To become a laboratory for the CST program there are a number of requirements.

1. A lab must become accredited under the CST LAP which is part of NIST’s NVLAP.
2. A lab must sign and enter into a Cooperative Research and Development Agreement (CRADA) with NIST.  Click here for an example agreement.
3. A lab must follow the “Principles of Proper Conduct” listed below.
4. A lab must be US based if participating in the NPIVP scope.

The following list are the Scopes maintained at NIST:

• Cryptographic Algorithm Validation Program (CAVP);
• Cryptographic Module Validation Program (CMVP);
• NIST Personal Identification Verification Program (NPVIP); and
• Security Content Automation Protocol (SCAP) Validation Program.

Principles of Proper Conduct:

The laboratory shall:

1. Maintain its ISO/IEC 17025 NVLAP accreditation for the Cryptographic Security Testing Program;
2. Refrain from misrepresenting the scope of its accreditation;
3. Act legally and honestly;
4. Act ethically.

Visit the CST LAP site for a program description, information on applying for laboratory accreditation, applicable fees, NVLAP Handbooks, and associated laboratory bulletins. 

A list of current labs may be found by visiting National Voluntary Laboratory Accreditation Program (NVLAP) / Directory Search and under the "Program" drop-down select “ITST: Cryptographic and Security Testing”.