The Cryptographic Module Validation Program Conference 2002 will be held on March 26-27, 2002 at the Washington Plaza Hotel in Washington DC. Sponsored by NIST and the Canadian Security Establishment (CSE), this conference will focus on the Cryptographic Module Validation Program (CMVP).

The CMVP Conference will include presentations and discussions on the new FIPS 140-2 standard, Security Requirements for Cryptographic Modules, differences between FIPS 140-1 and FIPS 140-2, algorithm testing suites, Common Criteria and the CMVP, a number of panel discussions from Federal and user agencies and a laboratory panel discussion.

Federal agencies and departments are required to comply with FIPS 140-2. This involves the acquisition of validated cryptographic modules (which may be incorporated in a product/application) for protecting sensitive but unclassified data. Cryptographic modules are used to provide security services such as confidentially, integrity, and authentication. FIPS 140-2 provides users with 1) a specification of security features that are required at each security level, 2) flexibility in choosing security requirements and environments, and 3) a guide to ensuring the modules incorporate necessary security features.

Who should attend?

• Security IT Developers (hardware and software)
• Security IT Users
• Cryptographic Module Vendors
• Procurement Specialists
• Testing Laboratories
• IT Managers

Sessions and Topics:

• FIPS 140-2 Tutorial
• FIPS 140-1 and FIPS 140-2 Differences
• Testing to FIPS 140-2
• Algorithm Testing
• National Voluntary Laboratory Accreditation Program (NVLAP)
• Agency Panel
• American National Standards Institute (ANSI)/International Organization for Standardization (ISO) Panel
• CSE/ITS Products Pre-qualification Program (IPPP)
• Common Criteria and CMVP
• CMVP Laboratory Panel