Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cryptographic Module Validation Program CMVP

Modules In Process

DISCLAIMER: The Cryptographic Module Validation Program (CMVP) Modules In Process and Implementation Under Test (IUT) Lists are provided for information purposes only. Participation on the list is voluntary and is a joint decision by the vendor and Cryptographic Security and Testing (CST) laboratory. Modules are listed alphabetically by vendor name. Posting on the list does not imply guarantee of final validation.
The MIP and IUT lists have been updated. Each entry now indicates whether it being tested to meet FIPS 140-2 or FIPS 140-3 requirements.


The status of each cryptographic module in the process is identified below.

Modules In Process List

  • Review Pending
    • Complete set of testing documents submitted to NIST and CCCS for review. The set includes: draft certificate, summary module description, detailed test report, nonproprietary security policy, web-site information. In addition, some CST labs include a separate physical testing report.
    • Signed letter from laboratory stating recommendation for validation received by NIST and CCCS.
  • In Review
    • NIST and CCCS reviewers assigned.
    • NIST and CCCS perform a review of the test documents.
    • Comments coordinated by NIST and CCCS reviewers and a consolidated set of comments sent to the CST laboratory.
  • Coordination (this process may be iterative)
    • Comments received by the CST laboratory from NIST and CCCS for resolution.
    • Additional testing (if required).
    • Additional documentation (if required).
    • Comments resolution developed for resubmission to NIST and CCCS.
    • Testing documents updated for resubmission to NIST and CCCS.
    • Responses to comments and revised test documents submitted to NIST and CCCS.
  • Finalization
    • Final resolution of validation review comments submitted to NIST and CCCS.
    • Testing documents updated based on resolutions and submitted to NIST and CCCS.
    • Certificate number assigned.
    • Certificate posting.

Implementation Under Test List

  • Implementation Under Test (IUT)
    • There exists a viable contract between the vendor and CST laboratory for the testing of the cryptographic module.
    • The cryptographic module is resident at the CST laboratory.
    • All of the required documentation is resident at the CST laboratory. (Note: if the vendor requires the CST lab personnel to test the cryptographic module onsite, all documents must be onsite with the module.) 

If the module report was submitted to the CMVP but placed on HOLD by request from the CST Laboratory, the status is reflected as IUT.

Created October 11, 2016, Updated June 10, 2024