FIPS 140-2 Cryptographic Module Validation Program

 As an NVLAP designated Lab (200697-0), ICSA Labs can test cryptographic modules to ensure they meet the FIPS 140-2 requirements for cryptographic module validation. Please see the ICSA Labs CST FIPS 140-2 Process.

FIPS 140-2 Cryptographic Module Validation Program (CMVP) is detailed in the FIPS 140-2 Derived Test Requirements (DTR). The Cryptographic Algorithm Validation Program (CAVP) is a prerequisite to this program.

 A vendor needs to thoroughly review all of the cryptographic references which relate to their cryptographic module.  Read over the FIPS 140-2 and CAVP's site for algorithm specifics specifications.  While reviewing these references, the vendor should determine which security level they want their cryptographic module to achieve. The vendor should also start preparing the necessary documentation and evidence relating to their cryptographic module.  

The mini checklist is provided as an aid.

 When all of the documentation is prepared, the vendor is ready for testing to start on their cryptographic module. ICSA Labs has designed the ICSA Labs CST Vendor Worksheet to aid the vendor in taking the cryptographic module from the unvalidated state into the testing process, and achieve CMVP or CAVP validation.
To schedule testing, or to discuss the certification process with a validation expert, please email us or call:

Harry Brittain, Senior Account Executive - 717.790.8111
Jennifer Brady, CST Lab Manager - 717.790.8131

Return to Government Testing Services