Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).

View the beta site
NIST logo
Bookmark and Share

Security Testing, Validation and Measurement Group


Federal agencies, industry, and the public rely on cryptography for the protection of information and communications used in electronic commerce, critical infrastructure, and other application areas. At the core of all products offering cryptographic services is the cryptographic module. Cryptographic modules, which contain cryptographic algorithms, are used in products and systems to provide security services such as confidentiality, integrity, and authentication. Although cryptography is used to provide security, weaknesses such as poor design or weak algorithms can render a product insecure and place highly sensitive information at risk. When protecting their sensitive data, federal government agencies require a minimum level of assurance that cryptographic products meet their security requirements. Also, federal agencies are required to use only tested and validated cryptographic modules. Adequate testing and validation of the cryptographic module and its underlying cryptographic algorithms against established standards is essential to provide security assurance.


Cryptographic Module Validation Program (CMVP)—On July 17, 1995, the National Institute of Standards and Technology (NIST) established the Cryptographic Module Validation Program (CMVP) that validates cryptographic modules to Federal …

National Vulnerability Database (NVD)—For more information regarding the National Vulnerability Database (NVD), please visit the Computer Security Division's NVD website. The National Vulnerability Database (NVD) is the U.S. …

Cryptographic Algorithm Validation Program—The Cryptographic Algorithm Validation Program (CAVP) encompasses validation testing for FIPS-approved and NIST recommended cryptographic algorithms. Cryptographic algorithm validation is a …

Techniques for Security Risk Analysis of Enterprise Networks—Today's information systems face sophisticated attackers who combine multiple vulnerabilities to penetrate networks with devastating impact. The overall security of an enterprise network cannot be …


General Information:
Michael Cooper, Group Manager
Phone: 301-975-8077
Email: michael.cooper@nist.gov

100 Bureau Drive, M/S 8930
Gaithersburg, MD 20899-8930