| Standard | FIPS 140-3 |
|---|---|
| Overall level | 1 |
| Module type | Firmware-hybrid |
| Embodiment | Single Chip |
| Status | Active |
| Sunset date | 7/21/2029 |
| Caveat | Interim validation. The module generates random strings whose strengths are modified by available entropy. |
| Vendor | Qualcomm Technologies, Inc. |
| Algorithm | ACVP Cert |
|---|---|
| Hash DRBG | A2065 |
| Hash DRBG | A2753 |
| SHA2-256 | A2064 |
| SHA2-256 | A2065 |
| SHA2-256 | A2218 |
| SHA2-256 | A2719 |
| SHA2-256 | A2753 |
| SHA2-256 | A2754 |
| SHA2-256 | A3327 |
flowchart LR
%% Deterministic review-risk graph for Qualcomm® Pseudo Random Number Generator
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>update</i>"]
C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Status Output<br/>Self-test</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>HTTPS<br/>no library/version identified</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>application</i>"]
end
subgraph Inference["Derived inference"]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C5,C6 clue;
class I2,I3,I5,I6 infer;
class R2,R3,R5,R6 risk;
class E2,E3,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for Qualcomm® Pseudo Random Number Generator
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>update</i><br/>src: text:keyword"]
C3["[low] Self-test / status surface (referenced in text)<br/><i>Status Output<br/>Self-test</i><br/>src: text:keyword"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>HTTPS<br/>no library/version identified</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>application</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C3,C5,C6 clueLow;Qualcomm® Pseudo Random Number Generator Version 1.1 Last update: 2024-06-11 Prepared by: atsec information security corporation
Austin, TX 78759 www.atsec.com © 2022-2024 Qualcomm Technologies, Inc. Snapdragon and Qualcomm branded products are products of Qualcomm Technologies, Inc. and/or its subsidiaries.
| # | Section | Page |
|---|
This Security Policy describes the features and design of the module named Qualcomm Pseudo Random Number Generator using the terminology contained in the FIPS 140-3 specification. The FIPS 140-3 Security Requirements for Cryptographic Modules specifies the security requirements that will be satisfied by a cryptographic module utilized within a security system protecting sensitive but unclassified information. The NIST/CCCS Cryptographic Module Validation Program (CMVP) validates cryptographic modules to FIPS 140-3. Validated products are accepted by the Federal agencies of both the USA and Canada for the protection of sensitive or designated information. The Security Policy document is one document in a FIPS 140-3 Submission Package. In addition to this document, the Submission Package contains:
further consolidated into this document by atsec information security together with other vendorsupplied documentation. In preparing the Security Policy document, the laboratory formatted the vendor-supplied documentation for consolidation without altering the technical statements therein contained. The further refining of the Security Policy document was conducted iteratively throughout the conformance testing, wherein the Security Policy was submitted to the vendor, who would then edit, modify, and add technical contents. The vendor would also supply additional documentation, which the laboratory formatted into the existing Security Policy, and resubmitted to the vendor for their final editing. This document is the non-proprietary FIPS 140-3 Security Policy for the Qualcomm Pseudo Random Number Generator. It has a one-to-one mapping to the [SP 800-140B] starting with section B.2.1 named “General” that maps to section 1 in this document and ending with section B.2.12 named “Mitigation of other attacks” that maps to section 12 in this document. ISO/IEC 24759 Section FIPS 140-3 Section Title Security Level 6. [Number Below]
1 General 1
2 Cryptographic Module Specification 1
3 Cryptographic Module Interfaces 1
4 Roles, Services, and Authentication 1
5 Software/Firmware Security 1
6 Operational Environment N/A
7 Physical Security 2
8 Non-invasive Security N/A
9 Sensitive Security Parameter Manage- 1
10 Self-tests 1
11 Life-cycle Assurance 2
12 Mitigation of Other Attacks N/A
Table 1 - Security Levels © 2022-2024 Qualcomm Technologies, Inc.
