CMVP
Accredited Laboratories
In the Cryptographic Module Validation Program (CMVP), vendors of commercial cryptographic modules use independent, accredited Cryptographic and Security Testing laboratories to have their modules tested. Laboratories accredited by National Voluntary Laboratory Accreditation Program (NVLAP) perform cryptographic module compliance/conformance testing.
National Institute of Standards and Technology (NIST)
The main website for the National Institute of Standards and Technology (NIST)/Communications Security Establishment (CSE)/Cryptographic Module Validation Program (CMVP) is hosted by NIST, and contains complete details on the program, all the related standards and documents, as well as the official lists of Federal Information Processing Standard (FIPS) 140-1 and FIPS 140-2 validated cryptographic modules and FIPS 140-1 and FIPS 140-2 Vendors.
Cryptographic Module Validation Program (CMVP) Standards
The Cryptographic Module Validation Program (CMVP) validates commercial cryptographic modules to Federal Information Processing Standard (FIPS) 140-2 and other cryptography based standards such as algorithms. The CMVP is jointly managed by National Institute of Standards and Technology (NIST) and Communications Security Establishment (CSE). Products validated as conforming to FIPS 140-1 or FIPS 140-2 are accepted by the Federal agencies of both countries for the protection of sensitive information (United States) or Protected Information (Canada).
What is Federal Information Processing Standard (FIPS)-140?
The Federal Information Processing Standard (FIPS) 140-2 specifies the security requirements that will be satisfied by a cryptographic module utilized within a security system protecting protected information. The standard provides four increasing, qualitative levels of security: Level 1, Level 2, Level 3 and Level 4.
Cryptographic Algorithm Validation Program (CAVP)
The Cryptographic Algorithm Validation Program (CAVP) encompasses validation testing according to Federal Information Processing Standard (FIPS) and National Institute of Standards and Technology (NIST)/Communications Security Establishment (CSE) recommended cryptographic algorithms and components of algorithms. Cryptographic algorithm validation is a prerequisite to the Cryptographic Module Validation Program (CMVP).
Prior to using any cryptographic module, organizations should request the vendor to provide a copy of its FIPS 140-1 or FIPS 140-2 validation certificate as evidence of CMVP validation, or, as a minimum, the validation certificate number. The version number of the deployed cryptographic module should be identical to the number listed for the claimed certificate, and it can be verified on-line.
- Date modified: