To become a laboratory for the CST program there are a number of requirements.
- A lab must become accredited under the CST LAP which is part of NIST’s NVLAP.
- A lab must sign and enter into a Cooperative Research and Development Agreement (CRADA) with NIST. Click here for an example agreement.
- A lab must follow the “Principles of Proper Conduct” listed below.
- A lab must be US based if participating in the NPIVP scope.
The following list are the Scopes maintained at NIST:
- Cryptographic Algorithm Validation Program (CAVP);
- Cryptographic Module Validation Program (CMVP);
- NIST Personal Identification Verification Program (NPVIP); and
- Security Content Automation Protocol (SCAP) Validation Program.
Principles of Proper Conduct:
The laboratory shall:
- Maintain its ISO/IEC 17025 NVLAP accreditation for the Cryptographic Security Testing Program;
- Refrain from misrepresenting the scope of its accreditation;
- Act legally and honestly;
- Act ethically.
Visit the CST LAP site for a program description, information on applying for laboratory accreditation, applicable fees, NVLAP Handbooks, and associated laboratory bulletins.
A list of current labs may be found by visiting National Voluntary Laboratory Accreditation Program (NVLAP) / Directory Search and under the "Program" drop-down select “ITST: Cryptographic and Security Testing”.
Created February 16, 2017, Updated September 11, 2023