The Computer Security Division at NIST maintains a number of cryptographic
standards, and coordinates algorithm validation test suites for many
of those standards. The **Cryptographic Algorithm Validation Program
(CAVP)** encompasses validation testing for FIPS approved and
NIST recommended cryptographic algorithms. Cryptographic algorithm validation
is a prerequisite to the Cryptographic Module Validation Program (CMVP).
The CAVP was established by NIST and the Communications Security Establishment
Canada (CSEC) in July 1995. All of the tests under the CAVP are handled
by third-party laboratories that are accredited as Cryptographic Module
Testing (CMT) laboratories by the National Voluntary Laboratory Accreditation
Program (NVLAP). Vendors interested in validation testing of their algorithm
implementation may select any of the accredited laboratories. The CAVP
currently has algorithm validation testing for the following cryptographic
algorithms:

*FIPS 197:Advanced Encryption Standard (AES)*. FIPS 197 specifies the**AES**algorithm.*FIPS 46-3*and*FIPS 81: Data Encryption Standard (DES)*and*DES Modes of Operation*. FIPS 46-3 specifies the**DES**and**Triple DES**algorithms.*FIPS 185: Escrowed Encryption Standard (EES)*, which specifies the**Skipjack**algorithm.

*FIPS 186-2 with Change Notice 1 (October 5, 2001): Digital Signature Standard (DSS)*, which specifies the**DSA**,**RSA**, and**ECDSA**algorithms.

*FIPS 180-2 with Change Notice 1 (February 25, 2004): Secure Hash Standard (SHS)*, specifying**SHA-1**,**SHA 224**,**SHA 256**,**SHA 384**and**SHA 512**algorithms.

*FIPS 186-2 with Change Notice 1*(October 5, 2001) (Appendix 3.1 and 3.2): Specifies the Random Number Generation for the DSA algorithm.- ANSI X9.31 (Appendix A.2.4) - Using 2-Key Triple DES: Specifies the Random Number Generation for the RSA algorithm.
- NIST Recommended Random Number Generator based on ANSI X9.31 Appendix A.2.4 using the 3-Key Triple DES and AES Algorithms: Specifies the random Number Generation for the RSA algorithm.
- ANSI X9.62 (Appendix A.4): Specifies the RNG for the ECDSA algorithm.

*SP 800-90 Recommendation for Random Number Generation Using Deterministic Random Bit Generators*: Specifies four algorithms for Random Number Generation using Deterministic Random Bit Generators.

(Revised_March2007)

- Special
Publication 800-38B (May 2005):
*Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication.*CMAC can be considered a mode of operation of the block cipher because it is based on an approved symmetric key block cipher, such as the Advanced Encryption Standard (AES) algorithm currently specified in Federal Information Processing Standard (FIPS) Pub. 197. CMAC is also an approved mode of the Triple Data Encryption Algorithm (TDEA). *Special Publication 800-38C (May 2004):**Counter with Cipher Block Chaining - Message Authentication Code (CCM).*CCM is based on an approved symmetric key block cipher algorithm whose block size is 128 bits, such as the Advanced Encryption Standard (AES) algorithm currently specified in Federal Information Processing Standard (FIPS) Pub. 197 [2]; thus, CCM cannot be used with the Triple Data Encryption Algorithm [3], whose block size is 64 bits. Currently the only NIST-Approved 128 bit symmetric key algorithm is AES.*FIPS 198 (March 6, 2002): Keyed-Hash Message Authentication Code (HMAC)*. FIPS 198 specifies the HMAC algorithm.

Two other cryptographic standards (MAC; ANSI X9.17 Key Management) no longer have active validation testing. FIPS 113 remains in effect. Cryptographic module (FIPS 140-1 and FIPS 140-2) validation testing by the CMT laboratories may include testing for conformance to FIPS 113, as appropriate:

*FIPS 113: Computer Data Authentication*, which specifies the generation of a*Message Authentication Code (MAC)*, from ANSI X9.9, and*FIPS 171: Key Management Using ANSI X9.17 (withdrawn February 08, 2005*).