Messaging#
Messaging and Workflow
The general flow of the protocol is to:
-
Login to the system
-
Create a certificate request session and register a module via
POST /amvp/v1/certRequests -
Submit functional test evidence (FT-TE) via
POST /amvp/v1/certRequests/<id>/evidence -
Submit source code test evidence (SC-TE) via
POST /amvp/v1/certRequests/<id>/sourceCode -
Submit other docmumentation test evidence (OD-TE) via
POST /amvp/v1/certRequests/<id>/otherDocumentation -
Submit security policy evidence via
POST /amvp/v1/certRequests/<id>/securityPolicy -
Submit security policy template via
POST /amvp/v1/certRequests/<id>/securityPolicy/template -
Generate the security policy via
PUT /amvp/v1/certRequests/<id>/securityPolicy -
Certify the submission via
POST /amvp/v1/certRequests/<id>/certify -
Receive the validation certificate via
GET /amvp/v1/certRequests/<id>
Details on the specific requests, payloads, and responses are covered in this section.
Resource Registration Exchange
The registration will utilize the URI resources [xml_uriResources] to register various resources associated with the module as well as module specific capabilities. This exchange will consist of several message exchanges and will provide a detailed list of module capabilities to be registered, see [xml_regmsgFlows]. A set of URI resources are also available to retrieve and manage the available metadata. The registration can be performed at any time prior to formal algorithm testing, formal entropy testing and the formal module validation request.
Test Evidence Exchange
The test evidence exchange consists of the AMV client initiating a certRequest and then requesting evidenceSet(s) associated with the request. An evidenceSet may require a test to be performed or some documentation to be gathered and then presented to the server as test evidence. The client MAY retreive and process the evidenceSets in any order. The client MAY retreive an evidenceSet and immediately return results, or it MAY return results at a later time. The client repeats this process until all of the evidenceSets in the certRequest list have been processed. Once an evidenceSet result has been POSTed to the server the client may request success/failure results from the server at any time; however, if evidenceSets have not been completed, the overall status will be incomplete. A message flow overview is described below [xml_msgFlows].
Module Validation Request
Once a certRequest result has successfully completed the client will receive a module validation certificate, via GET on the certRequest session.
Message Flows
Message flows are provided in the Appendix, but the content and responses provided here are the expected content.
Retrieve information for a Module
GET /modules/{moduleId}
Returns information about a specific module. The information is provided based on the moduleInfo section registered with the module when creating a new certificate request session. The moduleId can be found from a GET amvp/v1/certRequests/{certRequestId} on a successfully registered certificateRequestId.
Response
{
"id": 165,
"name": "OpenSSL FIPS Provider",
"description": "FIPS Provider V3.0.0",
"embodiment": "Single Chip",
"type": "software",
"opEnvType": "Intel X86_64",
"overallSecurityLevel": 1,
"amvVersion": "0.1"
}Certificate Request Sessions
Create a New Certificate Request Session
POST /certRequests
Create a new Certificate Request Session.