The Qualcomm Pseudo Random Number Generator is classified as a single chip firmware-hybrid module for the purpose of FIPS 140-3 validation. It is designed to provide random numbers. The Qualcomm Pseudo Random Number Generator is a collection of hardware and firmware components contained within the Snapdragon® 8 Gen 1 Mobile Platform SoC, the Snapdragon 8+ Gen 1 Mobile Platform SoC, the Qualcomm QCM6490 SoC and the Qualcomm QCS6490 SoC. The Qualcomm Pseudo Random Number Generator implements a SHA-256 Hash_DRBG as defined in SP 800-90Ar1. The firmware component of the module controls the physical entropy source and DRBG configuration parameters. The configuration is fixed for a given version of the firmware and cannot be altered by the operator of the module. # Operating System Hardware Platform Processor PAA/Acceleration
1 Qualcomm® Snapdragon 8 Gen 1 Snapdragon 8 Gen 1 N/A
Trusted Execution Mobile Platform Mobile Platform Environment (TEE) TZ.XF.5.16
2 Qualcomm TEE Snapdragon 8+ Gen 1 Snapdragon 8+ Gen 1 N/A
TZ.XF.5.18 Mobile Platform Mobile Platform
3 Qualcomm TEE Qualcomm QCM6490 Qualcomm QCM6490 N/A
TZ.XF.5.11 and and Qualcomm QCS6490 Qualcomm QCS6490 Table 2 - Tested Operational Environments The hardware components in this submission are identified by one hardware version (3.0.0). The firmware component (“hybrid_prng_library”) has distinct versions (represented by a hash value), depending on the operational environment. The following firmware versions are included (in the same order as the operational environments listed in Table 2): 1. 79f3650da911b60d69384fc282c3d366a1a31bb1d1ad17855970b5655a491fadd258ddd441 63c90afe68b7a1766da625533f1f12e9819dade4cdf913dd7138d 2. 3baa04170e303e524a1d7b47675098e13bb84f3158c559d0883ed6e8ab27fd5ddd258ddd44 163c90afe68b7a1766da625533f1f12e9819dade4cdf913dd7138d 3. b332427132413a158e4250ec1ad69a9ded5241353692905b39b9a3e981e6f9a4dd258ddd4 4163c90afe68b7a1766da625533f1f12e9819dade4cdf913dd7138d The approved algorithms implemented by the module are listed in Table 3. CAVP Algorithm and Mode / Description / Key Size(s) / Key Use / Function Cert Method Strength(s) Standard #A2064, SHA / FIPS 180-4 SHA-256 SHA-256 digest computation Hash for DRBG #A2754 (Implemented in hardware) #A2065, SHA / FIPS 180-4 SHA-256 SHA-256 digest computation Hash for DRBG #A2753 (Implemented in hardware) © 2022-2024 Qualcomm Technologies, Inc.
CAVP Algorithm and Mode / Description / Key Size(s) / Key Use / Function Cert Method Strength(s) Standard #A2065, DRBG / SP-800-90Ar1 Hash_DRBG SHA-256 Random number #A2753 (Implemented in hardware) generation #A2218 SHA / FIPS 180-4 SHA-256 SHA from firmware Hash for integrity component (version 1) test #A2719 SHA / FIPS 180-4 SHA-256 SHA from firmware Hash for integrity component (version 2) test #A3327 SHA / FIPS 180-4 SHA-256 SHA from firmware Hash for integrity component test (version 3) Table 3 - Approved Algorithms NOTE: the module does not implement any non-approved but allowed, non-approved but allowed with no security claimed, or non-approved algorithms.
The physical perimeter of the Qualcomm Pseudo Random Number Generator is the physical perimeter of the Snapdragon 8 Gen 1 Mobile Platform, Snapdragon 8+ Gen 1 Mobile Platform, Qualcomm QCM6490 and Qualcomm QCS6490 that contains the components which implement the Qualcomm Pseudo Random Number Generator. Consequently, the embodiment of the Qualcomm Pseudo Random Number Generator is a single-chip cryptographic module. Below is an illustrative diagram. © 2022-2024 Qualcomm Technologies, Inc.
Figure 1: Block Diagram Figure 2 - [Snapdragon 8 Gen 1 Mobile Platform] © 2022-2024 Qualcomm Technologies, Inc.
Figure 3 - [Snapdragon 8+ Gen 1 Mobile Platform] Figure 4 - [Qualcomm QCM6490] © 2022-2024 Qualcomm Technologies, Inc.
