Date Published: April 12, 2021
Comments Due:
Email Questions to:
Author(s)
Apostol Vassilev (NIST), Chris Celi (NIST), Gavin O'Brien (NIST), Murugiah Souppaya (NIST), William Barker (Dakota Consulting)
Announcement
The National Cybersecurity Center of Excellence (NCCoE) has released a new draft project description, Automation of the Cryptographic Module Validation Program (CMVP). Publication of this project description begins a process to further identify project requirements, scope, and hardware and software components for use in a laboratory environment.
The NCCoE will solicit participation from industry to demonstrate first-party and third-party tests and test tools for automation of the CMVP, as well as first-party processes and means for communicating the results to NIST. Increased automation is necessary because a number of elements of the current validation processes are manual in nature, making third-party testing and government validation of cryptographic modules often incompatible with industry requirements. In addition to demonstrating tests, tools, and processes, this project will also result in practice descriptions in the form of white papers, playbook generation, and implementation demonstrations, which aim to improve the ability and efficiency of organizations.
The public comment period for this draft is open through May 12, 2021. You can also help shape and contribute to this project. Join the Community of Interest by sending an email to applied-crypto-visibility@nist.gov.
The NIST NCCoE is initiating a project to demonstrate the value and practicality of automation support for the Cryptographic Module Validation Program (CMVP). The outcome of the project is intended to be improvement in the efficiency and timeliness of CMVP operation and processes. This effort is one of a series of activities focused on automation of CMVP testing and data flow, and it follows the successful completion of the automation of the Cryptographic Algorithm Validation Program (CAVP), the automation of the processing of the cryptographic testing evidence, and the rollout of Web CRYPTIK, an application for submitting results to the CMVP. This project description documents the project background, a proposed scenario to be demonstrated, a high-level demonstration platform architecture with a list of desired components, and standards and guidance to be followed in project development and execution. The results of the demonstration project will inform the operational integration and deployment of automation in the NIST CMVP.
The NIST NCCoE is initiating a project to demonstrate the value and practicality of automation support for the Cryptographic Module Validation Program (CMVP). The outcome of the project is intended to be improvement in the efficiency and timeliness of CMVP operation and processes. This effort is one...
See full abstract
The NIST NCCoE is initiating a project to demonstrate the value and practicality of automation support for the Cryptographic Module Validation Program (CMVP). The outcome of the project is intended to be improvement in the efficiency and timeliness of CMVP operation and processes. This effort is one of a series of activities focused on automation of CMVP testing and data flow, and it follows the successful completion of the automation of the Cryptographic Algorithm Validation Program (CAVP), the automation of the processing of the cryptographic testing evidence, and the rollout of Web CRYPTIK, an application for submitting results to the CMVP. This project description documents the project background, a proposed scenario to be demonstrated, a high-level demonstration platform architecture with a list of desired components, and standards and guidance to be followed in project development and execution. The results of the demonstration project will inform the operational integration and deployment of automation in the NIST CMVP.
Hide full abstract
Keywords
automated cryptographic validation (ACV); Automated Cryptographic Validation Protocol (ACVP); Cryptographic Algorithm Validation Program (CAVP); Cryptographic Module Validation Program (CMVP); cryptography; first-party testing; Implementation Under Test (IUT); National Voluntary Laboratory Accreditation Program (NVLAP); third-party testing
Control Families
None selected