Conclusion

Conclusion#

To date, the project has:

  • Identified and sorted categories of test evidence required for CMVP validation that can readily be automated in a reporting format consistent with current Web CRYPTIK used by CMVP and identified those test evidence classes for which manual processes are still needed;

  • Identified necessary schemas and protocols for report submission and validation for a scalable API-based architecture;

  • Designed and developed a cloud-based infrastructure required to support validation program automation;

  • Added automated rule processing on submissions with instant feedback intended to catch inconsistencies and inaccuracies a CMVP reviewer would otherwise need to catch during their review of a submission and provides instant feedback to the submitter to correct before the submission is;

  • Added the source code evidence payloads to capture how source code TEs are evaluated by the lab;

  • Added details to the protocol to provide a more complete API for labs to interact with their submissions;

  • Defined test methods for functional testing TEs to allow for more specific information and automation to be applied to the evidence collected;

  • Improved the TE filtering coverage via thorough review of all sections of FIPS 140-3;

  • Modernized infrastructure by migrating legacy systems to a scalable cloud platform, implementing CI/CD pipelines for automation, and containerizing applications for faster, more maintainable deployments;

  • Upgraded web servers with cloud-based solutions for routing and authentication, enhanced security with mutual TLS and API keys, and improved system resilience while reducing downtime;

  • Streamlined developer workflows, accelerated updates, and minimized operational complexity and infrastructure costs;

  • Deployed a demo ACMVP server, enabling the community to explore and get acquainted with the newly developed application;

Moving forward, the project staff plans in the second half of 2025 to:

  • Finalize a coordinated JSON structure for test evidence catalogue;

  • Refine the research infrastructure to support enabling automated acceptance of test evidence and processing of functional test evidence from NVLAP-accredited parties;

  • Streamline test methods for functional testing;

  • Improve test requirement filtering capabilities;

  • Demonstrate an ability for the CMVP staff to use an API to handle “comment round” interactions with NVLAP-accredited parties;

  • Begin integrating ACMVP research outputs into the production CMVP workflows;

  • Perform security analysis for the proposed design.