Virtual Workshop on the Automation of the NIST Cryptographic Module Validation Program (CMVP)

Workshop Overview

The National Institute of Standards and Technology (NIST) hosted a virtual workshop on the Automation of the NIST Cryptographic Module Validation Program (CMVP) on Monday, October 5, 2020. The number of cryptographic module validations has outstripped the available human resources for timely validation processing. This phenomenon is affecting all stakeholders participating in the CMVP (vendors, labs, and validators alike). The purpose of the workshop discussed the challenges and proposed approaches associated with automating the CMVP. The approach to CMVP automation must be based on consistent and reproducible evidence generated and reported by the producers of technologies that implement cryptographic capabilities. The findings from this workshop will inform the development of a potential National Cybersecurity Center of Excellence (NCCoE) demonstration project that supports the Federal Information Processing Standards (FIPS) 140-3 Cryptographic Module Validation Program. The automated program should show a capability to process and deliver results at machine speed.