Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).

View the beta site
NIST logo

Cryptographic & Security Testing LAP


This site has been established for applicants to the NVLAP Cryptographic and Security testing laboratory accreditation program. On this site you will find important program information and links to documents required for successful participation in the program.

Program Description

The Cryptographic and Security Testing (CST) Laboratory Accreditation Program (LAP), initially named Cryptographic Module Testing (CMT), was established by NVLAP to accredit laboratories that perform cryptographic modules validation conformance testing under the Cryptographic Module Validation Program (CMVP). In response to other mandates and requests, additional testing has been added to the program to include algorithm testing for the Cryptographic Algorithm Validation Program (CAVP), testing to improving the identification and authentication of Federal employees and contractors for access to Federal facilities and information systems for the NIST Personal Identification Verification Program (NPIVP), test methods for the GSA FIPS 201 Evaluation Program which build upon NPIVP test methods as the GSA Precursor (GSAP), testing to validate the implementation of the Security Content Automation Protocol (SCAP) standards within security software modules, and conformance testing to methods supportive of the Department of Homeland Security's Identity and Privilege Credential Management; e.g, Transportation Worker Identification Credential (TWIC).

For information on the requirements of accreditation, see NIST Handbook 150, which contains the general requirements that are the basis for accreditation of any laboratory regardless of the discipline or area for which a laboratory seeks accreditation. In addition, a cryptographic and security testing laboratory must meet the specific requirements found in the NIST Handbook 150-17, "Cryptographic and Security Testing," and the relevant test methods for the testing which the laboratory seeks accreditation.

Proficiency Testing Requirements

At the present time, there is no ongoing established program for proficiency testing of laboratories accredited for cryptographic and security testing beyond the initial artifact testing that is completed by an initial applicant to the program.


Bookmark and Share


Dana S. Leaman, Program Manager

Phone: 301-975-4679

E-mail: dana.leaman@nist.gov


Identity Privilege and Credential Management Testing

Identity Privilege and Credential Management Testing has been added to the Cryptographic and Security Testing Laboratory Accreditation Program.  The revision to Handbook 150-17 has been published to include this method and is now available.

See full text of this announcement in NVLAP Lab Bulletin LB-66-2012, Addition of TWIC Card Testing to the NVLAP Cryptographic and Security Testing LAP.