FAQGLOBALFIPS-approved cryptographic algorithms

FIPS 203, 204, and 205 post-quantum algorithms What teams need to evidence before making FIPS-approved algorithm claims

FIPS 203 standardizes ML-KEM for key establishment, FIPS 204 standardizes ML-DSA for digital signatures, and FIPS 205 standardizes SLH-DSA for stateless hash-based digital signatures.

Use this FAQ to separate algorithm selection from module validation evidence and to avoid unsupported claims about post-quantum readiness.

Back to main artifactReview sources
Author
Sorena AI
Published
May 9, 2026
Updated
May 9, 2026
Questions
3

Structured answer sets in this page tree.

Primary sources
6

Cited legal and guidance references.

Publication metadata
Sorena AI
Published May 9, 2026
Updated May 9, 2026
Overview

FIPS 203, FIPS 204, and FIPS 205 are NIST's post-quantum algorithm standards published and effective on August 13, 2024. Treat them as implementation standards for specific algorithms and parameter sets, then separately verify whether the cryptographic module, CAVP algorithm evidence, and CMVP documentation support the claim being made.

Search this module

Find a question or answer quickly

3 of 3 questions
Question 1

What do FIPS 203, FIPS 204, and FIPS 205 cover?

FIPS 203 covers ML-KEM, a module-lattice-based key-encapsulation mechanism used to establish a shared secret key over a public channel. It is the post-quantum key-establishment standard in this set, not a digital signature standard.

FIPS 204 covers ML-DSA, a module-lattice-based digital signature algorithm for generating and verifying signatures. FIPS 205 covers SLH-DSA, a stateless hash-based digital signature algorithm based on SPHINCS+. Both signature standards apply to public-key-based signature systems operated by federal agencies or operated for them under contract, and their use is also available to private and commercial organizations.

  • Use FIPS 203 when the scoped function is ML-KEM key generation, encapsulation, or decapsulation.
  • Use FIPS 204 when the scoped function is ML-DSA key generation, signature generation, signature verification, or the pre-hash variants supported by the standard.
  • Use FIPS 205 when the scoped function is SLH-DSA key generation, signature generation, signature verification, or approved SHA2/SHAKE parameter-set use.
Citations
NIST FIPS 204 ML-DSA standard

Defines ML-DSA as the FIPS 204 lattice-based digital signature algorithm and explains its federal signature-system applicability.

NIST FIPS 205 SLH-DSA standard

Defines SLH-DSA as the FIPS 205 stateless hash-based digital signature algorithm and identifies its approved parameter-set family.

Recommended next step

Map FIPS 203, FIPS 204, and FIPS 205 claims to algorithms, modules, and certificates

Use this FAQ to separate approved algorithm selection, implementation evidence, and module-validation claims before answering customers or procurement teams.

Assessment workflow
Turn the answer into controls

Convert the algorithm scope, validation checks, and evidence gaps into assigned review work.

Explore next step
Research workflow
Ask a scoped follow-up

Use cited research support when a parameter set, module boundary, or certificate claim is unclear.

Explore next step
Talk to Sorena
Talk through implementation

Review FIPS 203, FIPS 204, FIPS 205, CAVP, and CMVP evidence with Sorena.

Explore next step
Question 2

What implementation evidence should teams keep?

The evidence should show the algorithm, parameter set, module boundary, and interface actually used. A bare statement that a product is post-quantum or FIPS-ready is not enough because the NIST standards include parameter-set choices, input checks, approved random bit generation, private-key or decapsulation-key safeguards, and restrictions on exposing testing-only internal interfaces.

For ML-KEM, record the chosen parameter set and whether encapsulation keys, decapsulation keys, and ciphertexts are checked before use. FIPS 203 recommends ML-KEM-768 as the default parameter set unless that is impractical or a different security requirement applies. For ML-DSA, record whether ML-DSA-44, ML-DSA-65, or ML-DSA-87 is used and confirm signature length, public-key length, random seed, and intermediate-data handling requirements. For SLH-DSA, record the SHA2 or SHAKE parameter set, whether the small-signature or fast-signature variant is used, and the key-generation and signing randomness requirements.

