Test Evidence Workstream

Introduction

The structured application of test evidence (TE) filtering proposed by the Test Evidence (TE) Workstream plays a crucial role in streamlining the validation process for cryptographic modules under FIPS 140-3. By leveraging both basic and supplemental filters, the evaluation process ensures that only relevant test evidence is considered, reducing redundancy while maintaining rigorous security standards. This approach enhances efficiency, supports automation, and enables a more scalable validation framework. As the TE Workstream continues refining these methodologies, the integration of well-defined filtering criteria will further strengthen the Cryptographic Module Validation Program (CMVP), improving consistency and accuracy in compliance assessments.

The September 2024 Status Report (https://doi.org/10.6028/NIST.CSWP.37.ipd) of Automation of the NIST Cryptographic Module Validation Program (ACMVP) summarizes the NCCoE ACMVP project, including the deliverables from the TE Workstream. Since the publication of that report, the TE Workstream has been working to complete:

• Test methods for functional testing TEs

• Improvement of TE filtering coverage

The ACMVP TE Workstream is led by Yi Mao of atsec and Shawn Geddis of Katalyst under the NCCoE ACMVP leadership of Murugiah Souppaya and Chris Celi of NIST. The workstream is in debt to the invaluable contributions from Alex Calis of NIST CMVP. The workstream benefited from contributions from the atsec team, including but not limited to Stephan Mueller, Walker Riley, and Swapneela Unkule; the Intertek Acumen Security team led by James Reardon with Chris Bell, Sowndar Gillan Gopi, and Rutwij Kulkarni; the AEGISOLVE team including but not limited to Travis Spann, Javier Martel, Mike McCarl, and Debbie Harrington; Ryan Thomas of Lightship Security; Barry Fussell and Andrew Karcher of Cisco; Alicia Squires and Courtney Maatta of Amazon; Marc Ireland of NXP; Mike Grimm of Microsoft; Ivan Teblin and Blaine Stone of SUSE; and Michael Dimond of the MITRE Corporation.

Test Methods for Functional Testing TEs

The diverse set of cryptographic modules and their varying restrictive operating environments can create challenges in choosing the right approach and selection of an appropriate toolset to capture the evaluation TE. The CMVP provides some limited guidance, but it is necessary to identify which test methods are relevant to the granularity of individual TEs.

Testing Access

There is frequently a challenge in accessing the operational environment for effective testing of a cryptographic module. There are allowances for various methodologies to follow for accommodating these challenges. For any given evaluation, it is assumed by default that the Testing Access used for all TEs is the same; however, any given TE might in fact require an alternate allowed Testing Access method to be used.

The Testing Access methods are as follows:

Physical Testing a module directly by lab personnel within a controlled lab environment.

Remote Testing a module remotely while obtaining the equivalent assurance as if the test were performed at the vendor’s facility.

Observed Testing a module by vendor personnel within a controlled lab environment while lab personnel observe the triggering and responses of the module under test.

Selection Criteria

The challenge is now to assign only the appropriate test methods to each of the identified TEs. Drawing from CMVP, Lab and original vendor expertise, the criteria can be used to refine the test methods to be used for each TE.

Test Methods are the defined techniques which can be utilized while ensuring confidence of capturing actual module operation under real-world conditions yet enabling an efficient evidence gathering workflow. There are a limited set of test method categories to focus on in our pursuit. These test methods can best be described as:

• Debugger: The ability to run or halt the target program using breakpoints, step through code line by line, and display or modify the contents of memory, CPU registers, and stack frames.

• Simulation: Imitates representation of the functioning of one system or process by means of the functioning of another.

• Emulation: Hardware or software that permits programs written for one environment to be run unaltered on another environment.

• Harness: Hardware or software that manipulates an operating environment with the purpose of triggering events and capturing the corresponding responses or results.

• Manual: Action(s) by a user to perform a set of designated steps for the purpose of triggering events and capturing the corresponding responses or results.

• Other: Due to the diversity and complexity of operating environments, the toolset needed to perform the gathering of relevant TE may not fit precisely within the above five test methods. This warrants the need for a catch all method that enables the tester to comprehensively describe the methodology used to capture the TE.

Debugger

There is no clearly articulated interpretation of when and how a Debugger can and should be used. Much of this is drawn from lab empirical evidence.

Simulation and/or Emulation

Drawing from guidance currently provided by CMVP in the Management Manual, dated 12/17/2024, Version 2.3, Labs may apply emulators or simulators depending on the type of testing results to be achieved. There are three broad areas of focus during the testing of a cryptographic module: operational testing of the module at the module’s defined boundary, operational fault induction testing, and algorithm testing.

1. Operational Testing - Emulation or simulation is prohibited for the operational testing of a cryptographic module. Actual testing of the cryptographic module must be performed utilizing the defined ports and interfaces and services that a module provides. A test harness or a modified version to induce an error may be utilized; however, no changes to code or circuitry responsible for the tested response may be made.

2. Operational Fault Induction Testing - An emulator or simulator may be utilized for fault induction to test a cryptographic module’s transition to error states as a complement to the source code review. Rationale must be provided for the applicable TE as to why a method does not exist to induce the actual module into the error state for testing.

3. Algorithm Testing - Algorithm testing utilizing the defined ports and interfaces and services that a module provides is the preferred method. This method most clearly meets the requirements of FIPS 140-3 Implementation Guidance (IG) 2.3.A. If this preferred method is not possible where the module’s defined set of ports,interfaces, and services do not allow access to internal algorithmic engines, two alternative methods may be utilized:

   1. A module may be modified under the supervision of the Cryptographic and Security Testing Laboratory (CSTL) for testing purposes to allow access to the algorithmic engines (e.g., test jig, test API), or

   2. A module simulator may be utilized.

Harness

There is no clearly articulated interpretation of when and how a Test Harness can and should be used. Much of this is drawn from experienced vendors that developed specialized test harnesses around their respective modules and within the restricted operating environments.

Manual

There is no clearly articulated interpretation of when and how a Manual process can and should be used. Much of this is drawn from the need for human interaction to trigger events or an inability to trigger the steps in an automated approach.

Other

As noted earlier, due to the diversity and complexity of operating environments, the toolset needed to perform the gathering of relevant TE may not fit precisely within the above five test methods. Therefore, there is a need for a catch all method that enables the tester to comprehensively describe the methodology used to capture the TE.

Test Methods Allowed

The following table maps the allowed Test Methods to the grouping of associated TEs for purpose of condensing the resulting table.

