The maximum number of times that the output of any implementation of the decryption verification process can be INVALID before the key is retired.

Source: NIST SP 800-38C | Category: