Industry participants and other interested parties are invited to participate in the Automation of the NIST Cryptographic Module Validation Program project. Please review the requirements identified in the Federal Register Notice. Anyone interested in becoming a collaborator should request and complete a Letter of Interest. The NCCoE considers participants who have submitted a completed Letter of Interest on a first-come, first-served basis.
Automation of the NIST Cryptographic Module Validation Program
NIST established the Cryptographic Module Validation Program (CMVP) to ensure that hardware and software cryptographic implementations met standard security requirements. Since its start, the number and complexity of modules to be validated has increased steadily and now outstrips available human resources for product vendors, labs, and validators. This limits product options for many organizations required to use validated cryptography, especially federal agencies. NIST has started a broad effort to modernize and automate its cryptographic validation programs.
Demonstrating the value and practicality of automation to improve the efficiency and timeliness of CMVP operation and processes
Project Abstract
The purpose of the project is to demonstrate the value and practicality of automation to improve the efficiency and timeliness of Cryptographic Module Validation Program (CMVP) operation and processes. A number of elements of the current validation processes are manual in nature, and the period required for third-party testing and government validation of cryptographic modules is often incompatible with industry requirements.
This project will demonstrate a suite of tools to modernize and automate manual review processes in support of existing policy and efforts to include technical testing of the CMVP. These automated tools will employ a vendor/manufacturer testing concept that permits organizations to perform the testing of their cryptographic products according to the requirements of FIPS 140-3, then directly report the results to NIST using appropriate protocols.
This project will demonstrate a suite of tools to modernize and automate manual review processes in support of existing policy and efforts to include technical testing of the CMVP.
Supplemental Resources
NIST hosted a virtual workshop on the topic of automation of the CMVP in October 2020. The purpose of this workshop was to discuss the challenges and proposed approaches associated with automating the CMVP.

Join the Community of Interest
A Community of Interest (COI) is a group of professionals and advisors that share business insights, technical expertise, challenges, and perspectives to guide NCCoE projects. COIs often include experts, innovators, and everyday users of cybersecurity and privacy technologies. Members typically meet monthly by teleconference. Share your expertise and consider becoming a member of this project's COI.
