FAQGLOBALFIPS 140-3

FIPS 140-3 Vendor affirmation

A grounded answer for teams checking whether a vendor-affirmed algorithm or key-generation method can be used in a FIPS 140-3 module evidence package.

Focuses on CMVP Implementation Guidance, CAVP certificate evidence, Security Policy disclosures, and CSTL review records.

Back to main artifact Review sources

Author

Sorena AI

Published

May 9, 2026

Updated

May 9, 2026

Questions

Structured answer sets in this page tree.

Primary sources

Cited legal and guidance references.

Publication metadata

Sorena AI

Published May 9, 2026

Updated May 9, 2026

Overview

Short answer: treat vendor affirmation as a narrow CMVP Implementation Guidance path, not as a replacement for FIPS 140-3 module validation or required CAVP certificates. Use it only when the applicable IG permits it, then preserve the Security Policy language, CAVP certificate references, CSTL review results, and test-report mapping that support the claim.

Search this module

Find a question or answer quickly

3 of 3 questions

Question 1

When can vendor affirmation be used under FIPS 140-3?

Vendor affirmation is available only for specific cases described in CMVP Implementation Guidance. The clearest HSS example is IG C.O for SP 800-208: HSS can be vendor-affirmed when the implementation performs the required cryptographic algorithm self-tests, the underlying LMS operations have the required CAVP certificates, and the CSTL verifies each supported HSS operation through source-code review.

Do not describe vendor affirmation as a general validation status. The FIPS 140-3 standard says cryptographic modules are validated through CMVP, with testing by accredited CST laboratories, while CAVP addresses approved security function and sensitive security parameter generation and establishment method testing.

Confirm the exact IG section that allows the vendor affirmation claim, such as IG C.O for SP 800-208 HSS or IG D.H for SP 800-133 key generation.
Keep CAVP certificate numbers for the underlying algorithms that the IG requires, including the LMS operations used by an HSS implementation.
Make sure the Security Policy places the claim in the correct table or disclosure location required by the applicable IG.

Citations

CMVP Implementation Guidance for FIPS 140-3

Supports the specific IG C.O conditions for SP 800-208 HSS vendor affirmation, including CASTs, LMS CAVP certificates, CSTL source-code review, Security Policy placement, and transition when CAVP testing becomes available.

NIST FIPS 140-3 security requirements for cryptographic modules

Supports the distinction between CMVP module validation, accredited CST laboratory testing, and the procurement role of validated modules.

NIST CAVP validation search

Public NIST search page for checking algorithm-validation certificate evidence that an IG may require before a vendor-affirmed claim is usable.

Recommended next step

Operationalize FIPS 140-3 vendor-affirmation evidence

Use this FIPS 140-3 FAQ to identify the applicable IG section, required CAVP certificates, Security Policy text, CSTL review records, and transition triggers before relying on a vendor-affirmed claim.

Assessment workflow

Convert the claim into controls

Turn the IG conditions into assigned evidence requests, review gates, and certificate checks.

Explore next step

Research workflow

Research a scoped claim

Check whether a vendor-affirmed algorithm or key-generation claim is supported by the applicable CMVP guidance.

Explore next step

Talk to Sorena

Review a FIPS 140-3 evidence package

Walk through vendor affirmation scope, Security Policy text, CAVP certificates, and CSTL records with Sorena.

Explore next step

Question 2

What does vendor affirmation require for HSS?

For SP 800-208 HSS, IG C.O lists concrete conditions rather than a self-attestation shortcut. If HSS key generation or signature generation is implemented, the underlying LMS key generation and LMS signature generation operations need CAVP certificates. If HSS signature verification is implemented, the underlying LMS signature verification operation needs a CAVP certificate.

The same IG requires every LMS parameter set used inside the HSS tree to have the applicable CAVP certificates. It also requires CSTL source-code review of each supported HSS operation against RFC 8554 key generation, signature generation, and signature verification sections, with the results documented in TE02.20.04 of the Test Report.

Record the HSS operations implemented by the module: key generation, signature generation, signature verification, or a subset.
Map each implemented HSS operation to the required LMS CAVP certificates and parameter sets.
Verify that HSS appears in the Security Policy's Vendor-Affirmed Algorithms table and that LMS appears in the Approved Algorithms table with the associated certificate references.

Citations

CMVP Implementation Guidance for FIPS 140-3

Grounds the HSS-specific evidence requirements: required self-tests, LMS CAVP certificates, all HSS tree parameter sets, CSTL source-code review, Test Report documentation, and Security Policy tables.

NIST SP 800-208 stateful hash-based signature schemes

Referenced by IG C.O as the source for LMS, XMSS, HSS, and XMSSMT stateful hash-based signature schemes.

NIST CAVP validation search

Use this public source to verify the underlying LMS algorithm certificate evidence referenced by an HSS vendor-affirmation claim.

Question 3

What evidence should teams keep for vendor affirmation?

Keep a compact evidence packet for each vendor-affirmed claim. It should identify the IG section, the module and version, the exact algorithm or key-generation method, the Security Policy table or disclosure, the CAVP certificates that remain required, and the CSTL or test-report evidence that the IG says must exist.

For SP 800-133 key generation, IG D.H says vendor affirmation is required for methods covered by Sections 4 and 6.3 when a symmetric key or seed for asymmetric key generation starts with a random bit string. It also says the Security Policy must provide details for each method, and that the validation certificate has a CKG entry only when the module generates keys for symmetric-key algorithms.

For HSS: keep the Vendor-Affirmed Algorithms table entry, Approved Algorithms table LMS entries, CAVP certificate references, CSTL source-code review record, and TE02.20.04 Test Report reference.
For SP 800-133: keep the Section 4 or Section 6.3 method mapping, DRBG-output explanation, independence rationale where relevant, CKG certificate-entry rationale, and Security Policy method details.
Set a review trigger when CAVP testing becomes available for a previously vendor-affirmed algorithm, because IG C.O points to the Management Manual transition process for moving from vendor affirmation to CAVP testing.

Citations

CMVP Implementation Guidance for FIPS 140-3

Supports both the HSS evidence package in IG C.O and the SP 800-133 key-generation vendor-affirmation requirements in IG D.H.

NIST SP 800-133 Rev. 2 cryptographic key generation

Referenced by IG D.H for key-generation methods used when claiming vendor affirmation to SP 800-133.

NIST CAVP validation search

Use this public source to verify algorithm certificate numbers that remain required even when a related vendor-affirmed claim is permitted.

Primary sources