Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Voluntary Laboratory Accreditation Program (NVLAP) Cryptographic and Security Testing



Dana S. Leaman


NIST Handbook 150-17, NVLAP Cryptographic and Security Testing, presents the technical requirements and guidance for the accreditation of laboratories under the NVLAP Cryptographic and Security Testing (CST) program. It is intended for information and use by accredited laboratories, laboratories seeking accreditation, laboratory accreditation systems, users of laboratory services, and others needing information on the requirements for accreditation under this program. The 2013 edition incorporates the Security Content Automation Protocol (SCAP) version 1.2 requirements for testing. Amendments have been made to Annex E, SCAP testing, and the SCAP-related portions of the body text; the rest of the handbook is unchanged from the 2012 edition. The requirements of NIST Handbook 150, the interpretations and specific requirements in NIST Handbook 150-17 must be combined to produce the criteria for accreditation in the NVLAP CST program. For more information, visit the NVLAP website,
Handbook (NIST HB) - 150-17
Report Number


accreditation, assessment, FIPS 140-2 testing, ISO/IEC 17025, laboratory, management system, NVLAP, PIV, SCAP, testing, TWIC


Leaman, D. (2013), National Voluntary Laboratory Accreditation Program (NVLAP) Cryptographic and Security Testing, Handbook (NIST HB), National Institute of Standards and Technology, Gaithersburg, MD, [online], (Accessed April 20, 2024)
Created May 9, 2013, Updated November 10, 2018