Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.


The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Security Testing, Validation and Measurement

We advance information security testing, measurement science, and conformance.


Federal agencies, industry, and the public rely on cryptography for the protection of information and communications used in electronic commerce, critical infrastructure, and other application areas. When protecting their sensitive data, federal government agencies require a minimum level of assurance that cryptographic products meet their security requirements. Federal agencies are also required to use only tested and validated cryptographic modules. Adequate testing and validation of the cryptographic module and its underlying cryptographic algorithms against established standards is essential to provide security assurance.

The Security Testing, Validation, and Measurement (STVM) Group’s testing-focused activities include validating cryptographic algorithm implementations, cryptographic modules, and Security Content Automation Protocol (SCAP)-compliant products; developing test suites and test methods; providing implementation guidance and technical support to industry forums; and conducting education, training, and outreach programs. All of the STVM's validation programs work together with independent Cryptographic and Security Testing laboratories that are accredited by the NIST National Voluntary Laboratory Accreditation Program (NVLAP). Based on the independent laboratory test report and test evidence, the Validation Program then validates the implementation under test. The validations awarded to vendor implementations are publicly posted on the NIST website.

For more information regarding the Security Testing, Validation and Measurement Group, visit the CSRC website.

Projects / Programs


The Importance of Entropy to Information Security

Apostol T. Vassilev, Timothy Hall
The strength of cryptographic keys is an active challenge in academic research and industrial practice. In this paper we discuss the entropy as fundamentally

Creating Integrated Evidence Graphs for Network Forensics

Changwei Liu, Anoop Singhal, Duminda Wijesekera
Evidence Graphs model network intrusion evidence and their dependencies, which helps network forensics analyst collate and visualize dependencies. In particular


Group Manager