Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).

View the beta site
NIST logo
Bookmark and Share

Security Testing, Validation and Measurement Group


Federal agencies, industry, and the public rely on cryptography for the protection of the information and communications used in electronic commerce, the critical infrastructure, and other application areas. The Security Testing, Validation, and Measurement Group (STVMG) supports the testing and validation of the underlying cryptographic modules and cryptographic algorithms based upon established standards. These cryptographic modules and algorithms enable products and systems to provide security services, such as confidentiality, integrity protection, and authentication. Although cryptography provides security, poor designs or weak algorithms can render a product insecure and place highly sensitive information at risk. When protecting sensitive data, federal agencies require assurance that cryptographic products meet established security requirements and use only tested and validated cryptographic modules.

STVMG’s testing-focused activities include validating cryptographic algorithm implementations, cryptographic modules, and Security Content Automation Protocol (SCAP)-enabled products; developing test suites and test methods; providing implementation guidance and technical support to industry forums; and conducting education, training, and outreach programs.

STVMG’s validation programs work together with independent cryptographic and security testing laboratories accredited by the NIST National Voluntary Laboratory Accreditation Program (NVLAP). Based on the independent laboratory test report and test evidence, the Validation Program validates an implementation under test. NIST publishes lists of awarded validations through public websites.


Cryptographic Module Validation Program (CMVP)—On July 17, 1995, the National Institute of Standards and Technology (NIST) established the Cryptographic Module Validation Program (CMVP) that validates cryptographic modules to Federal …

National Vulnerability Database (NVD)—For more information regarding the National Vulnerability Database (NVD), please visit the Computer Security Division's NVD website. The National Vulnerability Database (NVD) is the U.S. …

Cryptographic Algorithm Validation Program—The Cryptographic Algorithm Validation Program (CAVP) encompasses validation testing for FIPS-approved and NIST recommended cryptographic algorithms. Cryptographic algorithm validation is a …

Techniques for Security Risk Analysis of Enterprise Networks—Today's information systems face sophisticated attackers who combine multiple vulnerabilities to penetrate networks with devastating impact. The overall security of an enterprise network cannot be …


General Information:
Michael Cooper, Group Manager
Phone: 301-975-8077
Email: michael.cooper@nist.gov

100 Bureau Drive, M/S 8930
Gaithersburg, MD 20899-8930