Federal organizations need to have an appropriate level of confidence that the security features of IT products work as intended and meet security specifications. The basis for having such confidence is through security assurance. Products with an appropriate degree of assurance contribute to the security and assurance of the system as a whole and thus should be an important factor in IT procurement decisions. NIST helps agencies obtain security assurance in products through two programs for product evaluation and testing -- the National Information Assurance Partnership (NIAP)'s Common Criteria Evaluation and Validation Scheme and the Cryptographic Module Validation Program (CMVP). Both programs use accredited private sector laboratories to conduct the actual testing and issue government certificates upon successful completion of testing. The NIAP's evaluation program focuses on evaluations of against a set of security specifications drawn from the Common Criteria (ISO 15408). Testing under CMVP this program helps provide customers with assurance: 1) that a cryptographic module meets one of the four security specification levels of Federal Information Processing Standard (FIPS) 140-1, Security Requirements for Cryptographic Modules and 2) that the FIPS-approved algorithms (e.g., for encryption or digital signatures) are correctly implemented. Both programs help agencies have confidence in the security aspects of the IT products they use.