Cryptographic Module Validation Program (CMVP)
Our U.S. Security Testing and Certification Laboratory (STCL) has become one of the few labs in the United States accredited to perform Crypto Module Validation Program (CMVP) conformance testing.
Companies supplying IT security or related products claiming cryptography to Federal Agencies in the U.S. and Canada must meet increasingly stringent standards relative to the Federal Information Processing Standards (FIPS) 140 family of standards. Cryptographic Module Validation Program (CMVP) is expected to play a greater role in IT security evaluations including Common Criteria.
Through CSC’s STCL, our clients can expect:
- Increased information assurance for their products
- Compliance to increasingly stringent FIPS standards around cryptography
What is CMVP?
On July 17, 1995, the National Institute of Standards and Technology (NIST) established the Cryptographic Module Validation Program (CMVP) that validates cryptographic modules to FIPS 140-1 Security Requirements for Cryptographic Modules, and other FIPS cryptography based standards. These standards provide four increasing levels of security (Level 1-4), all of which are intended to cover the wide range of potential applications and environments in which cryptography may be used. Testing and validation of the cryptographic module and its underlying algorithms against the FIPS family of standards is critical in providing security assurance.
The CMVP is a joint effort between NIST and the Communications Security Establishment Canada (CSEC). FIPS 140-2, Security Requirements for Cryptographic Modules, was released on May 25, 2001 and supersedes FIPS 140-1. Modules validated as conforming to FIPS 140-1 and FIPS 140-2 are accepted by the Federal Agencies of both the United States and Canada for the protection of sensitive information.
To find out more about CSC's CMVP capabilities, Contact Us.
Learn More about CMVP Conformance Testing.