Automation of the NIST Cryptographic Module Validation Program

Download the Project Description & Comment

The NCCoE has released a draft of the project description, Automation of the NIST Cryptographic Module Validation Program. Use the button below to view this publication.

Download the PDF »

Current Status

We are seeking your feedback on our recently released draft project description for Automation of the Cryptographic Module Validation Program (CMVP). The build team is currently reviewing feedback that was received during the public comment period.

Questions and comments on this publication may be submitted to applied-crypto-testing@nist.gov.

Summary

The purpose of the project is to demonstrate the value and practicality of automation to improve the efficiency and timeliness of Cryptographic Module Validation Program (CMVP) operation and processes. A number of elements of the current validation processes are manual in nature, and the period required for third-party testing and government validation of cryptographic modules is often incompatible with industry requirements.

The project will demonstrate a suite of tools to modernize and automate manual review processes in support of existing policy and efforts to include technical testing of the CMVP. These automated tools will employ a vendor/manufacturer testing concept that permits organizations to perform the testing of their cryptographic products according to the requirements of FIPS 140-3, then directly report the results to NIST using appropriate protocols.

NIST hosted a virtual workshop on the topic of automation of the CMVP in October 2020. The purpose of this workshop was to discuss the challenges and proposed approaches associated with automating the CMVP.  View the workshop recording and related resources.

Join Our Community of Interest

Interested in joining the Automation of the NIST Cryptographic Module Validation Program Community of Interest? Contact us!

A Community of Interest is a group of professionals and technical advisors convened to support the cybersecurity resiliency of the U.S. economy. Read More.

Related News & Events