Modules In Process
DISCLAIMER: The Cryptographic Module Validation Program (CMVP) Modules In Process and Implementation Under Test (IUT) Lists are provided for information purposes only. Participation on the list is voluntary and is a joint decision by the vendor and Cryptographic Security and Testing Laboratory (CSTL). Modules are listed alphabetically by vendor name. Posting on the list does not imply guarantee of final validation.
The status / state of each cryptographic module in the process is identified below with the current action in parenthesis.
Modules In Process List
- Cost Recovery (NIST Billing and CSTL)
- Testing is completed, and the complete set of documents is submitted to the CMVP for review. This includes a signed letter from the CSTL stating recommendation for validation.
- NIST CMVP cost recovery fees are being collected (applicable to a subset of submission scenarios).
- A submission cannot move to the next state until NIST Billing receives payment.
- Pending Resubmission (CSTL)
- CMVP performs targeted review (Triage review) and these comments (if any) are sent to the CSTL.
- CSTL is addressing these comments and will resubmit package to the CMVP.
- If there are no comments or once comments are addressed and resubmitted, module moves to "Pending Review".
- Pending Review (CMVP)
- CMVP reviewers are assigned and is awaiting CMVP review, pending resource availability.
- One reviewer is identified as the point of contact (POC) for CMVP to interact with the CST laboratory to address comments.
- Review (CMVP)
- CMVP is reviewing the module submission documents.
- Comments are coordinated by CMVP POC reviewer and a consolidated set of comments are being prepared to send to the CSTL.
- Coordination (Comment Resolution – Lab or Comment Resolution – CMVP)
- Comment Resolution – Lab
- Comments received by the CST laboratory from CMVP for resolution.
- Additional testing (if required).
- Additional documentation (if required).
- Comments resolution developed for resubmission to CMVP.
- Testing documents updated for resubmission to CMVP.
- Comment Resolution – CMVP
- Comment resolution and revised test documents submitted to CMVP for further CMVP comments or approval.
- Finalization (CMVP and CSTL)
- All Coordination issues are addressed.
- One final review will be performed by CMVP and CSTL. Finalization issues (if any) will move the report back into Coordination.
- With successful completion of the final review, the certificate number is assigned and the validation is posted to the CMVP Validation List.
Implementation Under Test List
- Implementation Under Test (IUT)
- The vendor submits the cryptographic module for testing to an accredited CST laboratory and there exists a viable contract.
- The cryptographic module and all requirement documentation is resident at the CSTL (Note: if the vendor requires the CSTL personnel to test the cryptographic module onsite, all documents must be onsite with the module.)
- Cryptographic module validation testing is being performed using the Derived Test Requirements (DTR).
The figure below illustrates the interactions that happen between Vendor, CST Lab, and CMVP, capturing the MIP List states described above. For more information, please refer to Section 4 of the CMVP FIPS 140-3 Management Manual.