TE (TE##.##.##)	Test Method
	Debugger	Simulator	Emulator	Harness	Manual	Other
02.12.01	X	X	X	X	√	√
02.13.03	X	X	X	√	X	√
02.15.03	X	X	X	X	√	√
02.15.05, 02.16.04, 02.17.04	√	X	X	X	√	√
02.16.02, 02.17.02	X	X	X	√	X	√
02.19.02	√	X	X	√	√	√
02.22.02	√	X	X	√	X	√
02.24.02	√	X	X	√	√	√
02.26.03, 02.26.04, 02.26.05, 02.28.01, 02.28.02, 02.30.02	√	X	X	√	X	√
03.01.04, 03.02.01, 03.14.03, 03.15.03, 03.15.04, 03.15.06	√	X	X	√	√	√
03.05.01, 03.05.02	√	X	X	√	√	√
03.06.01, 03.06.02, 03.07.01, 03.07.02, 03.07.04, 03.07.08	√	X	X	√	√	√
03.08.01, 03.08.02	√	√	X	√	√	√
03.09.02, 03.10.02, 03.10.04	√	√	X	√	√	√
03.11.01, 03.11.03	√	X	X	√	√	√
03.13.02	X	X	X	X	√	√
03.18.02, 03.19.02, 03.19.04, 03.20.01, 03.21.01	√	X	X	√	√	√
03.22.01	√	X	X	√	√	√
04.02.02, 04.02.03	√	X	X	√	√	√
04.07.03	√	X	X	√	√	√
04.11.02	√	X	X	√	√	√
04.13.01, 04.13.02, 04.13.03	√	√	√	√	√	√
04.14.02	√	X	X	√	√	√
04.15.01	√	X	X	√	√	√
04.18.01, 04.19.02, 04.19.03, 04.20.01, 04.20.03, 04.21.02, 04.22.02	√	X	X	√	√	√
04.23.01, 04.25.01, 04.25.02, 04.25.03	√	X	X	√	√	√
04.28.01, 04.29.01, 04.32.01, 04.33.01, 04.34.01, 04.35.02, 05.13.08	√	√	√	√	√	√
04.37.02, 04.38.02	√	X	X	√	√	√
04.39.02, 04.39.03, 04.39.04, 04.42.03, 04.42.04	√	X	X	√	√	√
04.43.02, 04.44.02	√	X	X	√	√	√
04.45.02, 04.45.03, 04.47.01, 04.48.01, 04.52.01, 04.54.02, 04.54.03, 04.55.02	√	X	X	√	√	√
04.53.01	√	√	√	√	√	√
04.56.02	√	X	X	√	√	√
04.59.01	√	X	X	√	√	√
05.05.05	√	√	√	√	√	√
05.05.07, 05.06.06, 05.08.01, 05.08.02, 05.11.01, 05.11.02, 05.12.02, 05.13.03, 05.13.04, 05.13.05	√	X	X	√	√	√
05.06.02	√	√	√	√	√	√
05.06.03	√	X	X	√	√	√
05.06.04	√	X	X	√	√	√
05.13.01, 05.13.02	√	X	X	√	√	√
05.13.06	√	X	X	√	√	√
05.15.01, 05.15.02, 05.16.03, 05.17.02	√	X	X	√	√	√
05.20.01	√	√	√	√	√	√
05.23.01	√	√	√	√	√	√
06.05.01, 06.05.02, 06.05.03, 06.06.01, 06.06.02, 06.08.01, 06.08.03	√	√	√	√	√	√
06.06.02, 06.08.03	√	√	√	√	√	√
09.01.02, 09.01.03, 09.02.02, 09.03.02, 09.03.03, 09.14.02, 09.16.03, 09.25.02, 09.27.02	√	X	X	√	√	√
09.21.02, 09.21.03, 09.21.04, 09.22.01	√	X	X	√	√	√
09.24.02	√	X	X	√	√	√
09.28.02, 09.28.03, 09.28.04	√	X	X	√	√	√
09.33.02	√	X	X	√	√	√
09.36.02, 09.37.02	√	X	X	√	√	√
10.07.03, 10.08.03, 10.09.03, 10.10.01, 10.10.02, 10.28.02	√	X	X	√	√	√
10.07.04	√	X	X	√	√	√
10.25.02, 10.27.01	√	X	X	√	√	√
10.35.04	√	√	X	√	√	√
10.53.02, 10.53.03	√	X	X	√	√	√
11.08.06, 11.08.09, 11.11.01	√	X	X	√	√	√
11.13.02	√	X	X	√	√	√
11.28.02, 11.28.03, 11.28.04	√	√	√	√	√	√
11.32.02	√	X	X	√	√	√

Improvement of TE Filtering Coverage

TE filters serve as a pivotal mechanism to streamline the classification and evaluation of TE, ensuring that only relevant and applicable tests are conducted based on specific module characteristics. A proper set of applicable TEs tailored by a given module specification refines the required assessments and optimizes the validation process.

With the growing complexity of cryptographic modules and the need for efficient validation, TE filters are designed to:

• Target Specific Needs: Focus on applicable tests by narrowing down evidence requirements based on module attributes such as type, security level, and operational environment.

• Reduce Redundancy: Minimize repetitive validation steps by filtering out TEs that are not relevant to a given module’s configuration or features.

• Enhance Automation: Support automated workflows by integrating filters into structured JSON schemas, aligning with automation tools like Web Cryptik.

This document delves into the methodologies and criteria for applying TE filters, the implementation of filtering mechanisms, and their role in achieving a more efficient and scalable CMVP. By leveraging these filters, vendors and validators can focus on precise compliance requirements, reducing manual overhead while maintaining robust security standards.

The following table is excerpted from ISO/IEC 19790:2012(2014), which is the base of FIPS 140-3. It provides a structured summary of the FIPS 140-3 security requirements across various requirement areas. It outlines the security levels applicable to each category, specifying the testing expectations and security assurances needed to meet compliance. The table serves as a reference for understanding how different cryptographic module components must align with FIPS 140-3 standards, ensuring consistent evaluation and validation. Each requirement area focuses on distinct security aspects, such as module specifications, authentication mechanisms, physical security, and lifecycle assurance, enabling a comprehensive approach to cryptographic module validation.

