (1)
- dates (1)
- david hume (1)
- debt ceiling (1)
- decryption (1)
- deploy (1)
- development (1)
- dictionary (1)
- differentiator (1)
- disambiguate (1)
- download (1)
- drones (1)
- eBay (1)
- eBay breach (1)
- eHealth (1)
- eWeek (1)
- editor (1)
- editor-in-chief (1)
- education (1)
- effort (1)
- elliptic curve cryptography (1)
- embedded (1)
- emerging (1)
- engineer (1)
- engineering (1)
- enterprise security (1)
- exhibit (1)
- exhibit hall (1)
- expectations (1)
- expert (1)
- expertise (1)
- experts (1)
- expire (1)
- extended (1)
- fall (1)
- faq (1)
- finalist (1)
- finalists (1)
- financial (1)
- fines (1)
- fintech (1)
- fips inside (1)
- fiscal (1)
- fiscal year (1)
- fitness tracker (1)
- fitness trackers (1)
- fix (1)
- fixes (1)
- flight (1)
- forecast (1)
- format-preserving (1)
- format-preserving encryption (1)
- fraud (1)
- frempetitor (1)
- frempetitors (1)
- frenemies (1)
- frenemy (1)
- furlough (1)
- future (1)
- global (1)
- globee (1)
- glossary (1)
- goose (1)
- gov (1)
- gov't (1)
- guest blog (1)
- guest post (1)
- hashed (1)
- head-to-head (1)
- hill (1)
- hiring freeze (1)
- history (1)
- honor (1)
- honored (1)
- hospital (1)
- human rights (1)
- hume (1)
- humor (1)
- hurdles (1)
- iMessage (1)
- iOS 7 (1)
- iPad (1)
- iToilet (1)
- industry (1)
- intellectual property (1)
- interim final rule (1)
- international (1)
- interview (1)
- issues (1)
- kratos (1)
- launch (1)
- libgcrypt (1)
- malicious (1)
- maverick (1)
- medals (1)
- medical (1)
- medicine (1)
- meek (1)
- mobile security (1)
- mobility (1)
- mocana (1)
- money (1)
- multi-factor (1)
- multi-factor authentication (1)
- musings (1)
- national cybersecurity strategy (1)
- naval aviator (1)
- need for speed (1)
- neglect (1)
- network (1)
- new (1)
- new OSSL (1)
- news (1)
- nominate (1)
- nominated (1)
- nominee (1)
- offload (1)
- opportunities (1)
- opportunity (1)
- outsource (1)
- panel (1)
- parallel (1)
- passwords (1)
- past (1)
- patient data (1)
- philosopher (1)
- philosophy (1)
- piece (1)
- pilots (1)
- plane (1)
- plans (1)
- platinum (1)
- post (1)
- presentation (1)
- priorities (1)
- priority (1)
- prize (1)
- profile (1)
- proposed (1)
- proud (1)
- provider (1)
- public (1)
- public comment (1)
- public comment period (1)
- public list (1)
- quant (1)
- quant self (1)
- quantified (1)
- quantified self (1)
- queue length (1)
- quinquennial (1)
- re-validate (1)
- reflection (1)
- regulations (1)
- representatives (1)
- required (1)
- requirement (1)
- researchers (1)
- reseller (1)
- revalidate (1)
- revenue (1)
- revoke (1)
- revoked (1)
- rights (1)
- rivals (1)
- roadblock (1)
- roadmap (1)
- sales (1)
- salted (1)
- savings (1)
- scalability (1)
- season (1)
- security software (1)
- select (1)
- selected (1)
- selection (1)
- self-driving (1)
- self-driving car (1)
- senate (1)
- senators (1)
- server (1)
- simplify (1)
- smart cars (1)
- smart home (1)
- smart toilet (1)
- smartwatch (1)
- sole-source (1)
- speaking session (1)
- specialization (1)
- stand for (1)
- standards (1)
- start-up (1)
- state (1)
- stealth mode (1)
- stigma (1)
- story (1)
- strategy (1)
- summer (1)
- sunet (1)
- sunset date (1)
- sunsetted (1)
- symposium (1)
- talk (1)
- tech (1)
- technical (1)
- term (1)
- terminology (1)
- terms (1)
- threat detection (1)
- threats (1)
- toilet (1)
- top gun (1)
- training (1)
- trophy (1)
- unicorn (1)
- value (1)
- vendors (1)
- website (1)
- whining (1)
- whistleblower (1)
- whistleblowing (1)
- wifi (1)
- wrap (1)
- wrap-up (1)