Artifact GuideGLOBALFIPS-approved cryptographic algorithm requirements

TLS use-case mapping for FIPS algorithm evidence

Map each TLS use case to the specific FIPS algorithm, module-validation, approved-mode, and certificate evidence that can actually support the claim.

Use this as implementation guidance for FIPS and TLS evidence reviews, not as a claim that TLS as a protocol has been certified.

Back to main artifactReview sources
Author
Sorena AI
Published
May 9, 2026
Updated
May 9, 2026
Sections
5

Structured answer sets in this page tree.

Primary sources
14

Cited legal and guidance references.

Publication metadata
Sorena AI
Published May 9, 2026
Updated May 9, 2026
Overview

Use this page when a product, service, procurement response, or audit package says TLS is FIPS-aligned and the team needs to prove exactly what that means. The map separates TLS configuration choices from algorithm validation, cryptographic module validation, certificate-authority policy, and operational evidence.

Section 1

Start with the TLS role and cryptographic boundary

A TLS evidence review should begin with the endpoint role and the cryptographic module boundary, not with a generic statement that TLS is enabled. Record whether the system is a server, client, mutual-TLS peer, API gateway, load balancer, service mesh sidecar, device, embedded component, or managed service, because the evidence owner and control point can be different for each role.

NIST control guidance treats TLS as a cryptographic mechanism for protecting information during transmission, while FIPS 140-3 validation applies to cryptographic modules and approved security functions. The review should therefore ask which validated module performs the TLS cryptographic operations, which part of the product calls it, and whether the module is operating in its approved mode for the relevant service.

  • List every TLS termination point, including reverse proxies, CDN edges, ingress controllers, service mesh sidecars, application libraries, device clients, and administrative consoles.
  • For each termination point, identify the cryptographic module or provider, its version, the operating environment, and the FIPS 140-3 certificate scope if a module-validation claim is made.
  • Separate protocol configuration evidence, such as enabled TLS versions and cipher suites, from module evidence, such as approved services, algorithm certificates, and Security Policy language.
  • If TLS is provided by a cloud or managed service, retain the provider evidence that names the service boundary instead of assuming the application team controls the cryptographic module.
Sources for this answer
NIST SP 800-53 Rev. 5 control SC-8
Supports treating TLS as a mechanism for confidentiality and integrity during transmission, not as a standalone compliance certificate.
NIST FIPS 140-3 security requirements for cryptographic modules
Primary source for anchoring validation claims to a cryptographic module boundary and approved-mode operation.
CMVP Implementation Guidance for FIPS 140-3
Explains approved mode, non-approved security functions, protocol references, and how protocol KDFs are documented in module evidence.
Section 2

Map TLS operations to the evidence they need

TLS uses several cryptographic functions during a connection. A useful FIPS map names each function, the source of the requirement, the implementation that performs it, and the evidence that can be checked. The map should not collapse these into one broad cipher-suite line.

For TLS confidentiality, the map usually needs symmetric encryption evidence such as AES implementation details and CAVP certificates. For handshake authentication, it needs signature algorithm and certificate-chain evidence. For key establishment, it needs the approved or allowed scheme, KDF treatment, and any protocol-specific Security Policy caveats. For integrity, it needs the hash, MAC, AEAD, or signature function actually used by the selected TLS version and cipher suite.

