NIST and NIAP: A Tale of Two Crypto Validations (C22a)
In this talk, we will analyze in depth the need for harmonization between NIAP and CAVP (FIPS) requirements. We will review changes to the recent NIAP Policy 5 Guidance update and FAQ, and how it relates to CAVP/ACVT testing and current NIST guidance, particularly the CAVP FAQ. Attendees will learn how to develop certification strategies that align with both programs and allow re-use of CAVP/ACVT testing across multiple products. This includes identifying a baseline for testing across Operational Environments with varying CPU microarchitectures and how this can tie into efficient reduction of testing effort through equivalency.