Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

CMVP Documentation Requirements:CMVP Validation Authority Updates to ISO/IEC 24759



Kim B. Schaffer


NIST Special Publication (SP) 800-140A modifies the vendor documentation requirements of ISO/IEC 19790 Annex A. As a validation authority, the Cryptographic Module Validation Program (CMVP) may modify, add or delete Vendor Evidence (VE) and/or Test Evidence (TE) as specified under paragraph 5.2 of the ISO/IEC 19790. This document should be used in conjunction with ISO/IEC 19790 Annex A and ISO/IEC 24759 paragraph 6.13 as it modifies only those requirements identified in this document.
Special Publication (NIST SP) - 800-140A
Report Number


Conformance testing, Cryptographic Module Validation Program, CMVP, FIPS 140 testing, FIPS 140, ISO/IEC 19790, ISO/IEC 24759, testing requirement, vendor evidence, vendor documentation


Schaffer, K. (2020), CMVP Documentation Requirements:CMVP Validation Authority Updates to ISO/IEC 24759, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], (Accessed May 17, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created March 20, 2020, Updated May 24, 2020