The National Cybersecurity Center of Excellence (NCCoE) has released a preliminary practice guide, Automation of the NIST Cryptographic Module Validation Program, for public comment through July 25, 2023.
This project is part of NIST's larger initiative to modernize its Cryptographic Module Validation Program (CMVP).
About this Project
Since the CMVP's beginnings, demands for the latest technology, cryptographic module fixes, and patch releases have outpaced NIST's validation model. Today, NIST is working to reduce the length of the validation cycle, while maintaining and improving assurance levels.
The goals of this practice guide are to:
- Support NIST with shortening the validation cycle-The team will develop a proof of concept that includes a CMVP validation service; a set of structured tests, schema, and protocols for evidence submission; and a repeatable approach for testing and cloud-based testing. The team will also build a corresponding computing infrastructure to automate validation processes.
- Keep the CMVP community informed-Of any proposed approaches and/or changes to advance the CMVP.
/Public Release. This material from the originating organization/author(s) might be of the point-in-time nature, and edited for clarity, style and length. Mirage.News does not take institutional positions or sides, and all views, positions, and conclusions expressed herein are solely those of the author(s).View in full here.