Request
{
"amvVersion": "0.1",
"vendorId": 1,
"moduleId": 1,
"testers": [
"CVP-0-000001",
"CVP-0-000002"
],
"algorithmCertificates":[
"A1"
],
"entropyCertificates":[
"E1"
],
"module":
{
"schemaVersion": "initial",
"moduleInfo":
{
"count": 1,
"embodiment": "singlechip",
"opEnvType": "modifiable",
"submissionLevel": "Level 1",
"itar": false,
"overallSecurityLevel": 2
},
"secLevels":
[
{
"section": 1,
"level": 1
},
{
"section": 2,
"level": 1
},
{
"section": 3,
"level": 1
},
{
"section": 4,
"level": 1
},
{
"section": 5,
"level": 1
},
{
"section": 6,
"level": 1
},
{
"section": 7,
"level": 1
},
{
"section": 8,
"level": 1
},
{
"section": 9,
"level": 1
},
{
"section": 10,
"level": 1
},
{
"section": 11,
"level": 1
},
{
"section": 12,
"level": 1
}
],
"filterProperties":
[
{"name": "implementsOtar", "included": true},
{"name": "hasNonApprovedMode", "included": true},
{"name": "requiresInitialization", "included": true},
{"name": "hasExcludedComponents", "included": true},
{"name": "hasDegradedMode", "included": false},
{"name": "hasPAAorPAI", "included": false},
{"name": "hasEmbeddedOrBoundModule", "included": false},
{"name": "hasCriticalFunctions", "included": false},
{"name": "hasNonApprovedAlgorithmsInApprovedMode", "included": false},
{"name": "hasExternalInputDevice", "included": false},
{"name": "hasExternalOutputDevice", "included": false},
{"name": "usesTrustedChannel", "included": true},
{"name": "supportsConcurrentOperators", "included": true},
{"name": "usesIdentityBasedAuthentication", "included": true},
{"name": "hasMaintenanceRole", "included": true},
{"name": "allowsOperatorToChangeRoles", "included": false},
{"name": "hasDefaultAuthenticationData", "included": true},
{"name": "usesEDC", "included": true},
{"name": "allowsExternalLoadingOfSoftwareOrFirmware", "included": false},
{"name": "containsNonReconfigurableMemory", "included": true},
{"name": "usesOpenSource", "included": false},
{"name": "providesMaintenanceAccessInterface", "included": false},
{"name": "hasVentilationOrSlits", "included": false},
{"name": "hasRemovableCover", "included": false},
{"name": "hasTamperSeals", "included": false},
{"name": "hasOperatorAppliedTamperSeals", "included": false},
{"name": "hasEFPorEFT", "included": false},
{"name": "outputsSensitiveDataAsPlaintext", "included": false},
{"name": "supportsManualSSPEntry", "included": true},
{"name": "usesSplitKnowledge", "included": true},
{"name": "hasCVE", "included": true},
{"name": "hasAdditionalMitigations", "included": false},
{"name": "usesOtherCurve", "included": true},
{"name": "supportsBypassCapability", "included": false},
{"name": "hasOTPMemory", "included": false},
{"name": "hasEFP", "included": false},
{"name": "hasEFT", "included": false},
{"name": "hasUserRole", "included": false},
{"name": "allowsSelfInitiatedCryptographicOutput", "included": false},
{"name": "usesAuthentication", "included": false},
{"name": "usesHashMacIntegrity", "included": false},
{"name": "usesDigitalSignatureIntegrity", "included": false},
{"name": "supportsSensitiveDataIO", "included": false},
{"name": "supportsCompleteImageReplacement", "included": false},
{"name": "hasControlOutput", "included": false},
{"name": "usesRoleBasedAuthentication", "included": false}
]
}
}
Optionally, references to ACV and ESV certificate IDs MAY be provided.
{
"amvVersion": "0.1",
"moduleId": 1,
"vendorId": 1,
"testers": [
"CVP-0-000001",
"CVP-0-000002"
],
"algorithmCertificates":[
"A1"
],
"entropyCertificates":[
"E1"
]
}
Response
The accessToken is a [RFC7519] which MUST be supplied as described in [jwtToken] in order to access the Certificate Request Session.
{
"url": "/amvp/v1/certRequests/2",
"vendorId": 1,
"status": "initial",
"accessToken" : "eyJhbGciOiJIUzI1NiIsInR5cCI6Ik (truncated)",
"amvVersion": "0.1",
}Adding Prerequisite Certificates to an Existing Certificate Request
POST /certRequests/{certRequestId}/prerequisiteCertificates
{
"amvVersion": "0.1",
"algorithmCertificates":[
"A1"
],
"entropyCertificates":[
"E1"
]
}
The response will match Certificate Request Session Information.
Certificate Request Session Information
GET /certRequests/{certRequestId}
Returns information about the specific Certificate Request Session. Several different responses could be provided depending on the status of the certRequest.
