With ACVP done what’s next on the road to automating the NIST crypto validation programs? (C13b)
NIST is working in close collaboration with the industry to address the shortcomings of the NIST Cryptographic Validation Programs and improve the efficiency and effectiveness of cryptographic module testing in order to reduce the time and cost required for testing while providing a high level of assurance for Federal government consumers. The first milestone of this multi-year effort has been accomplished—the ACVP testing scope is now a part NVLAP’s HB 150-17, Annex G, and an active NIST validation program. It is also a game-changer in the way it introduces a new model for testing that redistributes the trust in assurance so that it is closer to reality. With this milestone behind us, what’s next?
A panel of industry experts and government representatives will discuss the challenges with automation of module testing. Our moderator will introduce the panelists and open with a brief history of government validations and how we got where we are today. The moderator will have a prepared list of questions for members of the panel.
The panel will be asked about the biggest challenges they see with the module automation effort, and then panel will discuss approaches for addressing them. In particular, presenters will discuss if it would be possible to use new technology, such as machine learning/AI, in order to tackle subjectivity of human-based reviews—one of the high complaints points with the legacy program. The panelists will debate the differences between the historical model and a technology driven model, the assurance gains and losses associated with each model, the feasibility of the new approach from technologic and economic perspectives. The panel will explore the possibilities for automating the generation and review of module test artifacts to replace manual procedures and increase the agility and bandwidth of the validation program.