FAQGLOBALFIPS-approved cryptographic algorithms

FIPS-approved cryptographic algorithms FAQ

Answers to practical questions about approved algorithms, CAVP certificates, CMVP module validation, approved mode, and algorithm evidence.

Use this page to separate standards facts from vendor claims, procurement language, and product-specific validation evidence.

Back to main artifactReview sources
Author
Sorena AI
Published
May 9, 2026
Updated
May 9, 2026
FAQ modules
6

Structured answer sets in this page tree.

Primary sources
10

Cited legal and guidance references.

Publication metadata
Sorena AI
Published May 9, 2026
Updated May 9, 2026
Overview

FIPS algorithm questions often get blurred with FIPS 140-3 module claims. This FAQ separates the layers: a cryptographic algorithm may be specified in a FIPS publication, adopted in a NIST recommendation, or listed as an approved security function, while a product claim usually depends on the cryptographic module boundary, the services used in approved mode, and the validation evidence available for the implementation.

Browse sub-FAQs

Choose the question set you need

These focused FAQ modules break this artifact into narrower answer sets so teams can move straight to the right source-backed guidance.

Browse all FAQ items17
Focused FAQ modules
6
Showing 6 of 6
FAQ module

FIPS 203, 204, and 205 Post-Quantum Algorithms

FAQ on how FIPS 203 ML-KEM, FIPS 204 ML-DSA, and FIPS 205 SLH-DSA fit FIPS-approved cryptographic algorithm planning, implementation evidence, and validation checks.

3 items
FAQ module

FIPS Algorithm Procurement Evidence FAQ

What procurement teams should collect before accepting FIPS algorithm or module claims: CAVP certificates, CMVP module status, security policy scope, and supplier change triggers.

3 items
FAQ module

FIPS validation certificates for cryptographic algorithms

How to read CAVP algorithm validation certificates and CMVP module validation certificates without overstating FIPS-approved cryptographic algorithm claims.

3 items
FAQ module

How FIPS 180-4 and FIPS 202 Hash Functions Fit FIPS Algorithm Approval

Use FIPS 180-4 for SHA-1 and SHA-2 hash algorithms, FIPS 202 for SHA-3 and SHAKE functions, and CAVP/CMVP evidence without treating a hash certificate as module validation.

3 items
FAQ module

How FIPS 186-5 Signature Algorithms Fit FIPS Approval

Use FIPS 186-5 for RSA, ECDSA, deterministic ECDSA, EdDSA, HashEdDSA, DSA verification limits, approved hashes, and CAVP/CMVP evidence boundaries.

3 items
FAQ module

What does FIPS 197 AES mean for FIPS-approved algorithms?

FIPS 197 defines AES as a FIPS-approved block cipher, but AES use alone is not the same as CAVP algorithm testing or FIPS 140-3 module validation.

2 items
Question 1

What does FIPS-approved mean for a cryptographic algorithm?

For this topic, FIPS-approved means the algorithm or technique is specified in a FIPS or NIST recommendation, adopted in one, or included in the NIST-approved security functions list used for FIPS 140-3. That status is about the algorithm or technique, not a blanket approval of every product, protocol, cloud service, library build, key size, mode, or configuration that mentions it.

A useful algorithm record should name the standard, the algorithm family, the exact mode or parameter set, the intended use, and the evidence source. For example, AES is a FIPS-approved block cipher, but FIPS 197 also says AES is used with a FIPS-approved or NIST-recommended mode of operation.

  • Record the standard behind the claim, such as FIPS 197 for AES, FIPS 180-4 for SHA-1 and SHA-2, FIPS 202 for SHA-3 and SHAKE, FIPS 186-5 for digital signatures, or FIPS 203 through FIPS 205 for NIST post-quantum algorithms.
  • Name the approved mode, parameter set, digest length, key size, or signature scheme instead of using a generic approved cryptography label.
  • Do not convert algorithm approval into a product validation claim unless the module boundary and CMVP evidence also support that claim.
Sources for this answer
NIST FIPS 140-3 security requirements for cryptographic modules
Defines the FIPS 140-3 approved security function concept and ties approved functions to FIPS publications, NIST recommendations, and SP 800-140C.
NIST FIPS 197-upd1 Advanced Encryption Standard
Supports the AES example and the need to pair AES with an approved or recommended mode of operation.
Question 2

Is a CAVP certificate the same as FIPS 140-3 validation?

No. CAVP validation is evidence that a specific cryptographic algorithm implementation passed algorithm testing. CMVP validation is about a cryptographic module meeting FIPS 140-3 requirements for a defined module boundary, tested operational environment, roles, services, self-tests, security policy, and other module requirements.