The Qualcomm Pseudo Random Number Generator supports only an approved mode which is entered without any human assistance. All possible configurations entered via the registers are supported and do not violate the constraints of the approved mode. When the Qualcomm Pseudo Random Number Generator is powered on, the pre-operational selftest and cryptographic algorithm self-tests are executed automatically without any operator intervention. The Qualcomm Pseudo Random Number Generator enters the operational mode automatically if all self-tests complete successfully. If any of self-tests fail during power-up, the Qualcomm Pseudo Random Number Generator goes into error state. All cryptographic services are prohibited while in error state. When an error state is entered, the Qualcomm Pseudo Random Number Generator can be reset to reinitialize itself. The status of the module can be determined by its availability. If the Qualcomm Pseudo Random Number Generator is available, it has passed all self-tests. If it is unavailable, it is in the error state. The table in section 4.2 lists all security functions of the module employed for approved services and implemented modes of operation. © 2022-2024 Qualcomm Technologies, Inc.
Physical port Logical Interface Data that passes over port/interface Registers Data Input Input parameters for data Data Out Registers Data Output Output parameters for data Registers Control Input Input parameters for control Registers Status Output Return code, status values Physical power Power port or pin for single-chip Power Input connector Table 4 - Ports and Interfaces As indicated in Table 4, all status output and control input are directed through the interface of the cryptographic boundary, which is the registers of the Qualcomm Pseudo Random Number Generator. For data input, the registers provide the interface. For data output, the data output is provided via data out registers. The module does not implement a control output interface. © 2022-2024 Qualcomm Technologies, Inc.
Role Service Input Output SHA-256 Hash_DRBG Personalization string, Random string Crypto Of- requested output length ficer (CO) Self-test None Pass/fail results of self-tests Status output None Current status in status output interface (as return codes and/or log messages). Show version None Version of the module Zeroization All SSPs None Table 5 - Roles, Service Commands, Input and Output The Qualcomm Pseudo Random Number Generator meets all FIPS 140-3 Security Level 1 requirements for Roles and Services, implementing the Crypto Officer role. It does not allow concurrent operators. The Crypto Officer role is implicitly assumed by the entity accessing services implemented by the module. No authentication is required. The Crypto Officer can initialize the Qualcomm Pseudo Random Number Generator and perform the approved services.
The Qualcomm Pseudo Random Number Generator does not support bypass capability. It provides random data from the SHA-256 Hash_DRBG. Table 6 describes the services available in operational mode. The following access rights are used in the table:
Service Description Approved Keys and/or Roles Access rights Indicator Security SSPs to Keys Functions and/or SSPs Status output Show status of the None N/A CO N/A None module state Show version Show the version None N/A CO N/A None of the module Zeroization Zeroizes all SSPs None DRBG entropy CO Z None in the module input string; DRBG internal state V and C, DRBG seed Table 6 - Approved Services © 2022-2024 Qualcomm Technologies, Inc.
The integrity of the firmware component of the module is verified by using SHA-256 value stored in the module that was computed at build time.
Integrity tests are performed as part of the Pre-Operational Self-Tests. A reset of the cryptographic module can be used to perform the "on-demand" integrity test.
The module's firmware component consists of only executable code (a binary). © 2022-2024 Qualcomm Technologies, Inc.
The Qualcomm Pseudo Random Number Generator is a single chip firmware-hybrid module at security level 1. The operational environment is non-modifiable.
See the tested operational environments in Table 2.
There are no security rules, settings or restrictions to the configuration of the operational environment. © 2022-2024 Qualcomm Technologies, Inc.
The Qualcomm Pseudo Random Number Generator Cryptographic Module is a single-chip firmwarehybrid module which conforms to the level 2 requirements for physical security. The Qualcomm Pseudo Random Number Generator is a single chip enclosed in a production grade component. At the time of manufacturing, the die is embedded within a printed circuit board (PCB), which prevents visibility into the internal circuity of the Qualcomm Pseudo Random Number Generator. The layering process which is used to embed the die into the PCB also prevents tampering of the physical components without leaving tamper evidence. The Qualcomm Pseudo Random Number Generator is further protected by being enclosed in commercial off the shelf mobile device utilizing production grade commercially available components and that the mobile device enclosure completely surrounds the Qualcomm Pseudo Random Number Generator. There are no steps required to ensure that physical security is maintained. © 2022-2024 Qualcomm Technologies, Inc.
