You, Me and FIPS 140-3: Open for Business! (L22c)
September 21st, 2020 FIPS 140-3 was officially declared open for business! After years of waiting CMVP are now accepting validations based on ISO/IEC 19790 and ISO/IEC 24759. Building on his presentation from ICCC19, Ryan Thomas of Acumen Security will provide updates and review the NIST SP 800-140 sub-series and FIPS 140-3 Implementation Guidance. Ryan will provide some early lessons learned and address technical requirements which may be problematic to product vendors and potential impacts to Common Criteria evaluations under NIAP and other schemes. Recommendations and advice based on Acumen Security’s extensive FIPS and Common Criteria experience will also be provided.