  • Handshake authentication: record certificate profile requirements, trust-anchor policy, revocation handling, and the signature algorithm implementation used for certificate or handshake validation.
  • Key establishment: identify whether the deployment uses ECDHE, finite-field Diffie-Hellman, RSA-based schemes, or a TLS KDF, and connect the claim to SP 800-56 guidance, CAVP evidence, or CMVP Security Policy language.
  • Record protection: map the chosen cipher suites to AES-GCM, AES-CCM, ChaCha20-Poly1305 if allowed only by a separate policy, or another explicit mechanism instead of writing 'strong encryption'.
  • Hash and MAC use: record SHA-2, SHA-3, HMAC, transcript hash, certificate-signature, and KDF uses separately when the deployment or evidence package depends on them.
Sources for this answer
NIST SP 800-52 Rev. 2 TLS guidelines
Official NIST TLS guideline referenced by SP 800-53 and SP 800-171 for selecting and configuring TLS implementations.
NIST FIPS 197 Advanced Encryption Standard
Primary source for AES when TLS record protection relies on AES-based cipher suites.
NIST FIPS 180-4 Secure Hash Standard
Supports SHA-1 and SHA-2 hash-algorithm references where TLS signatures, transcript hashes, or MAC/KDF evidence depend on approved hash functions.
NIST FIPS 202 SHA-3 Standard
Supports SHA-3 and SHAKE references when a TLS-adjacent design or evidence package uses FIPS 202 functions.
Recommended next step

Operationalize TLS use-case mapping

Use the TLS map as a shared evidence checklist for engineering, security, procurement, and audit teams before a FIPS or customer claim is published.

Assessment workflow
Open Assessment Autopilot for FIPS evidence

Convert TLS use cases into accountable evidence requests, validation checks, and review milestones.

Explore next step
Research workflow
Research TLS/FIPS source questions

Use cited NIST source material to resolve module, algorithm, KDF, certificate, and approved-mode questions before implementation.

Explore next step
Talk to Sorena
Review a TLS evidence package

Walk through scope, module evidence, source claims, and the next implementation actions with Sorena.

Explore next step
Section 3

Do not overstate what CAVP and CMVP prove about TLS

CAVP evidence can support algorithm implementation claims, including validated KDFs where applicable. CMVP evidence can support a validated cryptographic module operating in approved mode. Neither statement automatically proves that the entire TLS protocol deployment, certificate-authority policy, hostname validation, application routing, or operational configuration was tested end to end.

CMVP guidance is especially important for TLS because it says protocol KDFs listed in SP 800-135rev1 are viewed as algorithms, not protocols, within the FIPS 140-3 validation scope. If a Security Policy claims TLS support, the evidence should say whether the TLS KDF is a validated CVL entry and should keep protocol claims separate from tested algorithms and schemes.

  • Use the CAVP validation search for algorithm certificates, but do not present a CAVP certificate as proof that a product's TLS deployment is configured correctly.
  • Use the CMVP certificate and Security Policy to check approved services, allowed/non-approved functions, operational environments, caveats, and whether TLS or protocol KDF language is included.
  • If a module claims TLS support but the KDF is not validated, retain the Security Policy limitation that the corresponding protocol must not be used in approved mode when that limitation applies.
  • If the module only implements part of TLS and the calling application performs the rest, document that split so procurement and audit reviewers do not assume one certificate covers the full connection.
Sources for this answer
NIST CAVP validation search
Public search for algorithm-validation certificates that can support TLS cipher, signature, hash, KDF, or AEAD evidence lines.
CMVP validated modules search
Public search for FIPS 140-3 module certificates and Security Policies used to substantiate module-boundary and approved-mode claims.
CMVP Implementation Guidance for FIPS 140-3
Grounds the caution that FIPS 140-3 validation addresses algorithms, schemes, KDFs, approved mode, and module documentation rather than validating a whole protocol deployment.
Section 4

Evidence checklist for a TLS/FIPS review

The evidence pack should let a reviewer reproduce the claim without relying on tribal knowledge. For each TLS use case, keep one line that names the system, endpoint role, module, algorithm set, certificate or validation evidence, approved-mode statement, and the operational control that keeps the configuration current.

The strongest evidence is versioned and scoped. It should show what is deployed, which module or provider performed the cryptographic function, which TLS versions and cipher suites were allowed, which certificate authorities were trusted, and which changes require reassessment.