The Qualcomm Pseudo Random Number Generator does not support any non-invasive security techniques, this section is not applicable. © 2022-2024 Qualcomm Technologies, Inc.
The DRBG used to generate random bits is an SP 800-90Ar1 compliant SHA-256 Hash_DRBG without prediction resistance. It processes a personalization string that is written by the calling application into a hardware register for use by the module. The calling application has read/write access to the hardware register that holds the personalization string. The DRBG obtains 550 samples of 4 bits each as entropy input, from the entropy source. As the entropy source provides the min entropy rate of 0.420625 bits per sample, the 550 samples provide
231 bits of entropy, so the DRBG is limited to 231 bits of effective security strength in its output.
Consequently, the module generates random strings whose strengths are modified by available entropy. The PUD for E67 can be found at https://csrc.nist.gov/CSRC/media/projects/cryptographicmodule-validation-program/documents/entropy/E67_PublicUse.pdf and the PUD for E95 can be found at . https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/entropy/E95_PublicUse.pdf. Entropy Source Minimum number of Details bits of entropy Entropy Source of the 231 The DRBG entropy input string is provided by Qualcomm Pseudo Ran- the digitized entropy data from the physical dom Number Generator noise source. ESV certificates E67 and E95 Table 7 - Non-Deterministic Random Number Generation Specification
The entropy input string inputs to the DRBG are generated internal to the hardware and do not have an external interface. The DRBG internal state is never output from the module. Key/SSP Strength Security Generation Import Establish- Storage Zero- Use and Name Function /Export ment ization related /Type and Cert. keys Number DRBG en- 231 bits DRBG Entropy N/A N/A Hardware Module Used to tropy input (A2065 and Source of registers reset compute string A2753) the Qual- the DRBG comm seed Pseudo ran- Related dom Number SSPs: Generator DRBG internal (ESV certs state, #E67 and DRBG seed #E95) DRBG 231 bits DRBG Internally in N/A N/A Hardware Module Used to seed (A2065 and the DRBG registers reset compute A2753) the DRBG internal © 2022-2024 Qualcomm Technologies, Inc.
state V and C Related SSPs: DRBG internal state, DRBG entropy input string DRBG in- 231 bits DRBG Internally in N/A N/A Hardware Module Random ternal (A2065 and the DRBG registers reset number state V A2753) generation and C Related SSPs: DRBG entropy input string, DRBG seed Table 8 - SSPs
The module does not provide any SSP generation service or perform SSP generation for any of its approved algorithms. The caller of the DRBG could use the random strings output for SSP generation, but this service is not explicitly provided by the module. The module does not provide any kind of SSP establishment, entry, or output.
The entropy input string and internal state used by the DRBG are generated internally by the hardware and are not accessible externally to the Qualcomm Pseudo Random Number Generator. Zeroization of the DRBG CSPs is accomplished by a reset event of the SoC. The registers for the CSPs will implicitly be set to zero upon the reset, indicating the zeroization was successful. © 2022-2024 Qualcomm Technologies, Inc.
Self-tests implemented by the module consist of the pre-operational integrity test and cryptographic algorithm self-test used for algorithm implementations. All self-tests are automatically performed without any operator intervention during power-up of the module (with the exception of the physical entropy source continuous health tests). This includes the pre-operational integrity test and the cryptographic algorithm self-tests. While the module is executing the self-tests, services are not available, and input and output are inhibited. For information about the error state, refer to Section 10.4.
The firmware integrity test is run at startup of the module. The CAST for SHA-256 is executed before the integrity test is run. Algorithm Test SHA-256 Integrity test for the firmware component Table 9 - Pre-Operational Self-Tests
The module performs self-tests on all FIPS approved cryptographic algorithms as part of the approved services using the tests shown in Table 10. The module transitions to the operational state only after the cryptographic algorithm self-tests are passed successfully. The physical entropy source continuous health tests are performed throughout the operation of the module. Algorithm Test KAT performed for SHA-256 used for integrity test SHA-256 (firmware) KAT performed for both SHA-256 cores independently SHA-256 (hardware) SP 800-90Ar1 DRBG KAT for DRBG only (hardware) Physical entropy Startup health tests, performed on 1024 consecutive source samples Continuous health tests (RCT and APT as defined in SP 800-90B) Table 10 - Conditional Algorithm Self-Tests
A power cycle or reset event is the methodology used to perform the "on-demand" tests. © 2022-2024 Qualcomm Technologies, Inc.