In a procurement or audit file, keep these artifacts separate. A CAVP certificate can support the algorithm implementation evidence for a module, but it does not by itself prove that the delivered product is a FIPS 140-3 validated cryptographic module or that the product is operating in approved mode.

  • Use the CAVP validation search to verify algorithm certificates, implementation names, vendors, algorithms, revisions, and validation status.
  • Use CMVP certificate and Security Policy evidence for module name, version, security level, boundary, approved services, tested operating environments, and certificate status.
  • Reject wording that says a product is FIPS validated when the available evidence is only an algorithm test certificate.
Sources for this answer
CMVP Implementation Guidance for FIPS 140-3
Explains program distinctions between algorithm testing, module validation, approved mode, and Security Policy evidence.
NIST CAVP validation search
Public search interface for checking algorithm validation entries cited by vendors, modules, and procurement packets.
Recommended next step

Turn FIPS algorithm questions into verifiable evidence

Use the cited standards, CAVP records, CMVP certificate data, and Security Policy language to keep algorithm claims precise before they reach customers, auditors, or procurement teams.

Assessment workflow
Open Assessment Autopilot for FIPS evidence

Convert FIPS algorithm and module evidence into owned tasks, evidence requests, and review checkpoints.

Explore next step
Research workflow
Research FIPS source questions

Resolve CAVP, CMVP, approved-mode, and algorithm-standard questions against cited source material.

Explore next step
Talk to Sorena
Review a FIPS claim with Sorena

Check whether customer-facing wording matches the underlying algorithm, module, and validation evidence.

Explore next step
Question 3

Can a protocol such as TLS be called FIPS approved?

Be careful. FIPS 140-3 implementation guidance says the FIPS 140-3 and SP 800-140 series do not address protocols as protocols. The approved-mode question is whether the module uses approved or allowed cryptographic algorithms and schemes, such as AES, ECDSA, KDFs, key-agreement schemes, or key-transport schemes, in the way permitted for the module's approved services.

For protocol claims, write the evidence around the cryptographic functions actually used by the module. For example, a TLS claim may require checking the KDF, cipher suite components, key agreement, certificate signature algorithms, random bit generation, and whether those services are listed as approved services in the module Security Policy.

  • Avoid saying a whole protocol is FIPS approved without naming the approved algorithms, schemes, services, and module boundary.
  • For TLS KDF claims, check whether the relevant KDF version was CAVP tested and whether the module Security Policy identifies the supported version.
  • Keep application configuration evidence separate from module validation evidence so protocol settings do not overstate the CMVP certificate.
Sources for this answer
CMVP Implementation Guidance for FIPS 140-3
Grounds the distinction between protocol labels and the approved algorithms or schemes used in approved mode.
NIST FIPS 140-3 security requirements for cryptographic modules
Primary module standard for approved security functions, approved mode, and validation scope.
Question 4

Which FIPS sources should teams use for AES, hash, and signature questions?

Use the algorithm standard for the primitive, then check CMVP and CAVP evidence for the implementation and module. FIPS 197 covers AES; FIPS 180-4 covers SHA-1 and the SHA-2 family; FIPS 202 covers SHA-3 hash functions and SHAKE extendable-output functions; FIPS 186-5 covers DSA, ECDSA, EdDSA, and RSA signature requirements.

The key operational point is specificity. A claim such as AES, SHA, or FIPS signatures is not enough. The record should identify the mode or scheme, key length or digest length, approved use, implementation validation, and whether the module's approved services actually call that implementation.

  • For AES, record AES-128, AES-192, or AES-256 and the approved mode of operation used by the service.
  • For hashes, distinguish SHA-1, SHA-2, SHA-3, SHAKE, digest length, and whether the use is hashing, message authentication, signature prehashing, or another approved construction.
  • For signatures, map the signature scheme, parameters, key generation, hash function, and validation evidence rather than citing only the broad FIPS 186-5 family.
Sources for this answer
NIST FIPS 197-upd1 Advanced Encryption Standard
Primary AES source for the block cipher, key sizes, and use with approved or recommended modes.
NIST FIPS 180-4 Secure Hash Standard
Primary source for SHA-1 and SHA-2 hash algorithms used in FIPS contexts.
NIST FIPS 202 SHA-3 Standard
Primary source for SHA-3 hash functions and SHAKE extendable-output functions.
NIST FIPS 186-5 Digital Signature Standard
Primary source for approved digital signature families and their use with approved hash functions.
Question 5

How should post-quantum FIPS algorithm claims be handled?

Treat FIPS 203, FIPS 204, and FIPS 205 as algorithm standards, not automatic product approvals. FIPS 203 specifies ML-KEM for key establishment; FIPS 204 specifies ML-DSA for digital signatures; FIPS 205 specifies SLH-DSA for stateless hash-based digital signatures. Each claim still needs implementation evidence, parameter-set choices, module boundary evidence, and approved-mode treatment where FIPS 140-3 validation is relevant.