  • Map each public claim to a scoped cryptographic function: ML-KEM key establishment, ML-DSA signatures, or SLH-DSA signatures.
  • Store parameter-set evidence, implementation version, module boundary, operating environment, and whether the function is used in an approved mode.
  • Keep test and design evidence separate from certification claims; passing internal tests or using an approved algorithm name does not by itself prove a module is CMVP-validated.
Citations
NIST FIPS 204 ML-DSA standard

Supports ML-DSA parameter-set, signature verification, approved random bit generation, and intermediate-data handling evidence.

Question 3

How should CAVP and CMVP validation claims be handled?

Use cautious wording. The three standards say NIST will develop validation programs to test implementations for conformance to the algorithms in this standard, and the CMVP implementation guidance adds cryptographic algorithm self-test requirements for ML-KEM, ML-DSA, and SLH-DSA. That supports planning and evidence collection, but it does not justify saying that a product, library, or cloud service is validated unless the relevant certificate or module listing supports that exact scope.

For procurement, customer security reviews, and audit responses, verify the CAVP algorithm entry or CMVP module certificate against the algorithm, parameter set, module name, version, implementation environment, and approved-mode statement. If a supplier only provides roadmap language, test vectors, or an algorithm name, describe it as implementation evidence or migration status rather than validated FIPS evidence.

  • Check the public CAVP validation search for algorithm evidence before citing an algorithm certificate.
  • Check CMVP module documentation before claiming a module is FIPS 140-3 validated or that post-quantum functionality is inside the validated boundary.
  • Record unresolved gaps explicitly, such as missing certificate scope, unsupported parameter set, non-approved mode, unvalidated module boundary, or supplier roadmap-only support.
Citations
Primary sources

References and citations

NIST CAVP validation search
csrc.nist.gov
Referenced sections
  • Public NIST search used to verify cryptographic algorithm validation evidence before citing a certificate.
"validation search"
NIST FIPS 140-3 implementation guidance
csrc.nist.gov
Referenced sections
  • Grounds the need to account for ML-KEM, ML-DSA, and SLH-DSA cryptographic algorithm self-tests in module validation work.
"Cryptographic Algorithm Self-Test Requirements"
NIST FIPS 203 ML-KEM standard
nvlpubs.nist.gov
Referenced sections
  • Supports ML-KEM parameter-set, input-checking, randomness, and default ML-KEM-768 evidence requirements.
"ML-KEM-768 as the default parameter set"
NIST FIPS 204 ML-DSA standard
nvlpubs.nist.gov
Referenced sections
  • Supports ML-DSA parameter-set, signature verification, approved random bit generation, and intermediate-data handling evidence.
"ML-DSA-44, ML-DSA-65, and ML-DSA-87"
NIST FIPS 205 SLH-DSA standard
nvlpubs.nist.gov
Referenced sections
  • Supports SLH-DSA SHA2/SHAKE parameter-set, key-generation randomness, signing, and verification evidence.
"This standard approves 12 parameter sets"
Related guides

