Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Cryptographic Algorithm Validation Program

How to Access ACVTS

Accessing the ACVTS

The Automated Cryptographic Validation Testing System (ACVTS) comprises two main environments that support the Automated Cryptographic Validation Protocol (ACVP): the demonstration environment (ACVTS Demo aka “Demo”) and the production environment (ACVTS Prod aka “Prod”).  Demo is a sandbox-style environment in which users may test their algorithm implementations and ACVP client applications.  The Demo environment should be considered semi-volatile, meaning that any information stored in it is subject to loss at any time, though we do strive to keep the environment as stable and intact as possible.  Prod is the environment used for issuing algorithm validations under the NIST Cryptographic Algorithm Validation Program (CAVP), and as such is restricted to accredited CST laboratories*.

 

Accessing ACVTS Demo

The process for gaining access to the ACVTS demonstration environment is as follows:

  1. Email acvts-demo@nist.gov requesting credentials for access to ACVTS Demo.
     
  2. Receive an email from one of the ACVTS system administrators with instructions and requirements for generating a CSR (Certificate Request) file, as well as notification of applicable policies and disclaimers regarding system access.
     
  3. Generate the CSR per the specific requirements and send it securely to the System Administrator using the provided instructions.
     
  4. The System Administrator will validate that the CSR meets the stated requirements and will proceed to generate the signed certificate and send it securely to the requester. At this point in the process, the user will have access to the environment.

 

Accessing ACVTS Prod

As stated above, ACVTS Prod access is only available to accredited CST laboratories*.

In order to gain access to Prod, a CST laboratory must first demonstrate proficiency in the Demo environment.  This is done by requesting credentials to access the ACVTS Demo environment (see instructions above), completing a full validation through the certification step and receiving a validation.  Upon requesting access to the production environment, the user must supply the test sessions and valid demo certificate number of their successful run in the demo environment.  Furthermore, a user is only authorized to run algorithms in production that they have previously run at least once through certification in the demo environment.  This rule ensures that labs must demonstrate proficiency in each algorithm in demo before completing validations in production.

The process for gaining access to the ACVTS production environment is as follows:

  1. Email acvts-prod@nist.gov  requesting access to the ACVTS Prod environment, ensuring to include the test sessions and valid demo certificate number of their successful run in the demo environment.
     
  2. An ACVTS System Administrator will validate that the requester has existing unexpired credentials in the Demo environment and review the provided test session information. If there are any issues or questions, the System Administrator will reach out to the requester via email for further clarification.
     
  3. Receive an email from one of the ACVTS system administrators with instructions and requirements for generating a CSR (Certificate Request) file, as well as notification of applicable policies and disclaimers regarding system access.
     
  4. Generate the CSR per the specific requirements and send it securely to the System Administrator using the provided instructions.
     
  5. The System Administrator will validate that the CSR meets the stated requirements and will proceed to generate the signed certificate and send it securely to the requester. At this point in the process, the user will have access to the environment.

 

*NIST CAVP and the National Voluntary Laboratory Accreditation Program (NVLAP) offer an interim process for gaining access to ACVTS Prod for organizations seeking accreditation for the first time under the Automated Cryptographic Validation Testing (ACVT) scope only (i.e., algorithm validation testing only, not FIPS 140-2 module validation).  The deadline for beginning the interim process, defined by the filing date of the NVLAP accreditation application and payment of fee, is 31 December 2019.  Please contact the CAVP Program Manager for requirements and more information.

Created October 05, 2016, Updated November 22, 2019