For migration planning, do not state that a system is post-quantum compliant because a roadmap names ML-KEM or ML-DSA. The defensible record identifies which algorithm standard is used, which parameter set is selected, where the algorithm runs, how keys or signatures are generated, and what CAVP or CMVP evidence is available for the implementation and module.

  • For ML-KEM, record key-establishment use, parameter set, implementation version, and whether testing interfaces are kept out of application use.
  • For ML-DSA or SLH-DSA, record signature purpose, key-pair handling, parameter set, hash or prehash assumptions, and validation evidence.
  • Keep transition, hybrid, and customer-readiness claims separate from validated-module claims until the module evidence supports them.
Sources for this answer
NIST FIPS 203 ML-KEM
Primary source for ML-KEM as the module-lattice key-encapsulation mechanism standard.
NIST FIPS 204 ML-DSA
Primary source for ML-DSA as the module-lattice digital signature standard.
NIST FIPS 205 SLH-DSA
Primary source for SLH-DSA as the stateless hash-based digital signature standard.
NIST CAVP validation search
Public lookup for algorithm validation evidence as post-quantum implementations move through testing.
Question 6

Can non-approved algorithms appear in an approved mode module?

Sometimes, but the distinction is narrow. CMVP guidance says non-approved security functions cannot be used in approved mode. It also recognizes that a non-approved cryptographic algorithm may appear in approved mode only when it is not used as a security function, does not meet FIPS 140-3 requirements, and is clearly documented as providing no claimed security.

This matters for libraries, diagnostics, interoperability code, and internal obfuscation. If a non-approved algorithm is exposed as encryption, key agreement, key transport, message authentication, digest generation, signature generation, signature verification, or another security function, it should not be treated as harmless just because the module also contains approved algorithms.

  • Document any non-approved algorithm listed in the Security Policy, its purpose, and the reason no security is claimed.
  • Verify that non-approved algorithms do not share keys or critical security parameters with approved or allowed algorithms in a prohibited way.
  • Do not list non-approved algorithms on the module certificate as approved functions when the guidance says they make no security claim.
Sources for this answer
CMVP Implementation Guidance for FIPS 140-3
Supports the approved-mode treatment of non-approved security functions, non-security uses, key or CSP separation, and Security Policy disclosure.
NIST FIPS 140-3 security requirements for cryptographic modules
Primary module standard for approved mode and approved security function context.
Question 7

What evidence should be kept for a FIPS algorithm answer?

Keep evidence that lets another reviewer reconstruct the claim without relying on marketing shorthand. The packet should show the algorithm standard, the implementation validation evidence, the module validation evidence if a module claim is made, and the product or service configuration that uses the approved service.

For customer-facing or procurement language, the minimum useful file is the exact claim text, the source standard, any CAVP certificate references, the CMVP certificate and Security Policy when applicable, the module version and operational environment, and the owner who approved the wording.

  • Algorithm record: standard, algorithm, revision, mode or parameter set, key size or digest length, use case, implementation version, and CAVP reference where applicable.
  • Module record: CMVP certificate number, module name, version, security level, Security Policy, approved services, and tested operational environments.
  • Claim record: public wording, procurement clause, datasheet text, or customer response tied to the evidence that supports exactly that wording.
  • Change record: reassess after cryptographic library updates, hardware acceleration changes, module boundary changes, operating environment changes, or certificate status changes.
Sources for this answer
NIST CAVP validation search
Public lookup for algorithm implementation evidence referenced in an evidence packet.
CMVP Implementation Guidance for FIPS 140-3
Grounding for Security Policy, approved services, validation certificate, tested environment, and approved-mode evidence.
Primary sources

References and citations

CMVP Implementation Guidance for FIPS 140-3
csrc.nist.gov
Referenced sections
  • Grounding for Security Policy, approved services, validation certificate, tested environment, and approved-mode evidence.
"validation certificate serves as a benchmark"
NIST CAVP validation search
csrc.nist.gov
Referenced sections
  • Public lookup for algorithm implementation evidence referenced in an evidence packet.
"validation-search"
NIST FIPS 186-5 Digital Signature Standard
csrc.nist.gov
Referenced sections
  • Primary source for approved digital signature families and their use with approved hash functions.
"FIPS-approved digital signature algorithms"
NIST FIPS 202 SHA-3 Standard
csrc.nist.gov
Referenced sections
  • Primary source for SHA-3 hash functions and SHAKE extendable-output functions.
"SHA-3 functions"
NIST FIPS 203 ML-KEM
csrc.nist.gov
Referenced sections
  • Primary source for ML-KEM as the module-lattice key-encapsulation mechanism standard.
"Module-Lattice-Based Key-Encapsulation Mechanism"
NIST FIPS 204 ML-DSA
csrc.nist.gov
Referenced sections
  • Primary source for ML-DSA as the module-lattice digital signature standard.
"Module-Lattice-Based Digital Signature Standard"
NIST FIPS 205 SLH-DSA
csrc.nist.gov
Referenced sections
  • Primary source for SLH-DSA as the stateless hash-based digital signature standard.
"Stateless Hash-Based Digital Signature Standard"
Related guides

