The Cryptographic Module Validation Program (CMVP) is a joint American and Canadian security accreditation program for cryptographic modules. The program is available to any vendors who seek to have their products certified for use by the
U.S. Government and regulated industries (such as financial and health-care institutions) that collect, store, transfer, share and disseminate "
sensitive, but not classified" information. All of the tests under the CMVP are handled by third-party laboratories that are accredited as
Cryptographic Module Testing Laboratories by the
National Voluntary Laboratory Accreditation Program (NVLAP). Product certifications under the CMVP are performed in accordance with the requirements of
FIPS 140-2
The Federal Information Processing Standard Publication 140-2, (FIPS PUB 140-2), is a U.S. government computer security standard used to approve cryptographic modules. The title is ''Security Requirements for Cryptographic Modules''. Initial pu ...
and
FIPS 140-3
The Federal Information Processing Standard Publication 140-3, (FIPS PUB 140-3), is a U.S. government computer security standard used to approve cryptographic modules. The title is ''Security Requirements for Cryptographic Modules''. Initial publ ...
.
The CMVP was established by the U.S.
National Institute of Standards and Technology
The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into Outline of p ...
(NIST) and the
Communications Security Establishment
The Communications Security Establishment (CSE; french: Centre de la sécurité des télécommunications, ''CST''), formerly (from 2008-2014) called the Communications Security Establishment Canada (CSEC), is the Government of Canada's national ...
(CSE) of the
Government of Canada
The government of Canada (french: gouvernement du Canada) is the body responsible for the federal administration of Canada. A constitutional monarchy, the Crown is the corporation sole, assuming distinct roles: the executive, as the ''Crown-i ...
in July 1995.
The Cryptographic Algorithm Validation Program (CAVP), which provides guidelines for validation testing for FIPS approved and NIST recommended cryptographic algorithms and components of algorithms, is a prerequisite for CMVP.
Notes
External links
NIST Cryptographic Module Validation Program
{{crypto-stub
Cryptography standards