Automation of the NIST Cryptographic Module Validation Program

Download the Final Project Description & Submit a Letter of Interest

The NCCoE released the final project description, Automation of the NIST Cryptographic Module Validation Program, and has now published a Federal Register Notice seeking collaborators for the project. Use the buttons below to view this publication and submit a Letter of Interest to become a collaborator. 

Download the PDF » Submit an LOI »

Current Status

The NCCoE is inviting industry participants and other interested parties to participate in the NCCoE’s Cryptographic Module Validation Program (CMVP) project.  If you are interested in joining the project team as a collaborator, please review the requirements identified in the Federal Register Notice which is based on the final project description. Next, complete this short form and we will send you a Letter of Interest (LOI) template along with instructions.

Completed LOIs are considered on a first-come, first served basis.

To gain further insights into this project, the 2020 CMVP workshop recording and related materials are available.    

Summary

The purpose of the project is to demonstrate the value and practicality of automation to improve the efficiency and timeliness of Cryptographic Module Validation Program (CMVP) operation and processes. A number of elements of the current validation processes are manual in nature, and the period required for third-party testing and government validation of cryptographic modules is often incompatible with industry requirements.

The project will demonstrate a suite of tools to modernize and automate manual review processes in support of existing policy and efforts to include technical testing of the CMVP. These automated tools will employ a vendor/manufacturer testing concept that permits organizations to perform the testing of their cryptographic products according to the requirements of FIPS 140-3, then directly report the results to NIST using appropriate protocols.

NIST hosted a virtual workshop on the topic of automation of the CMVP in October 2020. The purpose of this workshop was to discuss the challenges and proposed approaches associated with automating the CMVP.  View the workshop recording and related resources.

 

Engage with the CMVP Team

Join Our Community of Interest

Interested in joining the Automation of the NIST Cryptographic Module Validation Program Community of Interest? Contact us!

A Community of Interest is a group of professionals and technical advisors convened to support the cybersecurity resiliency of the U.S. economy. Read More.

Related News & Events