The Cryptographic Algorithm Validation Program (CAVP) encompasses validation testing for FIPS-approved and NIST recommended cryptographic algorithms. Cryptographic algorithm validation is a prerequisite to the Cryptographic Module Validation Program (CMVP). The CAVP was established by NIST and the Communications Security Establishment Canada (CSEC) in July 1995. All of the tests under the CAVP are handled by third-party laboratories that are accredited as Cryptographic and Security Testing (CST) Laboratories by the National Voluntary Laboratory Accreditation Program (NVLAP). Vendors interested in validation testing of their algorithm implementation may select any of the accredited laboratories.
The CAVP is a collaborative program based on a partnership between NIST’s Computer Security Division and the Communication Security Establishment Canada (CSEC). The goal of the CAVP is to provide federal agencies—in the United States, Canada, and the United Kingdom—with confidence that a validated cryptographic algorithm has been implemented correctly. This is accomplished by designing and developing validation test suites for every FIPS-approved and NIST recommended cryptographic algorithm. The test suites contain tests that verify the correct implementation of the detailed instructions of an algorithm. Federal agencies, industry, and the public can choose cryptographic algorithm implementations from the associated Algorithm Validation Lists and have confidence in the claimed level of security.
The CAVP has stimulated improved quality of cryptographic algorithm implementations. Statistics from the testing laboratories show that 27 percent of the cryptographic algorithms brought in for voluntary testing had security flaws that were corrected during testing.
The CAVP currently validates implementations of the following cryptographic algorithms: Advanced Encryption Standard (AES), Triple Data Encryption Standard (TDES), Skipjack, Digital Signature Algorithm ( DSA), Elliptic Curve DSA (ECDSA), RSA, Secure Hash Algorithm (SHA), Random Number Generator (RNG), Deterministic Random Bit Generator (DRBG), Key Agreement Schemes (KAS), Block Cipher-based MAC (CMAC), Counter with CBC-Message Authentication Code, (CCM), Keyed Hash Message Authentication Code (HMAC), Galois /Counter Mode (GCM) and GMAC.
The CAVP currently has validation testing for the following FIPS-approved and NIST recommended cryptographic algorithms:
Issued over 1000 algorithm validations for both AES and SHA implementations as of 2009
Lead Organizational Unit:ITL
Federal: National Voluntary Laboratory Accreditation Program
Industry: American National Standards Institute (ANSI)
Global: Communications Security Establishment Canada (CSEC)
Related Programs and Projects:
For more information regarding the Cryptographic Algorithm and Validation Program (CAVP), please visit the Computer Security Resource Center (CSRC).
Validation System (VS) documents describing the suite of validation tests required for algorithm validation. They can be accessed via clicking on the Validation System (VS) above. These VS documents are:
100 Bureau Drive