U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cryptographic Algorithm Validation Program CAVP

Accessing the ACVTS

The Automated Cryptographic Validation Testing System (ACVTS) comprises two main environments that support the Automated Cryptographic Validation Protocol (ACVP): the demonstration environment (ACVTS Demo aka “Demo”) and the production environment (ACVTS Prod aka “Prod”). Demo is a sandbox-style environment in which users may test their algorithm implementations and ACVP client applications. The Demo environment should be considered semi-volatile, meaning that any information stored in it is subject to loss at any time, though we do strive to keep the environment as stable and intact as possible. Prod is the environment used for issuing algorithm validations under the NIST Cryptographic Algorithm Validation Program (CAVP), and as such is restricted to accredited CST laboratories and 17ACVT laboratories.

 

Accessing ACVTS Demo

The process for gaining access to the ACVTS demonstration environment is as follows:

  1. Email acvts-demo@nist.gov requesting credentials for access to ACVTS Demo.
     
  2. Receive an email from one of the ACVTS system administrators with instructions and requirements for generating a CSR (Certificate Request) file, as well as notification of applicable policies and disclaimers regarding system access.
     
  3. Generate the CSR per the specific requirements and send it securely to the System Administrator using the provided instructions.
     
  4. The System Administrator will validate that the CSR meets the stated requirements and will proceed to generate the signed certificate and send it securely to the requester. At this point in the process, the user will have access to the environment.

 

Accessing ACVTS Prod

As stated above, ACVTS Prod access is only available to accredited CST laboratories and 17ACVT laboratories.

In order to gain access to Prod, a laboratory must first demonstrate proficiency in the Demo environment. This is done by requesting credentials to access the ACVTS Demo environment (see instructions above), completing a full validation through the certification step and receiving a validation. Upon requesting access to the production environment, the user must supply the test sessions and valid demo certificate number of their successful run in the demo environment. Furthermore, a user is only authorized to run algorithms in production that they have previously run at least once through certification in the demo environment. This rule ensures that labs must demonstrate proficiency in each algorithm in demo before completing validations in production.

The process for gaining access to the ACVTS production environment as an existing accredited CST laboratory is as follows:

  1. Email acvts-prod@nist.gov requesting access to the ACVTS Prod environment, ensuring to include the test sessions and valid Demo certificate number of their successful run in the Demo environment.
     
  2. An ACVTS System Administrator will validate that the requester has existing unexpired credentials in the Demo environment and review the provided test session information. If there are any issues or questions, the System Administrator will reach out to the requester via email for further clarification.
     
  3. Receive an email from one of the ACVTS system administrators with instructions and requirements for generating a CSR (Certificate Request) file, as well as notification of applicable policies and disclaimers regarding system access.
     
  4. Generate the CSR per the specific requirements and send it securely to the System Administrator using the provided instructions.
     
  5. The System Administrator will validate that the CSR meets the stated requirements and will proceed to generate the signed certificate and send it securely to the requester. At this point in the process, the user will have access to the environment.

 

Becoming a 17ACVT Laboratory

The process for gaining access to the ACVTS production environment as a 17ACVT laboratory is as follows:

  1. Complete the NVLAP application and submit the fees to NVLAP. Information about the 17ACVT scope can be found in Annex G of NVLAP Handbook 150-17. The application can be found on the NVLAP page. The full accreditation must be completed before access is granted to the Prod environment.
     
  2. Forward the CAVP Program Manager your proof of completing the Demo environment requirements. At this point, the CAVP Program Manager will check with NVLAP to see that (1.) has been completed. If so, Prod credentials can be made and distributed for the applying 17ACVT laboratory.
     
  3. The newly accredited 17ACVT laboratory must reach out to the CMVP Program Manager to obtain a CRADA (Cooperative Research and Development Agreement) for that financial year (October 1st - September 30th the following calendar year). At this time, the CAVP will create a billing account for the newly accredited 17ACVT laboratory. Once the signed CRADA is verified, the Production credentials will be distributed.
     
  4. The first requests the new laboratory should make are on the billing endpoints to request an allotment of vector sets for purchase. All labs must have an allotment of vector sets available in order to request vector sets to be generated. More information about the endpoints and purchases can be found on GitHub.

The estimated time to complete steps 1-3 is approximately 2-4 months. Much of the time depends on scheduling the on-site audit for the NVLAP accreditation process. The estimated time to complete step 4 is 3-4 business days, if payment is made immediately after receiving the invoice. 

Created October 05, 2016, Updated March 08, 2021