This project is currently in the build phase. We have selected the technology collaborators who have signed a Cooperative Research and Development Agreement (CRADA) with NIST.
This project will demonstrate how automation can improve the efficiency and timeliness of CMVP operations and processes. Many elements in the current validation processes are manual in nature, and the period required for third-party testing and government validation of cryptographic modules is often incompatible with industry requirements.
This project will demonstrate a suite of tools to modernize and automate manual review processes in support of existing policy and efforts to include technical testing of the CMVP. These automated tools will employ a vendor/manufacturer testing concept that permits organizations to perform the testing of their cryptographic products according to the requirements of FIPS 140-3, then directly report the results to NIST using appropriate protocols.
This project will demonstrate a suite of tools to modernize and automate manual review processes in support of existing policy and efforts to include technical testing of the CMVP.
In October 2020, NIST hosted a virtual workshop to discuss the challenges and proposed approaches associated with automating the CMVP with members of industry and government experts.
Organizations participating in this project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capability from academia and industry (vendors and integrators). The following respondents with relevant capabilities or product components (identified as “Technology Partners/Collaborators” herein) signed a CRADA to collaborate with NIST in a consortium to build this example solution.
Join the Community of Interest
A Community of Interest (COI) is a group of professionals and advisors who share business insights, technical expertise, challenges, and perspectives to guide NCCoE projects. COIs often include experts, innovators, and everyday users of cybersecurity and privacy technologies. Share your expertise and consider becoming a member of this project's COI.