Share

Cryptographic Module Validation Program

Companies supplying IT security or related products claiming cryptography to Federal Agencies in the U.S. and Canada must meet increasingly stringent standards relative to the Federal Information Processing Standards (FIPS) 140 family of standards. Cryptographic Module Validation Program (CMVP) is expected to play a greater role in IT security evaluations including Common Criteria.

We’re proud to announce that in August 2009, our U.S. Security Testing and Certification Laboraat locktory (STCL) became one of the few labs in the United States accredited to perform CMVP conformance testing.

Learn more through this press release.

What’s more, our STCL is one of our three Common Criteria Evaluation Labs; allowing our clients to save time, effort and resources when looking for these IT security certifications.

Through CSC’s STCL, our clients can expect:

  • Increased information assurance for their products
  • Compliance to increasingly stringent FIPS standards around cryptography

What is CMVP?

On July 17, 1995, the National Institute of Standards and Technology (NIST) established the Cryptographic Module Validation Program (CMVP) that validates cryptographic modules to FIPS 140-1 Security Requirements for Cryptographic Modules, and other FIPS cryptography based standards. These standards provide four increasing levels of security (Level 1-4), all of which are intended to cover the wide range of potential applications and environments in which cryptography may be used. Testing and validation of the cryptographic module and its underlying algorithms against the FIPS family of standards is critical in providing security assurance.

The CMVP is a joint effort between NIST and the Communications Security Establishment Canada (CSEC). FIPS 140-2, Security Requirements for Cryptographic Modules, was released on May 25, 2001 and supersedes FIPS 140-1. Modules validated as conforming to FIPS 140-1 and FIPS 140-2 are accepted by the Federal Agencies of both the United States and Canada for the protection of sensitive information.

Learn More

Find out more about CSC’s CMVP capabilities, by contacting us. Or, fill out this request for information form and we'll contact you!

For more information from NIST about the Cryptographic Module Validation Program, click here.

View a list of CSC's Contracts for Conformance Testing.

 

Security