Response
If the certRequest is still in the initial state, the following response will be provided, indicating the client to try to access the resource again after retry seconds.
{
"amvVersion": "0.1",
"certRequestId": 2,
"retry": 30,
"status": "initial"
}If the certRequest is in the ready state, the following response will be provided. This indicates which test requirements the server determined to be applicable to the module based on the registration. The client shall provide evidence for each test requirement and the client shall provide security policy information in order for the certRequest to advance to the requirementsSubmitted state.
{
"url": "/amvp/v1/certRequests/8",
"moduleId": 2,
"vendorId": 1,
"status": "ready",
"securityPolicyStatus": "acceptingSubmissions",
"evidenceStatus": "acceptingSubmissions",
"entropyCertificates": [],
"algorithmCertificates": [],
"missingSPTemplate": true,
"missingSecurityPolicySubmission": true,
"evidenceList": [
{
"te": "TE02.10.01",
"required": [],
"oneOf": [
{
"types": [
"SC-TE",
"FT-TE"
],
"submitted": []
}
],
"complete": false
},
{
"te": "TE02.12.01",
"required": [
{
"types": [
"FT-TE"
],
"submitted": []
}
],
"oneOf": [],
"complete": false
},
{
"te": "TE02.19.02",
"required": [
{
"types": [
"FT-TE"
],
"submitted": []
}
],
"oneOf": [],
"complete": false
},
{
"te": "TE02.22.02",
"required": [
{
"types": [
"FT-TE"
],
"submitted": []
}
],
"oneOf": [],
"complete": false
}
],
"amvVersion": "0.1"
}If the certRequest’s FT-TE, SC-TE, OD-TE and SP-TE evidence are submitted, it will be in the requirementSubmitted state, the following response will be provided. The FT-TE and SC-TE status will either be in processing or submitted state. The SP-TE can be in processingGeneration, pendingGeneration, or submitted state.
{
"url": "/amvp/v1/certRequests/745",
"moduleId": 262,
"vendorId": 1,
"status": "requirementsSubmitted",
"securityPolicyStatus": "pendingGeneration",
"evidenceStatus": "submitted",
"amvVersion": "0.1"
}After FT-TE, SC-TE, OD-TE and SP-TE evidence are POSTed and SP-TE is PUTed, the following response will be provided.
{
"url": "/amvp/v1/certRequests/746",
"moduleId": 263,
"vendorId": 1,
"status": "requirementsSubmitted",
"securityPolicyStatus": "submitted",
"functionalTestStatus": "submitted",
"sourceCodeStatus": "submitted",
"amvVersion": "0.1"
}Certificate Request Functional Test Evidence (FT-TE) Submission
POST /certRequests/{certRequestId}/evidence
This endpoint allows a client to submit functional test evidence as requested by the server via the GET /certRequests/{certRequestId} response. Each test requirement is stored individually on the server and can be overwritten at any time with another POST. Subsequent GET /certRequests/{certRequestId} will update to reflect any remaining test requirements which need evidence submitted.
{
"amvVersion": "0.1",
"functionalTest":
{
"document":
{
"base-catalogVersion": "3.0",
"base-lastUpdated": "October-16-2023",
"functionalTesting-EC": "0.6",
"functionalTesting-lastUpdated": "October-29-2024"
},
"testEvidence":
[
{
"teList":
[
"TE02.12.01"
],
"description": "Verify that versioning info identifies distinct components.",
"access": "physical",
"technique": "debugger simulation emulation harness manual other",
"setup": "reference into Catalog",
"errorInduction": "description of",
"results":
{
"summary": "sample summary",
"digest": "000000",
"fileLocation": "location of test evidence",
"integrityMechanism": "SHA2-512"
}
}
]
}
}Certificate Request Source Code Evidence (SC-TE) Submission
POST /certRequests/{certRequestId}/sourcecode
This endpoint allows a client to submit source code evidence as requested by the server via the GET /certRequests/{certRequestId} response. Each test requirement is stored individually on the server and can be overwritten at any time with another POST. Subsequent GET /certRequests/{certRequestId} will update to reflect any remaining test requirements which need evidence submitted.
