Which program is used to verify cryptographic modules?

Verifying cryptographic modules is done through a formal validation program that tests a module against established cryptographic security requirements before it can be used in sensitive environments. The official program for this is the Cryptographic Module Validation Program (CMVP). Administered by NIST in collaboration with other national bodies, CMVP validates modules for compliance with FIPS 140-2/3 and related standards, checking aspects such as the implemented algorithms, key management, random number generation, and resistance to tampering. A module that passes CMVP validation receives a certificate, signaling it has been independently tested to meet the required standards and can be relied upon in federal and other regulated systems. Other options refer to broader security evaluation or governance frameworks—Common Criteria is a general security evaluation methodology, while ISO 27001 covers information security management systems and COBIT focuses on IT governance.