CMVP

The Cryptographic Module Validation Program (CMVP) is a program jointly managed by Communications Security Establishment (CSE) and National Institute of Standards and Technology (NIST) for the validation of cryptographic modules to the Federal Information Processing Standard (FIPS) 140-1 and FIPS 140-2, and other cryptography based standards. CSE is the Canadian certification authority.

The goal of the CMVP is to provide a list of Information Technology (IT) security products ready for procurement, that have been successfully validated to the FIPS 140 standard. Procuring and deploying a FIPS validated product ensures that the CSE recommended cryptographic algorithms are being used, and that they have been implemented correctly.

For more information, please contact the ITS Client Services

CMVP Accredited Laboratories
NIST
CMVP Standards
What is FIPS-140?
CAVP

Accredited Laboratories

In the Cryptographic Module Validation Program (CMVP), vendors of commercial cryptographic modules use independent, accredited Cryptographic and Security Testing laboratories to have their modules tested. Laboratories accredited by National Voluntary Laboratory Accreditation Program (NVLAP) perform cryptographic module compliance/conformance testing.

National Institute of Standards and Technology (NIST)

The main website for the National Institute of Standards and Technology (NIST)/Communications Security Establishment (CSE)/Cryptographic Module Validation Program (CMVP) is hosted by NIST, and contains complete details on the program, all the related standards and documents, as well as the official lists of Federal Information Processing Standard (FIPS) 140-1 and FIPS 140-2 validated cryptographic modules and FIPS 140-1 and FIPS 140-2 Vendors.

Cryptographic Module Validation Program (CMVP) Standards

The Cryptographic Module Validation Program (CMVP) validates commercial cryptographic modules to Federal Information Processing Standard (FIPS) 140-2 and other cryptography based standards such as algorithms. The CMVP is jointly managed by National Institute of Standards and Technology (NIST) and Communications Security Establishment (CSE). Products validated as conforming to FIPS 140-1 or FIPS 140-2 are accepted by the Federal agencies of both countries for the protection of sensitive information (United States) or Protected Information (Canada).

What is Federal Information Processing Standard (FIPS)-140?

The Federal Information Processing Standard (FIPS) 140-2 specifies the security requirements that will be satisfied by a cryptographic module utilized within a security system protecting protected information. The standard provides four increasing, qualitative levels of security: Level 1, Level 2, Level 3 and Level 4.

Cryptographic Algorithm Validation Program (CAVP)

The Cryptographic Algorithm Validation Program (CAVP) encompasses validation testing according to Federal Information Processing Standard (FIPS) and National Institute of Standards and Technology (NIST)/Communications Security Establishment (CSE) recommended cryptographic algorithms and components of algorithms. Cryptographic algorithm validation is a prerequisite to the Cryptographic Module Validation Program (CMVP).

Prior to using any cryptographic module, organizations should request the vendor to provide a copy of its FIPS 140-1 or FIPS 140-2 validation certificate as evidence of CMVP validation, or, as a minimum, the validation certificate number. The version number of the deployed cryptographic module should be identical to the number listed for the claimed certificate, and it can be verified on-line.

Search

About us

IT Security

Careers

Tutte Institute