The
National
Cybersecurity Center of Excellence (NCCoE) has released a new draft project description, Automation of the
Cryptographic Module Validation Program (CMVP).
Release of this project description begins a process to further identify
project requirements, scope, and hardware and software components for use in a
laboratory environment.
The
NCCoE will solicit participation from industry to demonstrate first-party and
third-party tests and test tools for automation of the CMVP, as well as
first-party processes and means for communicating the results to NIST.
Increased automation is necessary because a number of elements of the current
validation processes are manual in nature, making third-party testing and
government validation of cryptographic modules often incompatible with industry
requirements. In addition to demonstrating tests, tools, and processes, this
project will also result in practice descriptions in the form of white papers,
playbook generation, and implementation demonstrations, which aim to improve
the ability and efficiency of organizations.
The public comment period is open through May 12, 2021. See the publication
details for a copy of the draft and instructions for submitting
comments. You can also help shape and contribute to this project. Join the
Community of Interest by sending an email to applied-crypto-visibility@nist.gov.