The Cryptographic Algorithm Validation Program (CAVP) is the group within NIST that oversees the validation and testing of cryptographic algorithms found in security modules. Most vendors are introduced to the CAVP while the are pursuing a FIPS 140 validation under the sibling Cryptographic Module validation Program (CMVP).
The ACVP has announced a new system for the validation of algorithms. It’s called the Automated Cryptographic Validation Test System (ACVTS). ACVTS replaces the venerable CAVS system that has been used for many years. As the name implies, ACVTS is designed to automate much of the processing of tests and reduce the overall manual labor involved in the testing process. ACTVS is a cloud-based service hosted by NIST that allows for the automated retrieval of tests and submission of results. It represents a major improvement in the workflow of validation testing!
At the core of ACVTS is the Automated Cryptographic Validation Protocol (ACVP), which defines the communications between a cryptographic module and the NIST server. The protocol contains GETS and POSTS to request and transmit various types of data, from module capabilities, to test results, and even the metadata containing the identity of the vendor of the module and environment on which testing was done.
The ACVTS will greatly benefit all participants in the testing process, but it’s not without its own challenges. Thinqsoft can help labs and vendors to work with the new ACVTS. Let us provide the domain expertise to minimize your risk in the transition to the new system. Contact us for more information.
