Voglio sapere a riguardo di…

Federal Register / Vol. 86, No. 167 / Wednesday, September 1, 2021 / Notices
khammond on DSKJM1Z7X2PROD with NOTICES

FOR FURTHER INFORMATION CONTACT:

Apostol Vassilev via phone 301 975
3221 or email applied-crypto-testing@
nist.gov; by mail to National Institute of Standards and Technology, NCCoE;
9700 Great Seneca Highway, Rockville, MD 20850. Additional details about the Automation of the Cryptographic Module Validation Program CMVP
project are available at https
www.nccoe.nist.gov/projects/buildingblocks/applied-cryptography/cmvpautomation.
Background: The NCCoE, part of NIST, is a public-private collaboration for accelerating the widespread adoption of integrated cybersecurity tools and technologies. The NCCoE
brings together experts from industry, government, and academia under one roof to develop practical, interoperable cybersecurity approaches that address the real-world needs of complex Information Technology IT systems.
By accelerating dissemination and use of these integrated tools and technologies for protecting IT assets, the NCCoE will enhance trust in U.S. IT
communications, data, and storage systems; reduce risk for companies and individuals using IT systems; and encourage development of innovative, job-creating cybersecurity products and services.
Process: NIST is soliciting responses from all sources of relevant security capabilities see below to enter into a Cooperative Research and Development Agreement CRADA to provide products and technical expertise to support and demonstrate security platforms for the Automation of the Cryptographic Module Validation Program CMVP project. The full project can be viewed at: https
www.nccoe.nist.gov/projects/buildingblocks/applied-cryptography/cmvpautomation.
Interested parties can access the template for a letter of interest by visiting the project website at https
www.nccoe.nist.gov/projects/buildingblocks/applied-cryptography/cmvpautomation and completing the letter of interest webform. On completion of the webform, interested parties will receive access to the letter of interest template, which the party must complete, certify as accurate, and submit to NIST by email or hardcopy. NIST will contact interested parties if there are questions regarding the responsiveness of the letters of interest to the project objective or requirements identified below. NIST
will select participants who have submitted complete letters of interest on a first come, first served basis within each category of product components or capabilities listed below, up to the
VerDate Sep<11>2014

17:09 Aug 31, 2021

Jkt 253001

number of participants in each category necessary to carry out this project.
When the project has been completed, NIST will post a notice on the Automation of the Cryptographic Module Validation Program CMVP
project website at https
www.nccoe.nist.gov/projects/buildingblocks/applied-cryptography/cmvpautomation announcing the completion of the project and informing the public that it will no longer accept letters of interest for this project.
Completed letters of interest should be submitted to NIST and will be accepted on a first come, first served basis. There may be continuing opportunity to participate even after initial activity commences for participants who were not selected initially or have submitted the letter interest after the selection process.
Selected participants will be required to enter into a consortium CRADA with NIST for reference, see ADDRESSES
section above.
Objective: The Cryptographic Module Validation Program CMVP validates third-party assertions that cryptographic module implementations satisfy the requirements of Federal Information Processing Standards FIPS Publication 1403, Security Requirements for Cryptographic Modules. Current industry cryptographic product development, production, and maintenance processes place significant emphasis on time-to-market efficiency.
A number of elements of the validation process are manual in nature, and the period required for third-party testing and government validation of cryptographic modules is often incompatible with industry requirements. The purpose of the project is to demonstrate the value and practicality of automation to improve the efficiency and timeliness of CMVP
operation and processes. The proposed proof-of-concept solutions will integrate commercial and open source products that leverage cybersecurity standards and recommended practices to demonstrate the use case scenarios detailed in the Automation of the Cryptographic Module Validation Program CMVP project description at https www.nccoe.nist.gov/projects/
building-blocks/applied-cryptography/
cmvp-automation. This project will result in a publicly available NIST
Cybersecurity Practice Guide as a Special Publication 1800 series, a detailed implementation guide describing the practical steps needed to implement a cybersecurity reference implementation.
Requirements for Letters of Interest:
Each responding organizations letter of
PO 00000

Frm 00014

Fmt 4703

Sfmt 4703

48985

interest should identify which security platform components or capabilityies it is offering. Letters of interest should not include company proprietary information, and all components and capabilities must be commercially available. Components are listed in section 3 of the Automation of the Cryptographic Module Validation Program CMVP project description at https www.nccoe.nist.gov/projects/
building-blocks/applied-cryptography/
cmvp-automation and include, but are not limited to:
Validation authority server ACV proxy server ACV client Hardware or software cryptographic modules Host processors for software cryptographic modules Network devices supporting webbased exchange of information in JSON format Harnesses for integration of ACV
clients with hardware or software cryptographic modules Automated cryptographic module testing expertise Each responding organizations letter of interest should identify how its products help address one or more of the following desired characteristics and properties in section 1 of the Automation of the Cryptographic Module Validation Program CMVP
project description at https
www.nccoe.nist.gov/projects/buildingblocks/applied-cryptography/cmvpautomation:
Support necessary schemas and protocols for evidence submission and validation for a scalable application programming interface API based architecture Support standard tests for the functional tests of specific classes of technologies e.g., software modules and corresponding reporting of functional and non-functional security requirements Be compatible with an infrastructure required to support a new automated validation program architecture Include reusable test harnesses for test automation for different types of modules within the program architecture Support maintaining validation within a changing operational environment Support validation in third-party operational environments e.g., cloud providers, contracted environments Support identification of positive and negative impacts that the new automation program may have on cryptographic product development,
E:FRFM01SEN1.SGM

01SEN1