Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

A Comparison of the SSE-CMM and NVLAP IT Security Testing



R J. Medlock


This paper describes the general accreditation requirements of the NIST National Voluntary Laboratory Accreditation Program (NVLAP) and the specific accreditation requirements for the Cryptographic Module Testing (CMT) and Common Criteria Testing (CCT) programs, which are part of the NVLAP newly established Information Technology Security Testing Program. The paper discusses the similarities and Maturity Model (SSE-CMM) Model and Appraisal Method. For an organization that has been SSE-CMM appraised, it identifies areas that would be almost the same, areas that could be tailored to meet the NVLAP requirements, and areas that would be new if the organization intended to meet the NVLAP requirements.
International Systems Security Engineering Conference


common criteria testing, cryptographic module testing, IT security testing, NVLAP, SSE-CMM


Medlock, R. (2000), A Comparison of the SSE-CMM and NVLAP IT Security Testing, International Systems Security Engineering Conference (Accessed June 19, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created February 16, 2000, Updated February 19, 2017