{
"amvVersion": "0.1",
"sourceCode": {
"document": {
"base-catalogVersion": "3.0",
"base-lastUpdated": "October-16-2023",
"sourceCode-EC": "0.6",
"sourceCode-lastUpdated": "October-29-2024"
},
"testEvidence": [
{
"teList": [
"TE02.10.01",
"TE02.07.01",
"TE02.07.02"
],
"file": [
"full path to file"
],
"function": "Source code method/function(s)",
"lines": "Source code line numbers",
"description": "Summarize how the source code review aspect of the TE was accomplished.",
"input": "may not always be applicable",
"output": "may not always be applicable",
"status": "",
"results":
{
"summary": "sample summary",
"digest": "000000",
"fileLocation": "location of test evidence",
"integrityMechanism": "SHA2-512"
}
}
]
}
}Certificate Request Other Documentation Evidence (OD-TE) Submission
POST /certRequests/{certRequestId}/otherDocumentation
This endpoint allows a client to submit other documentation evidence as requested by the server via the GET /certRequests/{certRequestId} response. Each test requirement is stored individually on the server and can be overwritten at any time with another POST. Subsequent GET /certRequests/{certRequestId} will update to reflect any remaining test requirements which need evidence submitted.
{
"amvVersion": "0.1",
"otherDocumentation": {
"document": {
"base-catalogVersion": "3.0",
"base-lastUpdated": "October-16-2023",
"otherDocumentation-EC": "0.6",
"otherDocumentation-lastUpdated": "October-29-2024"
},
"testEvidence": [
{
"teList": [
"TE02.03.02"
],
"documents":
[
{
"sectionName": "sample",
"documentName": "sampleDocument",
}
],
"results":
{
"summary": "sample summary",
"digest": "000000",
"fileLocation": "location of test evidence",
"integrityMechanism": "SHA2-512"
}
}
]
}
}Certificate Request Security Policy Submission
POST /certRequests/{certRequestId}/securityPolicy
This endpoint allows a client to submit missing security policy information as requested during the GET /certRequests/{certRequestId}. Each security policy is stored individually on the server and can be overwritten at any time with another POST. Subsequent GET /certRequests/{certRequestId} will update to reflect any remaining security policy sections that need information submitted.
{
"amvVersion": "0.1",
"securityPolicy": {
"schemaVersion": "2.8.4",
"cavpCertSet": {
"cavpCertList": [
{
"vendorName": "Duis ea",
"certName": "in sed nulla do dolor",
"validationId": 11023992,
"implName": "exercitation tempor ad",
"implVersion": "ut sed cillum",
"implType": "esse est ea quis cillum",
"implOrganization": "magna ipsum aliqua proident sit"
}
],
"cavpOeList": [
{
"name": "consectetur do cupidatat Ut",
"oeId": 3
}
],
"cavpOeAlgoList": [
{
"validationOeAlgorithmId": 1,
"algoDisplayName": "exercitation ad",
"canonicalAlgorithmId": 1,
"validationId": 1,
"certName": "anim fugiat nisi Lorem enim",
"implName": "velit exercitation irure magna eu",
"oeId": 8308,
"selectedCapList": [
{
"capabilityId": 31642322,
"displayText": "esse",
"childCapabilities": []
}
]
}
],
"cavpImplAlgoList": [
{
"algoDisplayName": "AES-CBC",
"canonicalAlgorithmId": 1,
"implName": "in Lorem",
"validationId": 7,
"certName": "nisi ex sint",
"category": "laboris velit"
}
],
"cavpItarAlgoList": [
{
"certName": "elit esse est",
"algoDisplayName": "AES-CBC-CS3",
