You are here:

  1. Home
  2. Test taker home
  3. NIST-CMVP
  4. CVP Certification Exam Domains

CVP Certification Exam Domains

Domain 1: Physical Security (10%)

  • Understand the different embodiments for modules
  • Understand requirements for physical security for modules specific to levels 1-3
  • Understand the requirements for physical security for modules specific to level 4

Domain 2: Authentication, Roles, Services, and Operational Environment (16%)

  • Understand authentication requirements and concepts
  • Define the requirements for role
  • Understand the concepts of services using approved and non-approved functions, and bypass
  • Understand the concepts of reviewing and testing Software Modules
  • Describe the operational environment requirements/concepts and how to test them

Domain 3: Algorithms & Self-Tests (24%)

  • Understand the concepts of the approved and allowed algorithms
  • Identify which algorithms are approved or allowed
  • Understand the issues related to testing the components of the algorithms
  • Identify the tester’s responsibilities when reviewing an algorithm’s implementation
  • Identify the power-up tests and know the associated requirements
  • Understand the requirements for conditional tests

Domain 4: Key Establishment (24%)

  • Understand the requirements for key generation, key agreement, key transport and key derivation and applicable standards and guidance
  • Understand and identify the approved random bit generators
  • Understand the notion of entropy and methods of entropy estimation
  • Possess general knowledge of the key establishment protocols and standards in the IT industry

Domain 5: Key Management (11%)

  • Understand the requirements for key entry/output and trusted paths
  • Understand the requirements for key storage
  • Understand the various types of key and CSP zeroization

Domain 6: Security Assurances (15%)

  • Understand the requirements of module specification including approved and non-approved modes
  • Understand the FIPS Standards, programmatic guidance, implementation guidance and associated documentation requirements
  • Understand the requirements for ports & interfaces, finite state model, EMI/EMC, Mitigation of Other Attacks and design assurance
  • Understand the concept and testing requirements for formal modeling
Last updated 2017-06-01