The Inner Circle

 View Only
Expand all | Collapse all

Collaborate with NIST On Our Latest Applied Cryptography Project

  • 1.  Collaborate with NIST On Our Latest Applied Cryptography Project

    Posted Sep 01, 2021 01:49:00 PM
      |   view attached
    Hi All,

    The National Institute of Standards and Technology's (NIST's) National Cybersecurity Center of Excellence (NCCoE) has issued a Federal Register Notice inviting industry participants and other interested parties to participate in the NCCoE's Automation of the Cryptographic Module Validation Program (CMVP) project.
    This project aims to demonstrate the value and practicality of enhanced automation support for the current CMVP. Our goal is to improve the efficiency and timeliness of CMVP operations and processes. This project is part of a broader set of activities focusing on automation of CMVP testing and data flows, and it builds on the automated Cryptographic Algorithm Validation Program. Ultimately, we are striving to improve the efficiency of mechanisms for testing by National Voluntary Laboratory Accreditation Program accredited parties.

    This project will lead to automated tests, where appropriate, for each of the test requirements found in the International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 24759 at all four security levels. It will also create standard reporting of test evidence, which along with the automated tests will improve the efficiency of the CMVP.

    There are two ways to engage with the CMVP team on this project:
    • NCCoE Collaborator-Collaborators are members of the project team and work alongside NCCoE staff to build the demonstration by contributing products, services, and technical expertise. Collaborators are expected to participate in regularly scheduled conference calls and to help build and document the demonstration.
    - Get Started Today-If you are interested in becoming an NCCoE collaborator for the CMVP, first review the requirements identified in the Federal Register Notice (FRN) which is based on the final project description. Once you have a good understanding of this project, please complete this form and you will receive instructions and a Letter of Interest (LOI) where you can present your capabilities. Completed LOIs are considered on a first-come, first-served basis within each category of components or characteristics listed in the FRN, up to the number of participants in each category necessary to carry out the project build.
    - Collaborator Selection-The CMVP project team will review all LOIs and may follow up with respondents with questions or to discuss your capabilities. If selected, the CMVP project team will notify you via email. Next, you will receive a Cooperative Research and Development Agreement (CRADA) for review and signature. Once the CRADA has been signed, participants can begin working with the NCCoE to develop an example solution for eventual publication in an NCCoE practice guide. This process can take anywhere from several weeks to a few months. If you submit an LOI and are not selected, the project team will notify you via email.
    • Community of Interest (COI) Membership-COI members receive periodic updates and the opportunity to share their expertise and help shape this project. Go here to join the CMVP COI.

    ------------------------------
    Michael Roza CPA, CISA, CIA, MBA, Exec MBA
    ------------------------------


  • 2.  RE: Collaborate with NIST On Our Latest Applied Cryptography Project

    Posted Sep 02, 2021 12:58:00 PM

    Thank you for sharing, @Michael Roza!

    Sounds like a great way to get involved :)



    ------------------------------
    Anna Campbell Schorr
    Training Content Development
    Cloud Security Alliance
    [email protected]
    ------------------------------