Table 1: Summary of FIPS 140-3 Security Requirements

Requirement Area		FIPS 140-3 Security Level
		1	2	3	4
1	General	No security testing requirements (i.e. no TEs)
2	Cryptographic Module Specification	Specification of cryptographic module, cryptographic boundary, approved security functions, and normal and degraded modes of operation. Description of cryptographic module including all hardware, software and firmware components. All services provide status information to indicate when the service utilizes an approved cryptographic algorithm, security function, or process in an approved manner.
3	Cryptographic Module Interfaces	Required and optional interfaces. Specification of all interfaces and of all input and output data paths		Trusted channel
4	Roles, Services and Authentication	Logical separation of required and optional roles and services	Role-based or identity-based operator authentication	Identity-based operator authentication	Multi-factor authentication
5	Software / Firmware Security	Approved integrity technique. Defined SFMI, HFMI and HSMI. Executable code	Approved digital signature or keyed message authentication code-based integrity test	Approved digital signature-based integrity test
6	Operational Environment	Non-modifiable. Limited or Modifiable Control of SSPs	Modifiable. Role-based or discretionary access control. Audit mechanism
7	Physical Security	Production-grade components	Tamper evidence. Opaque covering or enclosure	Tamper detection and response for covers and doors. Strong enclosure or coating. Protection from direct probing EFP or EFT	Tamper detection and response envelope. EFP. Fault injection mitigation
8	Non-Invasive Security	Module is designed to mitigate against non-invasive attacks specified in Annex “F”.
		Documentation and effectiveness of mitigation techniques specified in Annex “F”		Mitigation testing	Mitigation testing
9	Security Parameter Management	Random bit generators, SSP generation, establishment, entry & output, storage & zeroization
		Automated SSP transport or SSP agreement using approved methods
		Manually established SSPs may be entered or output in plaintext form		Manually established SSPs may be entered or output in either encrypted form, via a trusted channel or using split knowledge procedures
10	Self-Tests	Pre-operational: software/firmware integrity, bypass, and critical functions test
		Conditional: cryptographic algorithm, pair-wise consistency, SW/FW loading, manual entry, conditional bypass & critical functions test
11	Life-Cycle Assurance
	Configuration Management	Configuration management system for cryptographic module, components, and documentation. Each uniquely identified and tracked throughout lifecycle		Automated configuration management system
	Design	Module designed to allow testing of all provided security related services
	FSM	Finite State Model
	Development	Annotated source code, schematics or HDL	Software high-level language. Hardware high-level descriptive language		Documentation annotated with pre-conditions upon entry into module components and postconditions expected to be true when components is completed
	Testing	Functional testing		Low-level testing
	Delivery & Operation	Initialization procedures	Delivery procedures		Operator authentication using vendor provided authentication information
	Guidance	Administrator and non-administrator guidance
12	Mitigation of Other Attacks	Specification of mitigation of attacks for which no testable requirements are currently available			Specification of mitigation of attacks with testable requirements

Building on the summary of FIPS 140-3 security requirements in Table 1, Table 2 provides a more granular analysis of the number of security requirements per ISO/IEC 24759:2014(2015), which is a companion document to ISO/IEC 19790 specifying the derived test requirements, across different implementation areas. This table categorizes security requirements based on the module’s type being Software (SW), Firmware (FW), Hardware (HW), SW-HW hybrid (SW-H), or FW-HW hybrid (FW-H), and further differentiates them by security levels. The breakdown facilitates a clearer understanding of the distribution of TE requirements, highlighting how various module implementations align with compliance expectations at each level.

The number of total TEs and percentage of applicable TEs will indicate how many TEs are not applicable. By filtering out these non-applicable TEs with public consensus, the CSTL can more directly perform the required testing.

Table 2: An overview of the number of Security Requirements

Area	Total TEs	Security Level 1					Security Level 2					Security Level 3					Security Level 4
		SW	FW	HW	SW-H	FW-H	SW	FW	HW	SW-H	FW-H	SW	FW	HW	SW-H	FW-H	SW	FW	HW	SW-H	FW-H
2	65	40	45	49	55	60	40	45	49	55	60	40	45	49	55	60	40	45	49	55	60
3	53	41	43	43	43	43	41	43	43	43	43	46	48	52	52	52	47	49	53	53	53
4	74	45	45	45	45	45	63	63	63	63	63	70	70	70	70	70	71	71	71	71	71
5	39	23	23	23	30	30	30	30	29	37	37	32	32	30	39	39	32	32	30	39	39
6	50	10	10	10	10	10	50	50	50	50	50	0	0	0	0	0	0	0	0	0	0
7	82	0	14	14	14	14	0	27	27	27	27	0	69	69	69	69	0	78	78	78	78
8	5	3	3	3	3	3	3	3	3	3	3	4	4	4	4	4	4	4	4	4	4
9	63	44	43	43	44	43	48	47	47	48	47	56	56	56	56	56	57	57	57	57	57
10	74	68	68	68	68	68	68	68	68	68	68	74	74	74	74	74	74	74	74	74	74
11	52	36	36	35	38	38	41	41	41	44	44	44	44	44	47	47	49	49	49	52	52
12	5	2	2	2	2	2	2	2	2	2	2	2	2	2	2	2	5	5	5	5	5
A	1	1	1	1	1	1	1	1	1	1	1	1	1	1	1	1	1	1	1	1	1
B	4	4	4	4	4	4	4	4	4	4	4	4	4	4	4	4	4	4	4	4	4
Total TEs	567	317	337	340	357	361	391	424	427	445	449	373	449	455	473	478	384	469	475	493	498
% Applicable	100	56	59	60	63	64	69	75	75	78	79	66	79	80	83	84	68	83	84	87	88

The Area 2 TEs for a software module from security level 1 through level 4 are listed in Table 3. This area’s requirements are about Cryptographic Module Specification, and they are the same for all four security levels. The unified area 2 requirements are reflected by the numbers of TEs in the red rectangle boxes on Table 2.

The Area 7 TEs for a software module from security level 1 through level 4 are listed in Table 4. The Physical Security requirements in Area 7 are incremental for cryptographic modules from a low security level to a higher level. The numbers of TEs in the green rectangle boxes on Table 2 illustrate this trend.

Table 3 and Table 4 in TEs Impacted by Basic TE Filters serve as examples of how the basic TE Filters work by listing all applicable TEs and non-applicable TEs for a given type of module at any possible security level. A complete set of TE tables elaborating on Table 2 is provided in the Appendix of this status report.

TE Filtering Criteria

The TE Filtering criteria consists of the Module Information and Supplemental Information from the Web-Cryptik as the base. The CMVP provided Module Supplemental Information (V3.0.0 as of 2024-09-04), but this is not currently used to tailor the set of TEs to fit the module under test.

In the CMVP’s Module Supplemental Information (MSI) document, most Supplemental Information questions map to the security assertions (AS), test requirement (TE), implementation guidance (IG), and security policy (SP), but a few questions are not mapped to any of these and are left blank. The list below reflects the CMVP’s current MSI document. The TE Workstream provides a complete mapping of MSI questions to relevant TEs in Table 5: TEs Affected by the Supplemental Filtering Properties.

By reviewing all TEs contained in the Web-Cryptik Br1 v1.0.6, The TE Workstream completed the list of criteria, including the basic filters and supplemental filters, as the following:

• Basic Filters

  • Module Embodiment: Single Chip, Multi-Chip Embedded, Multi-Chip Standalone

  • Module Type: Software, Hardware, Firmware, Software-hybrid, Firmware-hybrid

  • Operational Environment: modifiable, limited, non-modifiable

  • Section Level: Per Table 1, area 6 is not applicable to Level 3 and Level 4

• Supplemental Filters

  • Cryptographic module specification

    • Does the module implement OTAR? - IG D.C

    • Does the module have a non-approved mode? - IG 2.4.A

    • Does the module require initialization steps to operate in the approved mode? - Certificate Caveat and SP

    • Does the module have excluded components? - AS02.13, AS02.14

    • Does the module allow a degraded mode of operation? - AS02.25

    • Does the module have an implementation of PPA or PAI? - IG 2.3.C

    • Does the module contain an embedded or have a bound cryptographic module? - IG 2.3.A

    • Does the module have any critical functions? - AS10.16, AS10.23, AS10.24, AS10.52

    • Is the module a sub-chip implementation? - IG 2.3.B

    • Does the module’s approved mode make use of any non-approved algorithm? - IG 2.4.A

    • Does the module have a non-compliant state?