Explore more topics

AES FIPS 197 requirements and evidence
AES FIPS 197 guidance for identifying supported key sizes, separating the block cipher from modes of operation, and avoiding unsupported FIPS validation claims.
CAVP and ACVP validation evidence for FIPS algorithms
How to read CAVP algorithm certificates, ACVTS/ACVP test coverage, CMVP module validation, and FIPS 140-3 procurement evidence without overstating the claim.
CAVP Validation Evidence Workflow for FIPS Algorithms
Workflow for collecting CAVP and ACVP evidence: algorithm certificates, implementation names, tested parameters, operating environments, and CMVP handoff records.
FIPS 180-4 and FIPS 202 secure hash guidance
Choose and evidence SHA-2, SHA-3, and SHAKE use under FIPS 180-4, FIPS 202, CAVP validation, and FIPS 140-3 module claims.
FIPS 186-5 and FIPS 204 digital signatures
Compare FIPS 186-5 classical digital signatures with FIPS 204 ML-DSA, including scope, algorithm choices, key-use limits, and validation evidence boundaries.
FIPS 203 ML-KEM vs RSA and ECDH key establishment
Compare FIPS 203 ML-KEM with RSA and ECDH key-establishment schemes using NIST SP 800-56A, SP 800-56B, CAVP, and CMVP grounding.
FIPS Algorithm Procurement Evidence FAQ
What procurement teams should collect before accepting FIPS algorithm or module claims: CAVP certificates, CMVP module status, security policy scope, and supplier change triggers.
FIPS approved algorithm selector workflow
A source-linked workflow for selecting FIPS and NIST-approved cryptographic algorithms without overstating module validation, CAVP evidence, or approved-mode claims.
FIPS approved mode procurement: certificates, boundaries, and evidence
Procurement guidance for FIPS approved mode claims: how to check CMVP certificates, CAVP evidence, module boundaries, tested environments, and supplier evidence before purchase.
FIPS crypto transition and deprecation tracker
Track FIPS algorithm transitions, withdrawn guidance, CAVP evidence, CMVP module impact, procurement triggers, and approved-mode caveats without overstating validation status.
FIPS cryptographic algorithm selector
Choose between FIPS algorithm standards for AES, SHA-2, SHA-3, digital signatures, ML-KEM, ML-DSA, and SLH-DSA without overstating validation scope.
FIPS KDF and MAC coverage for validated modules
Map FIPS 140-3 KDF and MAC coverage to approved security functions, CAVP evidence, self-tests, service indicators, and module security policy entries.
FIPS Key Management Mapping for Algorithms and SSP Evidence
Map FIPS 140-3 key management requirements to approved algorithms, SSP establishment methods, CAVP evidence, module boundaries, and key-use records.
FIPS Procurement Evidence Review Workflow: CAVP, CMVP, Approved Mode
Review FIPS crypto procurement evidence by separating CAVP algorithm certificates from CMVP module certificates, Security Policy scope, approved mode, operating environment, change impact, and retention records.
FIPS validation certificates for cryptographic algorithms
How to read CAVP algorithm validation certificates and CMVP module validation certificates without overstating FIPS-approved cryptographic algorithm claims.
FIPS-approved cryptographic algorithms FAQ
Answers to common FIPS algorithm questions: approved security functions, CAVP validation, CMVP module scope, AES modes, SHA-2, SHA-3, signatures, and post-quantum algorithms.
How FIPS 180-4 and FIPS 202 Hash Functions Fit FIPS Algorithm Approval
Use FIPS 180-4 for SHA-1 and SHA-2 hash algorithms, FIPS 202 for SHA-3 and SHAKE functions, and CAVP/CMVP evidence without treating a hash certificate as module validation.
How FIPS 186-5 Signature Algorithms Fit FIPS Approval
Use FIPS 186-5 for RSA, ECDSA, deterministic ECDSA, EdDSA, HashEdDSA, DSA verification limits, approved hashes, and CAVP/CMVP evidence boundaries.
ML-DSA vs ECDSA under FIPS 204 and FIPS 186-5
Compare ML-DSA and ECDSA for FIPS-aligned digital signature designs, including parameter choices, key handling, CAVP algorithm evidence, and CMVP module boundaries.
Post-quantum FIPS 203, 204, and 205: ML-KEM, ML-DSA, and SLH-DSA
A grounded guide to the three NIST post-quantum FIPS standards: when ML-KEM, ML-DSA, and SLH-DSA apply, what evidence to keep, and how CAVP and CMVP claims differ.
Post-Quantum Migration for FIPS Cryptography
Plan post-quantum migration for FIPS cryptography by separating ML-KEM key establishment, ML-DSA and SLH-DSA signatures, CAVP algorithm evidence, and CMVP module validation boundaries.
Post-Quantum Migration Tracker for FIPS 203, 204, and 205
Track post-quantum cryptography migration evidence for FIPS 203 ML-KEM, FIPS 204 ML-DSA, FIPS 205 SLH-DSA, CAVP algorithm certificates, and CMVP module boundaries.
SHA-2 vs SHA-3 under FIPS 180-4 and FIPS 202
Compare SHA-2 and SHA-3 for FIPS use: approved functions, validation evidence, compatibility, procurement checks, and when migration is not required.
TLS use-case mapping for FIPS algorithm evidence
Map TLS uses to FIPS algorithm, CAVP, CMVP, approved-mode, certificate-authority, and evidence checks without overstating protocol validation claims.
What does FIPS 197 AES mean for FIPS-approved algorithms?
FIPS 197 defines AES as a FIPS-approved block cipher, but AES use alone is not the same as CAVP algorithm testing or FIPS 140-3 module validation.