  • Endpoint inventory: TLS servers, TLS clients, mutual-TLS peers, management interfaces, service-to-service channels, and provider-managed termination points.
  • Configuration export: enabled TLS versions, cipher suites, certificate chains, trust stores, revocation settings, hostname validation, and client-authentication requirements where used.
  • Validation evidence: CAVP certificate IDs for relevant algorithms, CMVP module certificate and Security Policy, approved-service indicator behavior, and any protocol KDF caveat.
  • Operational evidence: change tickets, scan results, library/provider version records, exception approvals, certificate-renewal records, and review cadence for deprecated algorithms or protocol versions.
Sources for this answer
NIST SP 800-171 Rev. 3 requirement 03.13.08
Supports TLS as a transmission-confidentiality mechanism and names FIPS 140-3, FIPS 197, SP 800-52, and key-establishment publications as supporting references.
NIST SP 800-53 Rev. 5 control SC-23(5)
Supports reviewing trusted certificate authorities for protected sessions that rely on TLS certificates.
CMVP Implementation Guidance for FIPS 140-3
Supports checking approved-mode behavior, service indicators, Security Policy limitations, and protocol KDF documentation.
Section 5

Common TLS mapping mistakes

Most TLS/FIPS mistakes come from mixing layers. A TLS scanner can show the protocol configuration. A CAVP certificate can show an algorithm implementation was validated. A CMVP certificate can show a cryptographic module was validated for a defined scope. A procurement or audit claim is only defensible when those layers point to the same deployed component and version.

Avoid using this page as a cipher-suite recommendation table. The useful output is the trace from use case to source-linked evidence, including any limitation that prevents the team from making a FIPS-approved-mode claim.

  • Do not say 'TLS is FIPS certified'; say which module, algorithm implementations, KDFs, and approved services support the specific TLS use case.
  • Do not treat a secure cipher-suite scan as a substitute for CAVP, CMVP, Security Policy, or approved-mode evidence.
  • Do not assume a certificate-authority policy proves cryptographic module validation, or that module validation proves hostname validation and trust-store governance.
  • Do not reuse another environment's TLS evidence unless the module version, operating environment, endpoint role, certificate chain, and configuration are actually the same.
Sources for this answer
CMVP Implementation Guidance for FIPS 140-3
Grounds the distinction between protocol references and validated algorithms, schemes, KDFs, and modules.
NIST SP 800-52 Rev. 2 TLS guidelines
Official TLS configuration guideline for checking protocol-version and cipher-suite choices against NIST guidance.
NIST SP 800-53 Rev. 5 control SC-12
Supports separating cryptographic key-establishment and key-management evidence from the rest of the TLS deployment.
Primary sources

