The STVMG supports the testing and validation of cryptographic modules and the cryptographic algorithms specified in NIST standards. These cryptographic modules and algorithms enable products and systems to provide security services, such as confidentiality, integrity authentication, and source authentication. Although cryptography provides security, poor designs or weak algorithms can render a product insecure and place highly sensitive information at risk. When protecting sensitive data, Federal Government agencies require a minimum level of assurance that cryptographic products meet established security requirements and use only tested and validated cryptographic modules and algorithms.
STVMG's testing-focused activities include validating cryptographic algorithm implementations, cryptographic modules, and Security Content Automation Protocol (SCAP)-compliant products; developing test suites and test methods; providing implementation guidance and technical support to industry forums; and conducting education, training, and outreach programs.