"canonicalAlgorithmId": 4,
"capabilities": "deserunt est sed ad eiusmod",
"category": "Duis mollit magna"
}
]
},
"esvCertList": [
{
"esvCertName": "laboris veniam sunt dolore reprehenderit",
"certId": 33293608,
"vendorName": "cupidatat sit amet sunt"
}
],
"esvItarCertList": [
"pariatur",
"Lorem"
],
"testedHwList": [
{
"modelPartNum": "sint aute cillum quis",
"hwVersion": "et cupidatat",
"fwVersion": "consequat",
"processors": "consequat",
"features": "laborum id exercitation laboris veniam"
}
],
"testedSwFwHyList": [
{
"packageFileName": "laborum commodo consectetur nulla",
"swFwVersion": "magna",
"features": "anim Ut dolor occaecat in",
"integrityTest": "consequat ipsum dolor elit"
}
],
"testedHyHwList": [
{
"modelPartNum": "quis ullamco",
"hwVersion": "nisi laboris",
"fwVersion": "aliquip Lorem est in tempor",
"processors": "mollit sunt",
"features": "cupidatat"
}
],
"opEnvSwFwHyTestedList": [
{
"operatingSystem": "nostrud aliquip proident",
"hardwarePlatform": "in ut enim quis irure",
"processors": "nulla cupidatat",
"paaPai": "esse",
"hypervisorHostOs": "Excepteur ipsum labore elit",
"swFwVersionList": [
"deserunt est consequat pariatur ex",
"tempor dolor eiusmod",
"ipsum dolor",
"Ut cupidatat",
"et consequat"
]
}
],
"opEnvSwFwHyVAList": [
{
"operatingSystem": "reprehenderit culpa ut",
"hardwarePlatform": "pariatur esse in consectetur"
}
],
"modeOfOpList": [
{
"name": "officia commodo",
"description": "in ipsum",
"type": "aliquip",
"statusIndicator": "laborum"
}
],
"vendorAffirmedAlgoList": [
{
"name": "in ad in",
"algoPropList": [
{
"name": "id velit anim Ut veniam",
"value": "enim voluptate",
"propertyId": 11387443
}
],
"implName": "sed Excepteur",
"reference": "ullamco culpa"
}
],
"nonApprovedAllowedAlgoList": [
{
"name": "deserunt laboris non",
"algoPropList": [
{
"name": "ea aute consectetur Duis",
"value": "in ut",
"propertyId": -57056207
}
],
"implName": "incididunt enim anim",
"reference": "consectetur"
}
],
"nonApprovedAllowedAlgoNSCList": [
{
"name": "quis in",
"caveat": "ut adipisicing",
"useFunction": "non eu"
}
],
"nonApprovedNotAllowedAlgoList": [
{
"name": "in Ut incididunt",
"useFunction": "irure"
}
],
"secFunImplList": [
{
"name": "nostrud ex",
"sfTypeList": [
{
"sfAbbrev": "ad Excepteur sed id",
"sfId": 53184293
}
],
"description": "ad quis irure nisi",
"sfPropList": [
{
"name": "non veniam sint tempor occaecat",
"value": "et",
"propertyId": -30179093
}
],
"algorithmList": [
{
"algoDisplayName": "magna cupidatat laborum Ut in",
"canonicalAlgorithmId": 47899832,
"implName": "velit laborum sint id nostrud",
"validationId": 5,
"algoPropList": [],
"certName": "et"
}
]
}
],
"entropySourceList": [
{
"name": "labore ex",
"type": "reprehenderit",
"opEnv": "eu est",
"sampleSize": "exercitation",
"entropyPerSample": "cillum laborum",
"conditioningComp": "fugiat"
}
],
"portInterfaceList": [
{
"physicalPort": "ullamco",
"logicalInterfaceList": [
"ex qui velit eu",
"est",
"Duis sit labore aute ex",
"laborum fugiat adipisicing"
],
"dataPasses": "ullamco voluptate in ut veniam"
}
],
"authMethodList": [
{
"name": "labore exercitation dolore do dolore",
"description": "deserunt non ut",
"mechanism": "nostrud culpa",
"strengthEachAttempt": "exercitation reprehenderit dolor sed cillum",