References and citations

CMVP Implementation Guidance for FIPS 140-3
csrc.nist.gov
Referenced sections
  • Grounds the distinction between protocol references and validated algorithms, schemes, KDFs, and modules.
"no parts of this protocol, other than the approved cryptographic algorithms and the KDFs, have been tested"
CMVP validated modules search
csrc.nist.gov
Referenced sections
  • Public search for FIPS 140-3 module certificates and Security Policies used to substantiate module-boundary and approved-mode claims.
"validated-modules"
NIST CAVP validation search
csrc.nist.gov
Referenced sections
  • Public search for algorithm-validation certificates that can support TLS cipher, signature, hash, KDF, or AEAD evidence lines.
"validation-search"
NIST FIPS 180-4 Secure Hash Standard
doi.org
Referenced sections
  • Supports SHA-1 and SHA-2 hash-algorithm references where TLS signatures, transcript hashes, or MAC/KDF evidence depend on approved hash functions.
"Secure Hash Standard"
NIST FIPS 202 SHA-3 Standard
doi.org
Referenced sections
  • Supports SHA-3 and SHAKE references when a TLS-adjacent design or evidence package uses FIPS 202 functions.
"SHA-3 Standard"
NIST SP 800-171 Rev. 3 CUI protection requirements
doi.org
Referenced sections
  • Supports TLS as a confidentiality mechanism for information in transmission and names related FIPS and NIST publications.
"Cryptographic mechanisms that protect the confidentiality of CUI during transmission include TLS and IPsec."
NIST SP 800-171 Rev. 3 requirement 03.13.08
doi.org
Referenced sections
  • Supports TLS as a transmission-confidentiality mechanism and names FIPS 140-3, FIPS 197, SP 800-52, and key-establishment publications as supporting references.
"Cryptographic mechanisms that protect the confidentiality of CUI during transmission include TLS and IPsec."
NIST SP 800-52 Rev. 2 TLS guidelines
doi.org
Referenced sections
  • Official TLS configuration guideline for checking protocol-version and cipher-suite choices against NIST guidance.
"Transport Layer Security (TLS) Implementations"
NIST SP 800-53 Rev. 5 control SC-12
doi.org
Referenced sections
  • Supports separating cryptographic key-establishment and key-management evidence from the rest of the TLS deployment.
"Establish and manage cryptographic keys"
NIST SP 800-53 Rev. 5 control SC-23(5)
doi.org
Referenced sections
  • Supports reviewing trusted certificate authorities for protected sessions that rely on TLS certificates.
"Reliance on certificate authorities for the establishment of secure sessions includes the use of Transport Layer Security (TLS) certificates."
NIST SP 800-53 Rev. 5 control SC-8
doi.org
Referenced sections
  • Supports treating TLS as a mechanism for confidentiality and integrity during transmission, not as a standalone compliance certificate.
"Cryptographic mechanisms that protect the confidentiality and integrity of information during transmission include TLS and IPsec."
NIST SP 800-53 Rev. 5 security and privacy controls
doi.org
Referenced sections
  • Grounds TLS as a transmission-protection mechanism and certificate-authority control concern.
"Cryptographic mechanisms that protect the confidentiality and integrity of information during transmission include TLS and IPsec."
Related guides

Explore more topics

AES FIPS 197 requirements and evidence
AES FIPS 197 guidance for identifying supported key sizes, separating the block cipher from modes of operation, and avoiding unsupported FIPS validation claims.
CAVP and ACVP validation evidence for FIPS algorithms
How to read CAVP algorithm certificates, ACVTS/ACVP test coverage, CMVP module validation, and FIPS 140-3 procurement evidence without overstating the claim.
CAVP Validation Evidence Workflow for FIPS Algorithms
Workflow for collecting CAVP and ACVP evidence: algorithm certificates, implementation names, tested parameters, operating environments, and CMVP handoff records.
FIPS 180-4 and FIPS 202 secure hash guidance
Choose and evidence SHA-2, SHA-3, and SHAKE use under FIPS 180-4, FIPS 202, CAVP validation, and FIPS 140-3 module claims.
FIPS 186-5 and FIPS 204 digital signatures
Compare FIPS 186-5 classical digital signatures with FIPS 204 ML-DSA, including scope, algorithm choices, key-use limits, and validation evidence boundaries.
FIPS 203 ML-KEM vs RSA and ECDH key establishment
Compare FIPS 203 ML-KEM with RSA and ECDH key-establishment schemes using NIST SP 800-56A, SP 800-56B, CAVP, and CMVP grounding.
FIPS 203, 204, and 205 Post-Quantum Algorithms
FAQ on how FIPS 203 ML-KEM, FIPS 204 ML-DSA, and FIPS 205 SLH-DSA fit FIPS-approved cryptographic algorithm planning, implementation evidence, and validation checks.
FIPS Algorithm Procurement Evidence FAQ
What procurement teams should collect before accepting FIPS algorithm or module claims: CAVP certificates, CMVP module status, security policy scope, and supplier change triggers.
FIPS approved algorithm selector workflow
A source-linked workflow for selecting FIPS and NIST-approved cryptographic algorithms without overstating module validation, CAVP evidence, or approved-mode claims.
FIPS approved mode procurement: certificates, boundaries, and evidence
Procurement guidance for FIPS approved mode claims: how to check CMVP certificates, CAVP evidence, module boundaries, tested environments, and supplier evidence before purchase.
FIPS crypto transition and deprecation tracker
Track FIPS algorithm transitions, withdrawn guidance, CAVP evidence, CMVP module impact, procurement triggers, and approved-mode caveats without overstating validation status.
FIPS cryptographic algorithm selector
Choose between FIPS algorithm standards for AES, SHA-2, SHA-3, digital signatures, ML-KEM, ML-DSA, and SLH-DSA without overstating validation scope.
FIPS KDF and MAC coverage for validated modules
Map FIPS 140-3 KDF and MAC coverage to approved security functions, CAVP evidence, self-tests, service indicators, and module security policy entries.
FIPS Key Management Mapping for Algorithms and SSP Evidence
Map FIPS 140-3 key management requirements to approved algorithms, SSP establishment methods, CAVP evidence, module boundaries, and key-use records.
FIPS Procurement Evidence Review Workflow: CAVP, CMVP, Approved Mode
Review FIPS crypto procurement evidence by separating CAVP algorithm certificates from CMVP module certificates, Security Policy scope, approved mode, operating environment, change impact, and retention records.
FIPS validation certificates for cryptographic algorithms
How to read CAVP algorithm validation certificates and CMVP module validation certificates without overstating FIPS-approved cryptographic algorithm claims.
FIPS-approved cryptographic algorithms FAQ
Answers to common FIPS algorithm questions: approved security functions, CAVP validation, CMVP module scope, AES modes, SHA-2, SHA-3, signatures, and post-quantum algorithms.
How FIPS 180-4 and FIPS 202 Hash Functions Fit FIPS Algorithm Approval
Use FIPS 180-4 for SHA-1 and SHA-2 hash algorithms, FIPS 202 for SHA-3 and SHAKE functions, and CAVP/CMVP evidence without treating a hash certificate as module validation.
How FIPS 186-5 Signature Algorithms Fit FIPS Approval
Use FIPS 186-5 for RSA, ECDSA, deterministic ECDSA, EdDSA, HashEdDSA, DSA verification limits, approved hashes, and CAVP/CMVP evidence boundaries.
ML-DSA vs ECDSA under FIPS 204 and FIPS 186-5
Compare ML-DSA and ECDSA for FIPS-aligned digital signature designs, including parameter choices, key handling, CAVP algorithm evidence, and CMVP module boundaries.
Post-quantum FIPS 203, 204, and 205: ML-KEM, ML-DSA, and SLH-DSA
A grounded guide to the three NIST post-quantum FIPS standards: when ML-KEM, ML-DSA, and SLH-DSA apply, what evidence to keep, and how CAVP and CMVP claims differ.
Post-Quantum Migration for FIPS Cryptography
Plan post-quantum migration for FIPS cryptography by separating ML-KEM key establishment, ML-DSA and SLH-DSA signatures, CAVP algorithm evidence, and CMVP module validation boundaries.
Post-Quantum Migration Tracker for FIPS 203, 204, and 205
Track post-quantum cryptography migration evidence for FIPS 203 ML-KEM, FIPS 204 ML-DSA, FIPS 205 SLH-DSA, CAVP algorithm certificates, and CMVP module boundaries.
SHA-2 vs SHA-3 under FIPS 180-4 and FIPS 202
Compare SHA-2 and SHA-3 for FIPS use: approved functions, validation evidence, compatibility, procurement checks, and when migration is not required.
What does FIPS 197 AES mean for FIPS-approved algorithms?
FIPS 197 defines AES as a FIPS-approved block cipher, but AES use alone is not the same as CAVP algorithm testing or FIPS 140-3 module validation.