U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cryptographic Module Validation Program CMVP

FIPS 140-3 Management Manual

NEW! Draft FIPS 140-3 CMVP Management Manual (updated December 23 2022)

A new draft FIPS 140-3 CMVP Management Manual has been released for comment. This is a major revision with significant changes highlighted in yellow.
Please send any comments using the Comments Template to CMVPcomments@list.nist.gov. Comments for the FIPS 140-3 CMVP Management Manual are due February 3, 2023. 


The purpose of the CMVP Management Manual is to provide effective lab management and coordination with the management of the CMVP. The CMVP Management Manual includes a description of the CMVP process and is applicable to the Validation Authority, the CST Laboratories, and the vendors who participate in the program.

Consumers who procure validated cryptographic modules may also be interested in the contents of this manual. This manual outlines the management activities and specific responsibilities which have been assigned to the various participating groups. This manual does not deal with the actual standards and technical aspects of the standards.

Archived Draft FIPS 140-3 Management Manual (7-13-2022)

Archived Draft FIPS 140-3 Management Manual (9-18-2020)

Created October 11, 2016, Updated August 17, 2023