About the Cryptographic Module Validation Program (CMVP)
Unlike CAVP that validates a specific cryptographic algorithm, the CMVP validates the entire cryptographic module to Federal Information Processing Standards (FIPS) 140-1 Security Requirements for Cryptographic Modules, and other FIPS cryptography based standards. FIPS 140-2 was released on May 25, 2001 to supersede FIPS 140-1.
Cryptographic Modules validated as conforming to FIPS 140-1 and FIPS 140-2 are accepted by the Federal Agencies for the protection of sensitive information.
Every IT product available makes a claim as to functionality and/or offered security. When protection of information and communications used in e-commerce, critical infrastructure and other sensitive stored data, Federal agencies, regulated by legislative restrictions, need to know that a product's stated security claim is valid. At the core of all cryptographic products offering is the cryptographic module, which offers services such as data encryption and authentication. FIPS 140-2 validates the cryptographic module and its underlining cryptographic algorithms against established standards to fend off any weakness and loopholes of a design.