CMMCDocs.comCMVP
Also known as: Cryptographic Module Validation Program
The NIST program that validates and lists FIPS 140-2 and FIPS 140-3 compliant cryptographic modules. CMMC assessors verify FIPS compliance against the CMVP database.
The Cryptographic Module Validation Program (CMVP) is a joint NIST and Canadian Centre for Cyber Security program that validates cryptographic modules against the FIPS 140-2 and FIPS 140-3 standards. The CMVP maintains a public database of all validated modules at csrc.nist.gov.
For CMMC Level 2, a C3PAO will not accept vendor marketing claims of 'FIPS 140 compliance.' They will ask for the CMVP certificate number of the specific module protecting CUI and verify it in the CMVP database. The certificate identifies the module, the version, the operating environment, and the validation status (active, historical, or revoked).
This is a frequent source of friction during assessments. Contractors often discover late in the process that their commercial encryption product has a CMVP certificate that does not cover their specific deployment configuration.
Stop Googling. Start working.
CMMCDocs has all 110 NIST SP 800-171 Rev 2 requirements built in — with the language, the templates, and the evidence vault you need. Spin up a free demo workspace and click around the way an assessor would.
Get my demo account