If any of the pre-operational self-tests or conditional self-tests fail, the Qualcomm Pseudo Random Number Generator will enter the error state. Data output is prohibited, and no further cryptographic operation is allowed in the error state. This is performed by the control logic and prevents external usage when an error is detected. To recover from the error state, re-initialization is possible by successful execution of the power up tests, which can be triggered by either a power-off/power-on cycle or the receipt of a reset event. Once locked, the Qualcomm Pseudo Random Number Generator will only respond to a reset which will cause it to re-execute the power up tests. If the error persists, the Qualcomm Pseudo Random Number Generator will remain unavailable. Error State Cause of Error Status Indicator Error Integrity test or CAST failure Error status (firmware) TZBSP_ERR_FATAL_PRNG_FIPS_HYBRID_ERR Continuous health test failure Error status TZ_RNG_STATUS__PRNG_PERMANENT_FAILURE is set Cryptographic algorithm self- BIST_FAILURE indicator is set test failure (hardware) Table 11 - Error States © 2022-2024 Qualcomm Technologies, Inc.
The Qualcomm Pseudo Random Number Generator is a single chip module in the Snapdragon 8 Gen
1 Mobile Platform, Snapdragon 8+ Gen 1 Mobile Platform, Qualcomm QCM6490 and Qualcomm
QCS6490. The chips are delivered from the vendor via a trusted delivery courier. Upon delivery, the customer can detect any potential tampering by visually inspecting the chips. Any tampering will result in obvious damage or scratches and will likely render the chips non-functional. Once the product is received by the customer and powered up the self-tests defined in Section 10 will be executed.
As stated in Section 9.4, the module does not possess persistent storage of SSPs. The SSP value only exists in volatile memory and that value is zeroized when the module is powered off. The procedure for secure sanitization of the module at the end of life is simply to power it off, which is the action of zeroization of the SSPs (Section 9.4). As a result of this sanitization via power-off, the SSP is removed from the module, so that the module may either be distributed to other operators or disposed.
There is no specific crypto officer guidance required for the module.
ClearCase, a version control system from IBM/Rational, is used to manage the revision control of the hardware code (Verilog code) and hardware documentation. The ClearCase version control system provides version control, workspace management, parallel development support, and build auditing. The Verilog code is maintained within the ClearCase database used by Qualcomm Technologies, Inc. Perforce Visual Client(P4V), a version control system from Perforce, is used to manage the revision control of the Qualcomm firmware code. The Perforce Visual Client provides version control, branching and merging of code lines, and concurrent development. © 2022-2024 Qualcomm Technologies, Inc.
The module does not implement security mechanisms to mitigate other attacks. © 2022-2024 Qualcomm Technologies, Inc.
Appendix A. Glossary and Abbreviations CAVP Cryptographic Algorithm Validation Program CMT Cryptographic Module Testing CMVP Cryptographic Module Validation Program CSP Critical Security Parameter CVT Component Verification Testing DRBG Deterministic Random Bit Generator FIPS Federal Information Processing Standards Publication FSM Finite State Model KAT Known Answer Test NIST National Institute of Science and Technology PR Prediction Resistance RNG Random Number Generator SHA Secure Hash Algorithm SHS Secure Hash Standard SoC System on Chip © 2022-2024 Qualcomm Technologies, Inc.
Appendix B. References FIPS140-3 FIPS PUB 140-3 - Security Requirements For Cryptographic Modules March 2019 https://doi.org/10.6028/NIST.FIPS.140-3 FIPS140-3_IG Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program March 2024 https://csrc.nist.gov/Projects/cryptographic-module-validation-program/fips-1403-ig-announcements FIPS180-4 Secure Hash Standard (SHS) March 2012 http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf SP800-90Ar1 NIST Special Publication 800-90A - Revision 1 - Recommendation for Random Number Generation Using Deterministic Random Bit Generators June 2015 http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf SP800-90B (Second DRAFT) NIST Special Publication 800-90B - Recommendation for the Entropy Sources Used for Random Bit Generation January 2018 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90B.pdf SP800- NIST Special Publication 800-140B - CMVP Security Policy 140Br1 Requirements November 2023 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-140Br1.pdf © 2022-2024 Qualcomm Technologies, Inc.