  • Cryptographic module interfaces

    • Does the module receive any of its input from an external input device? - TE03.05.02, TE03.06.02, TE03.08.02, TE03.11.02

    • Does the module provide any of its output through an external output device? - TE03.05.02, TE03.06.02, TE03.08.02, TE03.11.02

    • Does the module implement a Trusted Channel? - IG 3.4.A

    • Is there a control output interface? - AS03.09, AS03.10

  • Roles, services, and authentication

    • Does the module support concurrent operators? - AS04.02

    • Does the module support any authentication mechanism? - AS04.43-AS04.55

    • Does the module use identity-based authentication?

    • Does the module support role-based authentication?

    • Does the module support multi-factor-based authentication? - AS03.22

    • Does the module have a bypass capability? - AS04.22, AS10.21-AS10.22; AS10.47-AS10.51

    • Is there a maintenance role? - AS04.07

    • Is there a user role? AS04.06

    • Can operators change roles? - AS04.38, AS04.42

    • Does the module support self-initiated cryptographic output? - AS04.23-AS04.26

    • Is default information used for first-time authentication? - AS04.46

    • Does the module support software/firmware loading? - AS04.28-AS04.33, AS05.13

    • Is a complete image replacement supported within software/firmware loading? - AS04.33-AS04.35

  • Software/Firmware security

    • Does the module use a hash or MAC to verify the integrity of its software/firmware? - TE05.05.03

    • Does the module use a digital signature to verify the integrity of its software/firmware? - TE05.05.04

    • Does the module use an EDC for the software/firmware components of a hardware module? - AS05.06

    • Does the module contain any non-reconfigurable memory? - IG 5.A

    • Does the module utilize Open-Source software? - Annex B

  • Operational Environment

    None

  • Physical security

    • Is there a maintenance access interface? - AS07.11-AS07.13, TE11.08.07

    • Are there any ventilation holes or slits? - AS07.20, AS07.25

    • Are there any removable covers/doors? - AS07.22, TE07.39.02, TE07.39.05, AS07.47, TE07.51.02, TE07.51.07, TE07.51.08, AS07.62, TE07.65.02, TE07.65.07, TE07.65.08

    • Are there tamper seals? - IG 7.3.A

    • Are there tamper seals applied by the module user?

    • Does the module implement EFP or EFT mechanisms?

  • Non-invasive security

    None

  • Sensitive security parameters management

    • Does the module support input and/or output of SSPs or other sensitive data? - AS09.13, AS09.18, AS09.19

      • Are there plaintext keys, CSPs or sensitive data output? - AS09.16/AS09.17

      • Does the module support manual/direct entry of SSPs? AS09.15, AS10.42-AS10.46, TE10.46.04

    • Is Split Knowledge Utilized? - AS09.21, AS09.22, AS09.23

    • Is One Time Programmable (OTP) memory used in the module? - IG 9.7.A

  • Self-tests

    None

  • Life-cycle assurance

    • Are there any CVEs related to this module? - IG 11.A

  • Mitigation of Other Attacks

    • Is the module designed to mitigate other attacks?

  • Approved Security Functions

    • Are any non-NIST curves used? - IG C.A

TEs Impacted by Basic TE Filters

To ensure a structured approach to TE filtering, it is necessary to categorize TEs based on the security level and module type. Table 3 presents a detailed breakdown of the TEs applicable to different security levels for software modules, illustrating how filtering criteria refine the validation scope. By segmenting TEs according to security requirements, this table helps streamline the testing process, ensuring that only the relevant test evidence is considered for a given module configuration. This targeted approach enhances efficiency while maintaining rigorous security standards.

Table 3 lists the Area 2 Cryptographic Module Specification TEs for a software module from security level 1 through level 4, and Table 4 lists the Area 7 Physical Security TEs for all four security levels.

Table 3 lists the Area 2 Cryptographic Module Specification TEs for a software module from security level 1 through level 4, and Table 4 lists the Area 7 Physical Security TEs for all four security levels.

