Call for Public Comment on Automation of the NIST CMVP

The National Cybersecurity Center of Excellence (NCCoE) has released preliminary draft NIST Special Publication 1800-40A, Automation of the NIST Cryptographic Module Validation Program, for public comment through July 25, 2023.

AEGISOLVE is collaborating with the National Cybersecurity Center of Excellence (NCCoE) on “Automation of the NIST Cryptographic Module Validation Program (CMVP).” The goal of this project to modernize and automate NIST’s cryptographic validation programs. NIST does not evaluate commercial products under this consortium and does not endorse any product or service used. Additional information on this consortium can be found here.

This project is part of NIST’s larger initiative to modernize its Cryptographic Module Validation Program (CMVP).

About this Project

Since the CMVP’s beginnings, demands for the latest technology, cryptographic module fixes, and patch releases have outpaced NIST’s validation model. Today, NIST is working to reduce the length of the validation cycle, while maintaining and improving assurance levels.

The goals of this practice guide are to:

1. **Support NIST with shortening the validation cycle—**The team will develop a proof of concept that includes a CMVP validation service; a set of structured tests, schema, and protocols for evidence submission; and a repeatable approach for testing and cloud-based testing. The team will also build a corresponding computing infrastructure to automate validation processes.
2. **Keep the CMVP community informed—**Of any proposed approaches and/or changes to advance the CMVP.

Share Your Expertise

Your expertise and insights can help inform and shape later volumes of this guide. Submit your feedback now through July 25, 2023.