The Federal Risk and Authorization Management Program (FedRAMP) requires Cloud Service Providers (CSPs) to meet federal mandates and achieve or maintain a FedRAMP authorization. One of those mandates require the consistent use of FIPS 140-2 validated cryptographic modules everywhere cryptography is required within the Cloud Service Offering (CSO). Recently, the state of previously approved and widely used, FIPS 140-2 validated cryptographic algorithms, moved to a “Historical” status.
Determining proper use of FIPS validated cryptography is a key requirement 3PAO’s evaluate in the FedRAMP Readiness Assessment process as well as the initial and annual assessments. In many cases, the inability to implement this requirement is a roadblock for authorization.
In this post, we will examine the impact these changes will have on FedRAMP CSPs and share recommended steps to take for identifying potential roadblocks in obtaining or maintaining a FedRAMP authorization.
Understanding the NIST CMVP
The Cryptographic Module Validation Program (CMVP) is a collaborative program between the U.S. National Institute of Standards and Technology (NIST) and the Canadian Centre for Cyber Security. Vendor cryptographic modules are tested and validated by independent accredited laboratories against the requirements of Federal Information Processing Standards (FIPS) 140-2 and FIPS 140-3.
FedRAMP recognizes the NIST CMVP as the authoritative source in determining CSO compliance when properly implementing FIPS cryptography within a FedRAMP CSO. FedRAMP accepts the use of cryptographic modules listed as “Active” in the CMVP database.
Transition to NIST SP 800-56A Rev. 3
A significant number of cryptographic module certificates listed in the CMVP expired on June 30, 2022 due to NIST’s transition to NIST SP 800-56A Rev. 3. The status of these certificates changed from “Active” to “Historical.” Cryptographic modules impacted by this change are implemented within many FedRAMP CSOs, and now CSPs are faced with a situation where their CSO is no longer compliant with a FedRAMP federal mandate to implement validated FIPS 140-2 validated cryptography. The use of validated FIPS 140-2 cryptography will jeopardize a CSP from achieving or maintaining a FedRAMP ATO.
“After June 30, 2022, modules that claim compliance to SP 800-56A or SP 800-56A-rev2 in the approved mode will be moved to the historical list.”
Source: NIST Implementation Guidance (IG) for FIPS 140-2 and the Cryptographic Module Validation Program
Additional guidance will likely be released soon by FedRAMP that will provide further clarity for CSPs. In the meantime, check out our recommendations on how to address these changes and how we can support your business through the transition.
- Coalfire recommends CSPs confirm the status of all cryptographic modules from the NIST CMVP and develop an inventory of each cryptographic module to be included with their authorization documentation. Please note that Coalfire will validate the use of cryptographic modules as part of our 3PAO assessment.
- During the review of the CMVP, we recommend CSPs identify the use of any modules in “Historical” status and identify whether or not the reason for this designation is due to the “NIST SP 800-56A rev3 transition.”
- For any module in “Historical” status due to the NIST SP 800-56A rev3 transition:
- Identify and develop a plan to implement a compliant cryptographic module or a module that is listed by NIST as “In Process” of receiving a new CMVP certificate. Record the non-compliant cryptographic modules in the POA&M and categorize the POA&M weakness as a vendor dependency.
- If the CSP is unable to identify a cryptographic module that is “Active” or “In Process” with NIST's CMVP:
- Confirm there are no known exploits targeting the cryptographic module. If there are known exploits, consider changing the cryptographic module.
- Contact the vendor of the cryptographic module for a current status and determine if the vendor plans to submit a replacement module to the CMVP for validation. Document the weakness as a POA&M item with a vendor dependency.
- If there is no plan to replace the “Historical” cryptographic module, document the weakness in the POA&M for review by the agency sponsor or JAB.
If CSPs don’t have a plan in place to implement a valid cryptographic module, their approval of a RAR submission could be jeopardized. Agency sponsors or the JAB may not approve an initial or annual assessment package submission with weaknesses associated with the use of historical certificates.
We understand the expiration of many commonly used cryptographic modules presents a challenge to FedRAMP CSPs. While waiting for additional guidance to be released by FedRAMP, CSPs should prepare by inventorying current cryptographic module usage and consider options for moving away from “Historical” modules.
This is a complex transition. If you have any questions, don’t hesitate to reach out at firstname.lastname@example.org