"strengthPerMin": "deserunt"
}
],
"roleList": [
{
"name": "aliquip fugiat",
"type": "sint ut dolore Duis veniam",
"operatorType": "ea elit aliquip officia",
"authMethodList": [
"adipisicing Ut in",
"velit cillum cupidatat consectetur",
"labore adipisicing",
"Ut"
]
}
],
"approvedServiceList": [
{
"name": "ut",
"description": "labore eu irure",
"indicator": "qui",
"inputs": "ea cupidatat ullamco pariatur irure",
"outputs": "Ut aute",
"secFunImplList": [
"in",
"minim sed",
"ad pariatur"
],
"roleSspAccessList": [
{
"roleName": "aute esse do laborum",
"sspAccessList": [
{
"sspName": "quis consequat tempor laboris reprehenderit",
"accessType": [
"veniam laborum tempor",
"cupidatat aute",
"ut esse sint Lorem",
"culpa nulla",
"sit consequat incididunt occaecat"
]
}
]
},
{
"roleName": "incididunt id adipisicing et",
"sspAccessList": [
{
"sspName": "amet esse",
"accessType": [
"sunt dolore mollit",
"ipsum incididunt nisi in"
]
}
]
},
{
"roleName": "non Lorem est incididunt sit",
"sspAccessList": [
{
"sspName": "reprehenderit pariatur nisi sed",
"accessType": [
"consequat",
"amet"
]
}
]
},
{
"roleName": "non enim proident ex",
"sspAccessList": [
{
"sspName": "dolor voluptate",
"accessType": [
"aliquip esse",
"et laborum eiusmod veniam"
]
}
]
},
{
"roleName": "elit",
"sspAccessList": [
{
"sspName": "do sit dolor",
"accessType": [
"veniam ad do",
"irure"
]
}
]
}
]
}
],
"nonApprovedServiceList": [
{
"name": "anim quis elit",
"description": "commodo et deserunt",
"nonApprovedAlgoList": [
"nisi ea incididunt deserunt",
"Duis cillum",
"voluptate elit aute in",
"veniam"
],
"role": "exercitation aliquip"
}
],
"phSecMechanismList": [
{
"mechanism": "sunt",
"inspectFreq": "quis cupidatat in",
"inspectGuidance": "ullamco nulla in commodo sit"
}
],
"efpEftInfoList": [
{
"tempVoltType": "ullamco non",
"tempVolt": "non irure consectetur mollit",
"efpOrEft": "consectetur",
"result": "ad"
}
],
"hardnessTestTempList": [
{
"tempType": "aute veniam",
"temp": "culpa in"
}
],
"storageAreaList": [
{
"name": "sit exercitation nostrud veniam",
"description": "aliquip amet dolor deserunt Lorem",
"persistenceType": "sit consectetur ad ipsum irure"
}
],
"sspInputOutputList": [
{
"name": "aliquip do",
"from": "eu sint amet Duis Excepteur",
"to": "Excepteur commodo",
"formatType": "magna",
"distributionType": "dolor ea nostrud laboris ut",
"entryType": "officia voluptate ipsum adipisicing",
"relatedSFI": "non irure"
}
],
"sspZeroizationList": [
{
"method": "sint in",
"description": "veniam",
"rationale": "nostrud",
"operatorInitiation": "culpa cillum proident"
}
],
"sspList": [
{
"name": "nulla",
"description": "in non minim",
"size": "id",
"strength": "Lorem consequat sunt mollit",
"type": "id",
"generatedByList": [
"est",
"mollit in dolor eu Duis",
"irure exercitation est commodo",
"anim eu aliqua Excepteur",
"ullamco ad mollit"
],
"establishedByList": [
"anim eiusmod",
"sed enim tempor",
"officia cillum ex nostrud",
"elit voluptate amet laborum labore",
"Duis amet culpa"
],
"usedByList": [
"quis",
"proident",
"adipisicing ea mollit",
"cupidatat nisi incididunt dolore",
"voluptate tempor"
],
"inputOutputList": [
"aliqua ut nisi consequat",
"nulla in cillum est"
],
"storageItemList": [
{
"areaName": "est consequat dolore",