Table 3: Area 2 TEs Filtered by Security Level for Software Modules

Sec Lvl	Applicable TEs	Non-Applicable TEs	TEs N/A due to Module Type
1	TE02.03.01, TE02.03.02, TE02.07.01, TE02.07.02, TE02.09.01, TE02.10.01, TE02.10.02, TE02.11.01, TE02.11.02, TE02.12.01, TE02.13.01, TE02.13.02, TE02.13.03, TE02.14.01, TE02.16.01, TE02.16.02, TE02.16.03, TE02.16.04, TE02.16.05, TE02.19.01, TE02.19.02, TE02.20.01, TE02.20.02, TE02.20.03, TE02.20.04, TE02.21.01, TE02.21.02, TE02.22.01, TE02.22.02, TE02.24.01, TE02.24.02, TE02.26.01, TE02.26.02, TE02.26.03, TE02.26.04, TE02.26.05, TE02.28.01, TE02.28.02, TE02.30.01, TE02.30.02	TE02.15.01, TE02.15.02, TE02.15.03, TE02.15.04, TE02.15.05, TE02.15.06, TE02.15.07, TE02.15.08, TE02.15.09, TE02.15.10, TE02.15.11, TE02.15.12, TE02.15.13, TE02.15.14, TE02.17.01, TE02.17.02, TE02.17.03, TE02.17.04, TE02.17.05, TE02.17.06, TE02.17.07, TE02.17.08, TE02.17.09, TE02.17.10, TE02.18.01	TE02.15.01, TE02.15.02, TE02.15.03, TE02.15.04, TE02.15.05, TE02.15.06, TE02.15.07, TE02.15.08, TE02.15.09, TE02.15.10, TE02.15.11, TE02.15.12, TE02.15.13, TE02.15.14, TE02.17.01, TE02.17.02, TE02.17.03, TE02.17.04, TE02.17.05, TE02.17.06, TE02.17.07, TE02.17.08, TE02.17.09, TE02.17.10, TE02.18.01
2	TE02.03.01, TE02.03.02, TE02.07.01, TE02.07.02, TE02.09.01, TE02.10.01, TE02.10.02, TE02.11.01, TE02.11.02, TE02.12.01, TE02.13.01, TE02.13.02, TE02.13.03, TE02.14.01, TE02.16.01, TE02.16.02, TE02.16.03, TE02.16.04, TE02.16.05, TE02.19.01, TE02.19.02, TE02.20.01, TE02.20.02, TE02.20.03, TE02.20.04, TE02.21.01, TE02.21.02, TE02.22.01, TE02.22.02, TE02.24.01, TE02.24.02, TE02.26.01, TE02.26.02, TE02.26.03, TE02.26.04, TE02.26.05, TE02.28.01, TE02.28.02, TE02.30.01, TE02.30.02	TE02.15.01, TE02.15.02, TE02.15.03, TE02.15.04, TE02.15.05, TE02.15.06, TE02.15.07, TE02.15.08, TE02.15.09, TE02.15.10, TE02.15.11, TE02.15.12, TE02.15.13, TE02.15.14, TE02.17.01, TE02.17.02, TE02.17.03, TE02.17.04, TE02.17.05, TE02.17.06, TE02.17.07, TE02.17.08, TE02.17.09, TE02.17.10, TE02.18.01	TE02.15.01, TE02.15.02, TE02.15.03, TE02.15.04, TE02.15.05, TE02.15.06, TE02.15.07, TE02.15.08, TE02.15.09, TE02.15.10, TE02.15.11, TE02.15.12, TE02.15.13, TE02.15.14, TE02.17.01, TE02.17.02, TE02.17.03, TE02.17.04, TE02.17.05, TE02.17.06, TE02.17.07, TE02.17.08, TE02.17.09, TE02.17.10, TE02.18.01
3	TE02.03.01, TE02.03.02, TE02.07.01, TE02.07.02, TE02.09.01, TE02.10.01, TE02.10.02, TE02.11.01, TE02.11.02, TE02.12.01, TE02.13.01, TE02.13.02, TE02.13.03, TE02.14.01, TE02.16.01, TE02.16.02, TE02.16.03, TE02.16.04, TE02.16.05, TE02.19.01, TE02.19.02, TE02.20.01, TE02.20.02, TE02.20.03, TE02.20.04, TE02.21.01, TE02.21.02, TE02.22.01, TE02.22.02, TE02.24.01, TE02.24.02, TE02.26.01, TE02.26.02, TE02.26.03, TE02.26.04, TE02.26.05, TE02.28.01, TE02.28.02, TE02.30.01, TE02.30.02	TE02.15.01, TE02.15.02, TE02.15.03, TE02.15.04, TE02.15.05, TE02.15.06, TE02.15.07, TE02.15.08, TE02.15.09, TE02.15.10, TE02.15.11, TE02.15.12, TE02.15.13, TE02.15.14, TE02.17.01, TE02.17.02, TE02.17.03, TE02.17.04, TE02.17.05, TE02.17.06, TE02.17.07, TE02.17.08, TE02.17.09, TE02.17.10, TE02.18.01	TE02.15.01, TE02.15.02, TE02.15.03, TE02.15.04, TE02.15.05, TE02.15.06, TE02.15.07, TE02.15.08, TE02.15.09, TE02.15.10, TE02.15.11, TE02.15.12, TE02.15.13, TE02.15.14, TE02.17.01, TE02.17.02, TE02.17.03, TE02.17.04, TE02.17.05, TE02.17.06, TE02.17.07, TE02.17.08, TE02.17.09, TE02.17.10, TE02.18.01
4	TE02.03.01, TE02.03.02, TE02.07.01, TE02.07.02, TE02.09.01, TE02.10.01, TE02.10.02, TE02.11.01, TE02.11.02, TE02.12.01, TE02.13.01, TE02.13.02, TE02.13.03, TE02.14.01, TE02.16.01, TE02.16.02, TE02.16.03, TE02.16.04, TE02.16.05, TE02.19.01, TE02.19.02, TE02.20.01, TE02.20.02, TE02.20.03, TE02.20.04, TE02.21.01, TE02.21.02, TE02.22.01, TE02.22.02, TE02.24.01, TE02.24.02, TE02.26.01, TE02.26.02, TE02.26.03, TE02.26.04, TE02.26.05, TE02.28.01, TE02.28.02, TE02.30.01, TE02.30.02	TE02.15.01, TE02.15.02, TE02.15.03, TE02.15.04, TE02.15.05, TE02.15.06, TE02.15.07, TE02.15.08, TE02.15.09, TE02.15.10, TE02.15.11, TE02.15.12, TE02.15.13, TE02.15.14, TE02.17.01, TE02.17.02, TE02.17.03, TE02.17.04, TE02.17.05, TE02.17.06, TE02.17.07, TE02.17.08, TE02.17.09, TE02.17.10, TE02.18.01	TE02.15.01, TE02.15.02, TE02.15.03, TE02.15.04, TE02.15.05, TE02.15.06, TE02.15.07, TE02.15.08, TE02.15.09, TE02.15.10, TE02.15.11, TE02.15.12, TE02.15.13, TE02.15.14, TE02.17.01, TE02.17.02, TE02.17.03, TE02.17.04, TE02.17.05, TE02.17.06, TE02.17.07, TE02.17.08, TE02.17.09, TE02.17.10, TE02.18.01

While Table 3 focuses on the impact of TE filtering for software modules, the filtering criteria must also be applied to hardware-based implementations. Table 4 extends this analysis by examining TEs specific to single-chip hardware modules, mapping the applicable security requirements to different security levels. This comparison highlights the distinctions in validation approaches between software and hardware modules, ensuring that the filtering process remains consistent and comprehensive across various module types.

