Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 1800-40 (Initial Preliminary Draft)

Automation of the NIST Cryptographic Module Validation Program

Date Published: June 7, 2023
Comments Due: July 25, 2023 (public comment period is CLOSED)
Email Questions to:


Apostol Vassilev (NIST), Murugiah Souppaya (NIST), William Barker (Dakota Consulting)


Since the beginning of the Cryptographic Module Validation Program (CMVP), demands for the latest technology, cryptographic module fixes, and patch releases have outpaced NIST’s validation model. Today, NIST is working to reduce the length of the validation cycle, while maintaining and improving assurance levels. The goals of this practice guide are to support NIST with shortening the validation cycle and to keep the CMVP community informed of any proposed approaches and/or changes to the CMVP.

This project will result in a publicly available NIST Cybersecurity Practice Guide in the Special Publication 1800 series, which contains practical steps and guidance to implement our cybersecurity reference designs.

Control Families

None selected


NIST SP 1800-40A iprd

Supplemental Material:
Project homepage

Document History:
06/07/23: SP 1800-40 (Draft)


Security and Privacy

security automation, testing & validation