Explore more topics

AES FIPS 197 requirements and evidence
AES FIPS 197 guidance for identifying supported key sizes, separating the block cipher from modes of operation, and avoiding unsupported FIPS validation claims.
CAVP and ACVP validation evidence for FIPS algorithms
How to read CAVP algorithm certificates, ACVTS/ACVP test coverage, CMVP module validation, and FIPS 140-3 procurement evidence without overstating the claim.
CAVP Validation Evidence Workflow for FIPS Algorithms
Workflow for collecting CAVP and ACVP evidence: algorithm certificates, implementation names, tested parameters, operating environments, and CMVP handoff records.
FIPS 180-4 and FIPS 202 secure hash guidance
Choose and evidence SHA-2, SHA-3, and SHAKE use under FIPS 180-4, FIPS 202, CAVP validation, and FIPS 140-3 module claims.
FIPS 186-5 and FIPS 204 digital signatures
Compare FIPS 186-5 classical digital signatures with FIPS 204 ML-DSA, including scope, algorithm choices, key-use limits, and validation evidence boundaries.
FIPS 203 ML-KEM vs RSA and ECDH key establishment
Compare FIPS 203 ML-KEM with RSA and ECDH key-establishment schemes using NIST SP 800-56A, SP 800-56B, CAVP, and CMVP grounding.
FIPS approved algorithm selector workflow
A source-linked workflow for selecting FIPS and NIST-approved cryptographic algorithms without overstating module validation, CAVP evidence, or approved-mode claims.
FIPS approved mode procurement: certificates, boundaries, and evidence
Procurement guidance for FIPS approved mode claims: how to check CMVP certificates, CAVP evidence, module boundaries, tested environments, and supplier evidence before purchase.
FIPS crypto transition and deprecation tracker
Track FIPS algorithm transitions, withdrawn guidance, CAVP evidence, CMVP module impact, procurement triggers, and approved-mode caveats without overstating validation status.
FIPS cryptographic algorithm selector
Choose between FIPS algorithm standards for AES, SHA-2, SHA-3, digital signatures, ML-KEM, ML-DSA, and SLH-DSA without overstating validation scope.
FIPS KDF and MAC coverage for validated modules
Map FIPS 140-3 KDF and MAC coverage to approved security functions, CAVP evidence, self-tests, service indicators, and module security policy entries.
FIPS Key Management Mapping for Algorithms and SSP Evidence
Map FIPS 140-3 key management requirements to approved algorithms, SSP establishment methods, CAVP evidence, module boundaries, and key-use records.
FIPS Procurement Evidence Review Workflow: CAVP, CMVP, Approved Mode
Review FIPS crypto procurement evidence by separating CAVP algorithm certificates from CMVP module certificates, Security Policy scope, approved mode, operating environment, change impact, and retention records.
ML-DSA vs ECDSA under FIPS 204 and FIPS 186-5
Compare ML-DSA and ECDSA for FIPS-aligned digital signature designs, including parameter choices, key handling, CAVP algorithm evidence, and CMVP module boundaries.
Post-quantum FIPS 203, 204, and 205: ML-KEM, ML-DSA, and SLH-DSA
A grounded guide to the three NIST post-quantum FIPS standards: when ML-KEM, ML-DSA, and SLH-DSA apply, what evidence to keep, and how CAVP and CMVP claims differ.
Post-Quantum Migration for FIPS Cryptography
Plan post-quantum migration for FIPS cryptography by separating ML-KEM key establishment, ML-DSA and SLH-DSA signatures, CAVP algorithm evidence, and CMVP module validation boundaries.
Post-Quantum Migration Tracker for FIPS 203, 204, and 205
Track post-quantum cryptography migration evidence for FIPS 203 ML-KEM, FIPS 204 ML-DSA, FIPS 205 SLH-DSA, CAVP algorithm certificates, and CMVP module boundaries.
SHA-2 vs SHA-3 under FIPS 180-4 and FIPS 202
Compare SHA-2 and SHA-3 for FIPS use: approved functions, validation evidence, compatibility, procurement checks, and when migration is not required.
TLS use-case mapping for FIPS algorithm evidence
Map TLS uses to FIPS algorithm, CAVP, CMVP, approved-mode, certificate-authority, and evidence checks without overstating protocol validation claims.