Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cryptographic Module Validation Program (CMVP)


The Cryptographic Module Validation Program (CMVP) is a joint effort between the National Institute of Standards and Technology under the Department of Commerce and the Canadian Centre for Cyber Security, a branch of the Communications Security Establishment. The goal of the CMVP is to promote the use of validated cryptographic modules and provide Federal agencies with a security metric to use in procuring equipment containing validated cryptographic modules. 

Cryptographic and Security Testing (CST) Laboratories are independent laboratories accredited by NVLAP. CST Labs verify each module meets a set of testable cryptographic and security requirements, with each CST laboratory submission reviewed and validated by CMVP.  

CMVP continues to accept cryptographic modules submissions to Federal Information Processing Standard (FIPS) 140-2, Security Requirements for Cryptographic Modules until March 31, 2022however, submissions after September 21, 2021 must have an existing extension request. On April 1, 2022 CMVP will no longer accept FIPS 140-2 submissions for new validation certificates except as indicated in the table below.

As of September 22, 2020 CMVP additionally began validating cryptographic modules to Federal Information Processing Standard (FIPS) 140-3, Security Requirements for Cryptographic Modules.


For more information regarding the Cryptographic Module Validation Program (CMVP), please visit the Computer Security Resource Center (CSRC).

Created June 24, 2009, Updated January 24, 2022