Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Testing Laboratories


To become a laboratory for the CST program there are a number of requirements.

  1. A lab must become accredited under the CST LAP which is part of NIST’s NVLAP.
  2. A lab must sign and enter into a Cooperative Research and Development Agreement (CRADA) with NIST.  Click here for an example agreement.
  3. A lab must follow the “Principles of Proper Conduct” listed below.
  4. A lab must be US based if participating in the NPIVP scope.

The following list are the Scopes maintained at NIST:

  • Cryptographic Algorithm Validation Program (CAVP);
  • Cryptographic Module Validation Program (CMVP);
  • NIST Personal Identification Verification Program (NPVIP); and
  • Security Content Automation Protocol (SCAP) Validation Program.

Principles of Proper Conduct:

The laboratory shall:

  1. Maintain its ISO/IEC 17025 NVLAP accreditation for the Cryptographic Security Testing Program;
  2. Refrain from misrepresenting the scope of its accreditation;
  3. Act legally and honestly;
  4. Act ethically.

Visit the CST LAP site for a program description, information on applying for laboratory accreditationapplicable feesNVLAP Handbooks, and associated laboratory bulletins

A list of current labs may be found by visiting National Voluntary Laboratory Accreditation Program (NVLAP) / Directory Search and under the "Program" drop-down select “ITST: Cryptographic and Security Testing”.



Created February 16, 2017, Updated September 11, 2023