In June, the CMVP utilized a temporary solution to ease the long wait time to complete a cryptographic module validation by issuing interim certificates; these interim certificates are only valid for two years with reduced assurance that results from decreased rigor in reviewing the submitted modules. With the queue situation much improved and a commitment to high assurance, the CMVP plans to resume the normal certification process with the resulting certificates having a 5-year valid period in 2025.
Testing labs are working to meet the December 1st, 2024 interim submission deadline for vendors who already chose this option, but it should be noted that vendors who have not already opted for an interim certificate cannot choose to do so now. After this deadline, the CMVP will no longer accept submissions for interim FIPS 140-3 certifications.
While the interim certification option may be re-visited in the future if such a need arises, the CMVP aims to provide a speedy coordination phase by committing to a seven-day response time, which is much appreciated by labs and vendors. Submissions from 2024 are expected to be reviewed by the CMVP starting January 2025 with an initial rate of 24 reviews per month. We thank the CMVP for making promising improvements to better serve the community.
And to all the validation bodies, vendors, colleagues, and friends in the US that we work with, we hope you have a happy Thanksgiving tomorrow if you celebrate!