"format": "in",
"algorithmName": "ad"
}
],
"storageDuration": "nostrud",
"zeroizationList": [
"ad nostrud occaecat",
"minim ad incididunt irure",
"aute eiusmod"
],
"category": "elit do aliquip",
"relatedSspList": [
{
"sspName": "quis laborum qui",
"relationship": "mollit laborum nostrud in ut"
}
]
}
],
"preOpSelfTestList": [
{
"algorithmOrTest": "reprehenderit exercitation commodo velit",
"testProps": "ullamco nostrud",
"testMethod": "amet sit minim",
"type": "veniam",
"indicator": "ut irure pariatur adipisicing",
"details": "labore voluptate nisi",
"period": "in eu ex",
"periodicMethod": "in eu officia minim"
}
],
"condSelfTestList": [
{
"algorithmOrTest": "sed laboris Ut",
"testProps": "culpa",
"testMethod": "ea",
"type": "laborum dolore tempor nisi",
"indicator": "sit sed cillum qui",
"details": "enim adipisicing eu cupidatat amet",
"conditions": "amet laboris",
"coverage": [],
"coverageNotes": "velit culpa officia",
"period": "sit",
"periodicMethod": "dolor reprehenderit Duis"
}
],
"errorStateList": [
{
"name": "velit in",
"description": "ex",
"conditions": [
"reprehenderit nostrud cillum anim labore",
"do dolor officia",
"adipisicing voluptate do tempor"
],
"recoveryMethod": "aliquip",
"indicator": "irure amet"
}
],
"referenceList": [
"do occaecat sunt",
"irure velit"
]
}
}Security Policy Template Submission
POST /certRequests/{certRequestId}/securityPolicy/template
This endpoint allows a client to submit security policy templates. Data is submitted as form-data.
| Key | Type | Value |
|---|---|---|
amvVersion |
string |
"0.1" |
documentTemplate |
file |
<SP Template File> |
Security Policy Information PDF Generation
PUT /certRequests/{certRequestId}/securityPolicy
This endpoint allows a client to generate security policy information in PDF format. Security Policy must be submitted before this action. No payload is needed to submit the PUT request.
After PUT request, the following response will be provided. To view the .docx file generation status, use GET certRequests/{cerRequestId} as above. "securityPolicyStatus" will become "submitted" after .docx file is generated.
Response
{
"url": "/amvp/v1/certRequests/549",
"moduleId": 190,
"vendorId": 1,
"status": "requirementsSubmitted",
"securityPolicyStatus": "processingGeneration",
"evidenceStatus": "submitted",
"amvVersion": "0.1"
}Get Security Policy Information in PDF Format
GET /certRequests/{certRequestId}/securityPolicy
This endpoint allows a client to get security policy information as a .docx file.
Response
{
"status": "success",
"content": "JVBERi0xLjQKJZOMi54gUmVwb3J0TGFiI(truncated) ",
"digest": "qXHfhkXrVJQlTk4Wsa1RwfqmxPS8jxPvZfz4XwjGSOc=",
"dateTime": "2025-01-23T18:22:51.717",
"amvVersion": "0.1"
}Post Certify
POST /certRequests/{certRequestId}/certify
This endpoint allows a client to certify the certificate.
Response
{
"url": "/amvp/v1/certRequests/549",
"moduleId": 190,
"vendorId": 1,
"status": "requirementsSubmitted",
"securityPolicyStatus": "submitted",
"evidenceStatus": "submitted"
"amvVersion": "0.1"
}After POST /certify request completed, GET /certRequests/{certRequestId} request will have the status as "approved"
{
"certRequestId": 549,
"moduleId": 190,
"status": "approved",
"validationCertificate": "AMV-10",
"amvVersion": "0.1"
}