Table 4: Area 7 TEs Filtered by Security Level for Single Chip Hardware Modules

Sec Lvl	Applicable TEs	Non-Applicable TEs	TEs N/A due to Module Type/Embodiment
N/A		TE07.01.01, TE07.01.02, TE07.09.01, TE07.09.02, TE07.10.01, TE07.10.02, TE07.11.01, TE07.11.02, TE07.12.01, TE07.13.01, TE07.15.01, TE07.15.02, TE07.19.01, TE07.20.01, TE07.25.01, TE07.26.01, TE07.26.02, TE07.27.01, TE07.32.01, TE07.33.01, TE07.35.01, TE07.37.01, TE07.37.02, TE07.37.03, TE07.39.01, TE07.39.02, TE07.39.03, TE07.39.04, TE07.39.05, TE07.39.06, TE07.41.01, TE07.41.02, TE07.42.01, TE07.42.02, TE07.43.01, TE07.44.01, TE07.45.01, TE07.45.02, TE07.46.01, TE07.47.01, TE07.47.02, TE07.48.01, TE07.48.02, TE07.50.01, TE07.50.02, TE07.50.03, TE07.51.01, TE07.51.02, TE07.51.03, TE07.51.04, TE07.51.05, TE07.51.06, TE07.51.07, TE07.51.08, TE07.51.09, TE07.53.01, TE07.55.01, TE07.57.01, TE07.58.01, TE07.60.01, TE07.62.01, TE07.63.01, TE07.65.01, TE07.65.02, TE07.65.03, TE07.65.04, TE07.65.05, TE07.65.06, TE07.65.07, TE07.65.08, TE07.65.09, TE07.67.01, TE07.71.01, TE07.71.02, TE07.73.01, TE07.77.01, TE07.77.02, TE07.77.03, TE07.77.04, TE07.81.01, TE07.81.02, TE07.81.03
1	TE07.01.01, TE07.01.02, TE07.09.01, TE07.09.02, TE07.10.01, TE07.10.02, TE07.11.01, TE07.11.02, TE07.12.01, TE07.13.01, TE07.15.01, TE07.15.02	TE07.19.01, TE07.20.01, TE07.25.01, TE07.26.01, TE07.26.02, TE07.27.01, TE07.32.01, TE07.33.01, TE07.35.01, TE07.37.01, TE07.37.02, TE07.37.03, TE07.39.01, TE07.39.02, TE07.39.03, TE07.39.04, TE07.39.05, TE07.39.06, TE07.41.01, TE07.41.02, TE07.42.01, TE07.42.02, TE07.43.01, TE07.44.01, TE07.45.01, TE07.45.02, TE07.46.01, TE07.47.01, TE07.47.02, TE07.48.01, TE07.48.02, TE07.50.01, TE07.50.02, TE07.50.03, TE07.51.01, TE07.51.02, TE07.51.03, TE07.51.04, TE07.51.05, TE07.51.06, TE07.51.07, TE07.51.08, TE07.51.09, TE07.53.01, TE07.55.01, TE07.57.01, TE07.58.01, TE07.60.01, TE07.62.01, TE07.63.01, TE07.65.01, TE07.65.02, TE07.65.03, TE07.65.04, TE07.65.05, TE07.65.06, TE07.65.07, TE07.65.08, TE07.65.09, TE07.67.01, TE07.71.01, TE07.71.02, TE07.73.01, TE07.77.01, TE07.77.02, TE07.77.03, TE07.77.04, TE07.81.01, TE07.81.02, TE07.81.03	TE07.43.01, TE07.60.01
2	TE07.01.01, TE07.01.02, TE07.09.01, TE07.09.02, TE07.10.01, TE07.10.02, TE07.11.01, TE07.11.02, TE07.12.01, TE07.13.01, TE07.15.01, TE07.15.02, TE07.19.01, TE07.20.01, TE07.35.01	TE07.25.01, TE07.26.01, TE07.26.02, TE07.27.01, TE07.32.01, TE07.33.01, TE07.37.01, TE07.37.02, TE07.37.03, TE07.39.01, TE07.39.02, TE07.39.03, TE07.39.04, TE07.39.05, TE07.39.06, TE07.41.01, TE07.41.02, TE07.42.01, TE07.42.02, TE07.43.01, TE07.44.01, TE07.45.01, TE07.45.02, TE07.46.01, TE07.47.01, TE07.47.02, TE07.48.01, TE07.48.02, TE07.50.01, TE07.50.02, TE07.50.03, TE07.51.01, TE07.51.02, TE07.51.03, TE07.51.04, TE07.51.05, TE07.51.06, TE07.51.07, TE07.51.08, TE07.51.09, TE07.53.01, TE07.55.01, TE07.57.01, TE07.58.01, TE07.60.01, TE07.62.01, TE07.63.01, TE07.65.01, TE07.65.02, TE07.65.03, TE07.65.04, TE07.65.05, TE07.65.06, TE07.65.07, TE07.65.08, TE07.65.09, TE07.67.01, TE07.71.01, TE07.71.02, TE07.73.01, TE07.77.01, TE07.77.02, TE07.77.03, TE07.77.04, TE07.81.01, TE07.81.02, TE07.81.03	TE07.43.01, TE07.44.01, TE07.45.01, TE07.45.02, TE07.46.01, TE07.47.01, TE07.47.02, TE07.48.01, TE07.48.02, TE07.60.01, TE07.62.01, TE07.63.01
3	TE07.01.01, TE07.01.02, TE07.09.01, TE07.09.02, TE07.10.01, TE07.10.02, TE07.11.01, TE07.11.02, TE07.12.01, TE07.13.01, TE07.15.01, TE07.15.02, TE07.19.01, TE07.20.01, TE07.25.01, TE07.26.01, TE07.26.02, TE07.27.01, TE07.35.01, TE07.37.01, TE07.37.02, TE07.37.03, TE07.39.01, TE07.39.02, TE07.39.03, TE07.39.04, TE07.39.05, TE07.39.06, TE07.73.01, TE07.77.01, TE07.77.02, TE07.77.03, TE07.77.04, TE07.81.01, TE07.81.02, TE07.81.03	TE07.32.01, TE07.33.01, TE07.41.01, TE07.41.02, TE07.42.01, TE07.42.02, TE07.43.01, TE07.44.01, TE07.45.01, TE07.45.02, TE07.46.01, TE07.47.01, TE07.47.02, TE07.48.01, TE07.48.02, TE07.50.01, TE07.50.02, TE07.50.03, TE07.51.01, TE07.51.02, TE07.51.03, TE07.51.04, TE07.51.05, TE07.51.06, TE07.51.07, TE07.51.08, TE07.51.09, TE07.53.01, TE07.55.01, TE07.57.01, TE07.58.01, TE07.60.01, TE07.62.01, TE07.63.01, TE07.65.01, TE07.65.02, TE07.65.03, TE07.65.04, TE07.65.05, TE07.65.06, TE07.65.07, TE07.65.08, TE07.65.09, TE07.67.01, TE07.71.01, TE07.71.02	TE07.43.01, TE07.44.01, TE07.45.01, TE07.45.02, TE07.46.01, TE07.47.01, TE07.47.02, TE07.48.01, TE07.48.02, TE07.50.01, TE07.50.02, TE07.50.03, TE07.51.01, TE07.51.02, TE07.51.03, TE07.51.04, TE07.51.05, TE07.51.06, TE07.51.07, TE07.51.08, TE07.51.09, TE07.60.01, TE07.62.01, TE07.63.01, TE07.65.01, TE07.65.02, TE07.65.03, TE07.65.04, TE07.65.05, TE07.65.06, TE07.65.07, TE07.65.08, TE07.65.09
4	TE07.01.01, TE07.01.02, TE07.09.01, TE07.09.02, TE07.10.01, TE07.10.02, TE07.11.01, TE07.11.02, TE07.12.01, TE07.13.01, TE07.15.01, TE07.15.02, TE07.19.01, TE07.20.01, TE07.25.01, TE07.26.01, TE07.26.02, TE07.27.01, TE07.32.01, TE07.33.01, TE07.35.01, TE07.37.01, TE07.37.02, TE07.37.03, TE07.39.01, TE07.39.02, TE07.39.03, TE07.39.04, TE07.39.05, TE07.39.06, TE07.41.01, TE07.41.02, TE07.42.01, TE07.42.02, TE07.77.01, TE07.77.02, TE07.77.03, TE07.77.04	TE07.43.01, TE07.44.01, TE07.45.01, TE07.45.02, TE07.46.01, TE07.47.01, TE07.47.02, TE07.48.01, TE07.48.02, TE07.50.01, TE07.50.02, TE07.50.03, TE07.51.01, TE07.51.02, TE07.51.03, TE07.51.04, TE07.51.05, TE07.51.06, TE07.51.07, TE07.51.08, TE07.51.09, TE07.53.01, TE07.55.01, TE07.57.01, TE07.58.01, TE07.60.01, TE07.62.01, TE07.63.01, TE07.65.01, TE07.65.02, TE07.65.03, TE07.65.04, TE07.65.05, TE07.65.06, TE07.65.07, TE07.65.08, TE07.65.09, TE07.67.01, TE07.71.01, TE07.71.02, TE07.73.01, TE07.81.01, TE07.81.02, TE07.81.03	TE07.43.01, TE07.44.01, TE07.45.01, TE07.45.02, TE07.46.01, TE07.47.01, TE07.47.02, TE07.48.01, TE07.48.02, TE07.50.01, TE07.50.02, TE07.50.03, TE07.51.01, TE07.51.02, TE07.51.03, TE07.51.04, TE07.51.05, TE07.51.06, TE07.51.07, TE07.51.08, TE07.51.09, TE07.53.01, TE07.55.01, TE07.57.01, TE07.58.01, TE07.60.01, TE07.62.01, TE07.63.01, TE07.65.01, TE07.65.02, TE07.65.03, TE07.65.04, TE07.65.05, TE07.65.06, TE07.65.07, TE07.65.08, TE07.65.09, TE07.67.01, TE07.71.01, TE07.71.02

