Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Preliminary Draft NIST SP 1800-40A: Automation of the NIST Cryptographic Module Validation Program
June 07, 2023

The National Cybersecurity Center of Excellence (NCCoE) has released a preliminary practice guide, Automation of the NIST Cryptographic Module Validation Programfor public comment through July 25, 2023.  

This project is part of NIST’s larger initiative to modernize its Cryptographic Module Validation Program (CMVP).   

About this Project  

Since the CMVP’s beginnings, demands for the latest technology, cryptographic module fixes, and patch releases have outpaced NIST’s validation model. Today, NIST is working to reduce the length of the validation cycle, while maintaining and improving assurance levels.   

The goals of this practice guide are to: 

  1. Support NIST with shortening the validation cycle—The team will develop a proof of concept that includes a CMVP validation service; a set of structured tests, schema, and protocols for evidence submission; and a repeatable approach for testing and cloud-based testing. The team will also build a corresponding computing infrastructure to automate validation processes.
  2. Keep the CMVP community informed—Of any proposed approaches and/or changes to advance the CMVP.  

Share Your Expertise 

Your expertise and insights can help inform and shape later volumes of this guide. Submit your feedback now through July 25, 2023.  

Stay Connected 

To receive news and updates about our progress, please join the Applied Cryptography Community of Interest. Learn more about this project by visiting the CMVP project page. And follow us on Twitter @NISTcyber

Related Topics

Security and Privacy: security automation, testing & validation

Created June 06, 2023, Updated June 07, 2023