U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.


We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

Testing Laboratories


To become a laboratory for the CST program there are a number of requirements.

  1. A lab must become accredited under the CST LAP which is part of NIST’s NVLAP.
  2. A lab must sign and enter into a Cooperative Research and Development Agreement (CRADA) with NIST.  Click here for an example agreement.
  3. A lab must follow the “Principles of Proper Conduct” listed below.
  4. A lab must be US based if participating in the NPIVP scope.

The following list are the Scopes maintained at NIST:

  • Cryptographic Algorithm Validation Program (CAVP);
  • Cryptographic Module Validation Program (CMVP);
  • NIST Personal Identification Verification Program (NPVIP); and
  • Security Content Automation Protocol (SCAP) Validation Program.

Principles of Proper Conduct:

The laboratory shall:

  1. Maintain its ISO/IEC 17025 NVLAP accreditation for the Cryptographic Security Testing Program;
  2. Refrain from misrepresenting the scope of its accreditation;
  3. Act legally and honestly;
  4. Act ethically.

Visit the CST LAP site for a program description, information on applying for laboratory accreditationapplicable feesNVLAP Handbooks, and associated laboratory bulletins

A list of current labs may be found by visiting National Voluntary Laboratory Accreditation Program (NVLAP) / Directory Search and under the "Program" drop-down select “ITST: Cryptographic and Security Testing”.



Created February 16, 2017, Updated June 22, 2020