TE Impacted by Supplemental TE Filters

In addition to the basic TE filtering criteria, supplemental filters further refine the selection of applicable test evidence based on specific module properties and security features. Table 5 highlights the TEs affected by these supplemental filtering properties, which include factors such as authentication mechanisms, cryptographic output capabilities, tamper response measures, and other specialized security attributes. By applying these filters, the validation process can be optimized to focus on the most relevant security assurances while reducing redundant or inapplicable tests. This targeted approach enhances the efficiency and accuracy of the TE selection process.

Table 5: TEs Affected by the Supplemental Filtering Properties

Filter Property	Include If True	Exclude If False	Number of Affected TEs
Has Excluded Components		TE02.13.01, TE02.13.02, TE02.13.03, TE02.14.01, TE02.15.05, TE02.16.04, TE02.17.04	7
Has EFP		TE07.77.01, TE07.77.02, TE07.77.03, TE07.77.04	4
Uses Split Knowledge		TE09.21.01, TE09.21.02, TE09.21.03, TE09.21.04, TE09.22.01, TE09.23.01, TE09.23.02, TE09.23.04, TE09.24.01	9
Allows Self-Initiated Cryptographic Output		TE04.23.01, TE04.25.01, TE04.25.02, TE04.25.03	4
Supports Bypass Capability		TE04.18.01, TE04.19.01, TE04.19.02, TE04.19.03, TE04.20.01, TE04.20.02, TE04.20.03, TE04.21.01, TE04.21.02, TE04.22.01, TE04.22.02, TE10.21.01, TE10.21.02, TE10.21.03, TE10.21.04, TE10.22.01, TE10.22.02, TE10.22.03, TE10.22.04, TE10.22.05, TE10.48.01, TE10.48.02, TE10.48.03, TE10.49.01, TE10.49.02, TE10.49.03, TE10.51.01, TE10.51.02, TE10.51.03	29
Has Identity-Based Authentication		TE03.20.01, TE04.39.01, TE04.39.02, TE04.39.03, TE04.39.04, TE04.42.01, TE04.42.02, TE04.42.03, TE04.42.04, TE09.22.01	10
Provides Maintenance Access Interface	TE07.50.03	TE07.11.01, TE07.11.02, TE07.12.01, TE07.13.01, TE07.51.07, TE07.51.08, TE07.65.02, TE07.65.07, TE07.65.08, TE11.08.07	11
Uses EDC		TE05.06.02, TE05.07.01	2
Supports Manual SSP Entry		TE09.14.01, TE09.14.02, TE10.46.01, TE10.46.02, TE10.46.03, TE10.46.04	6
Supports Concurrent Operators		TE04.02.01, TE04.02.02, TE04.02.03	3
Supports Software Firmware Loading		TE04.28.01, TE04.29.01, TE04.32.01, TE04.34.01, TE05.13.01, TE05.13.02, TE05.13.03, TE05.13.04, TE05.13.05, TE05.13.06, TE05.13.07, TE05.13.08	12
Supports Complete Image Replacement		TE04.33.01, TE04.35.01, TE04.35.02	3
Uses Hash MAC Integrity		TE05.05.03	1
Has Control Output		TE03.09.01, TE03.09.02, TE03.10.01, TE03.10.02, TE03.10.03, TE03.10.04, TE03.10.05	7
Has Ventilation or Slits		TE07.20.01, TE07.25.01	2
Has EDC		TE10.46.02, TE10.46.03	2
Has External Input Device		TE03.05.02, TE03.08.02	2
Has User Role		TE04.06.01	1
Has External Output Device		TE03.06.02, TE03.11.02	2
Has Removable Cover	TE07.50.03	TE07.13.01, TE07.20.01, TE07.25.01, TE07.39.02, TE07.39.05, TE07.47.01, TE07.47.02, TE07.48.01, TE07.48.02, TE07.51.02, TE07.51.07, TE07.51.08, TE07.62.01, TE07.63.01, TE07.65.02, TE07.65.07, TE07.65.08	18
Outputs Sensitive Data as Plaintext		TE09.16.01, TE09.16.02, TE09.16.03	3
Has Critical Functions		TE10.24.01, TE10.24.02	2
Uses Authentication		TE04.43.01, TE04.43.02, TE04.44.01, TE04.44.02, TE04.45.01, TE04.45.02, TE04.45.03, TE04.47.01, TE04.48.01, TE04.50.01, TE04.50.02, TE04.51.01, TE04.51.02, TE04.52.01, TE04.53.01, TE04.54.01, TE04.54.02, TE04.54.03, TE04.55.01, TE04.55.02	20
Uses Role-Based Authentication		TE04.37.01, TE04.37.02, TE04.38.01, TE04.38.02	4
Has Default Authentication Data		TE04.45.03	1
Has Degraded Mode		TE02.26.01, TE02.26.02, TE02.26.03, TE02.26.04, TE02.26.05, TE02.28.01, TE02.28.02, TE02.30.01, TE02.30.02	9
Has EFT		TE07.81.01, TE07.81.02, TE07.81.03	3
Has Trusted Channel		TE03.16.01, TE03.18.01, TE03.18.02, TE03.19.01, TE03.19.02, TE03.19.03, TE03.19.04, TE03.20.01, TE03.21.01, TE03.22.01, TE09.21.01, TE09.21.04	12
Uses Multi-Factor Authentication		TE04.59.01, TE09.24.01, TE09.24.02	3
Allows Operator to Change Roles		TE04.38.01, TE04.38.02, TE04.42.01, TE04.42.02, TE04.42.03, TE04.42.04	6
Uses Digital Signature Integrity		TE05.05.04	1
Has Maintenance Role		TE04.07.01, TE04.07.02, TE04.07.03	3
Has Additional Mitigations		TE12.01.01, TE12.02.01, TE12.04.01, TE12.04.02, TE12.04.03	5
Supports Sensitive Data I/O		TE09.13.01, TE09.13.02, TE09.13.03, TE09.18.01, TE09.18.02, TE09.19.01	6
Has Tamper Seals		TE07.27.01, TE07.48.01, TE07.48.02, TE07.63.01	4
Has CVE		TE11.38.03	1
Total number of TEs affected by the supplemental filter properties			192

