The atsec Cryptographic Security Testing (CST) laboratory is the first ever to achieve operational status with the Automated Cryptographic Validation Protocol (ACVP) production server operated by NIST. atsec’s ACVP tools are fully implemented and functional. After the test results for all types of algorithm testing offered by the ACVP server were validated by NIST, atsec’s CST lab was granted access to the ACVP production server. atsec performed the algorithm testing on its SHA and HMAC implementations used in the atsec ACVP Proxy, which is the very first ACVT project to demonstrate that the NIST ACVP production server is now in business.
With this privileged access, the atsec new service uses the ACVP production server to automate the process of testing the implementation correctness of cryptographic algorithms and related functions, and offers a much more efficient and effective process in the awarding of certificates by NIST.
Certificates of implementation correctness are awarded by the cryptographic algorithm validation program; these certificates being required as a pre-requisite for cryptographic module validation as well as for Common Criteria evaluations in the U.S.
Mr. Stephan Mueller, one of atsec’s Principal Consultants, has worked closely in the development of the client program to test the NIST ACVP demo server, which has greatly helped NIST’s successful launch of the ACVP production server. He commented on this collaboration between atsec and NIST.
“NIST is to be congratulated on this important milestone in the development of the ACVT program. A program which provides assurances in the security of IT systems implementing cryptography as well as supporting developers by providing the capabilities to test in synch with modern development timescales.”
Dr. Yi Mao, atsec Laboratory Director, also commented.
“We applaud NIST’s initiative in launching the ACVT program and are proud of assisting them in achieving this historically significant milestone. Cryptography is the hard core that provides information security. Automated testing is the way forward to sustain the high demand of the much-needed assurance at the core of security. It’s an extremely exciting moment, and empowered with ACVT, we can immediately benefit our existing and new customers by taking their algorithm validation down a fast path.”
Find out more at:
atsec’s cryptographic algorithm testing service page.
NIST ACVP certificate list.
NIST’s Automated Cryptographic Validation Testing (ACVT) project.
atsec’s IT security blog.
About atsec information security
atsec is an independent, standards-based information security consulting and evaluation services company that combines a business-oriented approach to information security with in-depth technical knowledge and global experience. atsec has grown into an international company with offices in the United States, Europe and Asia.