NIST Transitioning Away from SHA-1 for All Applications

 NIST is introducing a plan to transition away from the current
limited use of the Secure Hash Algorithm 1 (SHA-1) hash function. Other
approved hash functions are already available. The transition will be completed
by December 31, 2030, and NIST will engage with stakeholders throughout the
transition process.
See the full
for more details.

Before December 31, 2030, NIST plans to:

  • Publish Federal Information
    Processing Standard (FIPS) 180-5 (a revision of FIPS 180) to remove the
    SHA-1 specification,
  • Revise NIST Special
    Publication (SP) 800-131A
    and other affected NIST publications
    to reflect the planned withdrawal of SHA-1, and
  • Create and publish a transition
    strategy for the Cryptographic Module Validation Program (CMVP) and the
    Cryptographic Algorithm Validation Program (CAVP).

Throughout this process, NIST will actively engage with government
agencies, validation testing laboratories, vendors, Standards Developing
Organizations, sector/industry organizations, users, and other stakeholders to
minimize potential impacts and facilitate a smooth transition.

NIST encourages these entities to begin planning for this
transition now
. By completing their transition before
December 31, 2030, stakeholders – particularly cryptographic module vendors –
can help minimize potential delays in the validation process.


Send questions about the transition in an email to Visit the Policy on Hash
page on CSRC to learn more.