Note: The total number of the TEs affected by the supplemental filter properties is not the sum of the numbers in the column of “Number of Affected TEs” (i.e., 218) because some TEs are affected by multiple filter properties and so appear multiple times in Table 5: TEs Affected by the Supplemental Filtering Properties.

Removing ASes not separately tested

Some assertions (ASes) are not separately tested, and they do not have associated TEs.

These ASes depend on the completion of other ASes and their TEs. For example: AS05.22 is not separately tested but is instead tested as part of AS05.05. Table 6 highlights ASes that are not separately tested. Since these ASes are conditional in nature, a solution to the problem of these assertions that could be utilized is to use these assertions to further automate the report writing process. In this instance, the AS that is not separately tested could be omitted from the report template provided by the NCCoE ACMVP server if the server will include ASes in addition to TEs.

The TE Workstream does not address the dependency at the TE level (e.g., TE10.28.02 and TE10.34.03) as opposed to the AS level.

Table 6: Assertions (ASs) not separately tested

FIPS 140-3 Section Title	ASes not separately tested
General	N/A
Cryptographic Module Specification	AS02.01, AS02.02, AS02.04, AS02.05, AS02.06, AS02.08, AS02.25, AS02.26, AS02.29, AS02.31, AS02.32
Cryptographic Module Interfaces	AS03.12, AS03.17
Roles, Services, and Authentication	AS04.01, AS04.05, AS04.08, AS04.09, AS04.10, AS04.12, AS04.16, AS04.17, AS04.24, AS04.26, AS04.27, AS04.30, AS04.31, AS04.36, AS04.40, AS04.41, AS04.46, AS04.49, AS04.57, AS04.58
Software/Firmware Security	AS05.01, AS05.03, AS05.09, AS05.10, AS05.14, AS05.18, AS05.19, AS05.21, AS05.22
Operational Environment	AS06.01, AS06.02, AS06.04, AS06.09, AS06.16, AS06.21, AS06.22, AS06.23, AS06.29
Physical Security	AS07.02, AS07.03, AS07.04, AS07.05, AS07.06, AS07.07, AS07.08, AS07.14, AS07.16, AS07.17, AS07.18, AS.07.21, AS07.22, AS07.23, AS07.24, AS07.28, AS07.29, AS07.30, AS07.31, AS07.34, AS07.36, AS07.38, AS07.40, AS07.49, AS07.52, AS07.54, AS07.56, AS07.59, AS07.61, AS07.64, AS07.66, AS07.68, AS07.69, AS07.70, AS07.72, AS07.74, AS07.75, AS07.76, AS07.78, AS07.79, AS07.80, AS07.81, AS07.82, AS07.83, AS07.84, AS07.85, AS07.86
Non-Invasive Security	N/A
Sensitive Security Parameter Management	AS09.11, AS09.12, AS09.15, AS09.17, AS09.20, AS09.26, AS09.30, AS09.34, AS09.35
Self-Tests	AS10.01, AS10.02, AS10.03, AS10.04, AS10.05, AS10.06, AS10.13, AS10.14, AS10.16, AS10.17, AS10.18, AS10.19, AS10.23, AS10.26, AS10.30, AS10.31, AS10.32, AS10.32, AS10.36, AS10.38, AS10.39, AS10.40, AS10.41, AS10.42, AS10.43, AS10.44, AS10.45, AS10.47, AS10.50, AS10.52, AS10.55
Life-Cycle Assurance	AS11.02, AS11.07, AS11.09, AS11.10, AS11.12, AS11.14, AS11.20, AS11.22, AS11.27
Mitigation of Other Attacks	None

Acronyms and Initialisms

ACMVP	Automated Cryptographic Module Validation Project
AS	Assertion
CMVP	Cryptographic Module Validation Program
FIPS	Federal Information Processing Standards
NCCoE	National Cybersecurity Center of Excellence
SP	Security Policy
TE	Test Evidence
VE	Vendor Evidence

Bibliography / Additional References

[1] National Institute of Standards and Technology, “Federal Information Processing Standards Publications (FIPS PUBS) 140-3: Security Requirements for Cryptographic Modules,” 2019. [Online]. Available: https://doi.org/10.6028/NIST.FIPS.140-3.

[2] National Institute of Standards and Technology and Canadian Center for Cyber Security, “Draft FIPS 140-3- Cryptographic Module Validation Program Management Manual, Version 1.1,” July 2022. [Online]. Available: https://csrc.nist.gov/Projects/cryptographic-module-validation-program/cmvp-fips-140-3-management-manual.

[3] National Institute of Standards and Technology and National Cybersecurity Center of Excellence, “Automation of the Cryptographic Module Validation Program,” September 2022. [Online]. Available: https://www.nccoe.nist.gov/automation-nist-cryptographic-module-validation-program.

[4] National Institute of Standards and Technology and Canadian Center for Cyber Security, “FIPS 140-3 Regression Testing Table to Be Upcoming in FIPS 140-3 Management Manual,” NIST, Washington D. C., 2022.

[5] D. Hawes, A. Calis and R. Crombie, “CMVP Security Policy Requirements: CMVP Validation Authority Updates to ISO/IEC 24759 and ISO/IEC 19790 Annex B (2nd Public Draft),” October 2022. [Online]. Available: https://csrc.nist.gov/publications/detail/sp/800-140b/rev-1/draft.

[6] D. Hawes, A. Calis and R. Crombie, “CMVP Security Policy Requirements: CMVP Validation Authority Updates to ISO/IEC 24759 and ISO/IEC 19790 Annex B,” May 2022. [Online]. Available: https://csrc.nist.gov/publications/detail/sp/800-140b/rev-1/archive/2022-05-12.

[7] ISO, ISO/IEC 24759:2017: Information Technology — Security Techniques — Test Requirements for Cryptographic Modules, Geneva, Switzerland: International Organization for Standardization, 2017.

[8] ISO, ISO/IEC 19790:2012: Information Technology — Security Techniques — Security Requirements for Cryptographic Modules, Geneva, Switzerland: International Organization for Standardization, 2012.