Exciting News: The Publication of ISO/IEC 19790:2025 and ISO/IEC 24759:2025

Exciting News: The Publication of ISO/IEC 19790:2025 and ISO/IEC 24759:2025

The cryptographic module validation community has been eagerly anticipating this moment, and it has finally arrived! We are thrilled to announce the official publication of ISO/IEC 19790:2025 and ISO/IEC 24759:2025—the latest updates to the internationally recognized standards for cryptographic module security and testing.

Since the adoption of ISO/IEC 19790:2012/Cor 1:2015 and ISO/IEC 24759:2017 as the foundation for FIPS 140-3 in March 2019, the Cryptographic Module Validation Program (CMVP) staff, testing laboratories, and industry vendors have been actively engaged in refining these standards via Cryptographic Module User Forum (CMUF) FIPS 140-3 Working Group (WG). Their invaluable feedback over the past five years has played a crucial role in shaping the improvements now reflected in the 2025 editions.

The publication of ISO/IEC 19790:2025 and ISO/IEC 24759:2025 is a testament to the collaborative efforts of all stakeholders in the cryptographic validation ecosystem. From government agencies and regulatory bodies to testing laboratories and technology vendors, this milestone reflects a shared commitment to strengthening cryptographic security worldwide.

Dr. Yi Mao, CEO of atsec information security corporation, stated: “It’s been atsec’s great pride to host the CMUF collaborative platform, lead the FIPS 140-3 WG alongside with the CMVP, coordinate the feedback process, and act as a liaison between the CMUF and the ISO/IEC JTC1/SC27 WG3. We’re thrilled to see everyone’s efforts pay off.”

To find out what’s new in ISO/IEC 19790:2025 and ISO/IEC 24759:2025, please attend our upcoming FIPS ‘n’ Chips bootcamp, on March 25. It’s a free event accessible to anyone interested where we will have a poster session to display key highlights of the essential updates incorporated in the new publication that address the evolving landscape of cryptographic technology, security assurance, and testing methodologies. Although the event accommodates remote listeners, in-person participation is highly encouraged for the best value of this timely event, as it aims to deliver fresh out-of-oven information to the community, and we have a fabulous lineup of speakers ranging from NIST, NIAP, industry leaders, and atsec’s well-respected colleagues. We anticipate enthusiastic discussions on the selected topics, including (but not limited to!) Post-Quantum Cryptography (PQC), chip security, and compliance requirements, ensuring that they remain robust and relevant in the face of emerging cybersecurity threats.

Last – but certainly not least - we’d like to extend a heartfelt thanks to the editors of these two ISO standards for their tireless efforts throughout the process. The lead editor of ISO/IEC 19790, Carolyn French, spoke at our crypto bootcamp last year, and she generously made her slides available on our event webpage. We want to give a shout-out to her extraordinarily leadership, having addressed hundreds of comments and presenting to the world a much better version of these standards.