The CAVP is a collaborative program based on a partnership between NIST's Computer Security Division and the Communication Security Establishment Canada (CSEC). The goal of the CAVP is to provide federal agencies—in the United States, Canada, and the United Kingdom—with confidence that a validated cryptographic algorithm has been implemented correctly. This is accomplished by designing and developing validation test suites for every FIPS-approved and NIST recommended cryptographic algorithm. The test suites contain tests that verify the correct implementation of the detailed instructions of an algorithm. Federal agencies, industry, and the public can choose cryptographic algorithm implementations from the associated Algorithm Validation Lists and have confidence in the claimed level of security.
The CAVP has stimulated improved quality of cryptographic algorithm implementations. Statistics from the testing laboratories show that 27 percent of the cryptographic algorithms brought in for voluntary testing had security flaws that were corrected during testing.
The CAVP currently validates implementations of the following cryptographic algorithms: Advanced Encryption Standard (AES), Triple Data Encryption Standard (TDES), Skipjack, Digital Signature Algorithm ( DSA), Elliptic Curve DSA (ECDSA), RSA, Secure Hash Algorithm (SHA), Random Number Generator (RNG), Deterministic Random Bit Generator (DRBG), Key Agreement Schemes (KAS), Block Cipher-based MAC (CMAC), Counter with CBC-Message Authentication Code, (CCM), Keyed Hash Message Authentication Code (HMAC), Galois /Counter Mode (GCM) and GMAC.