Cryptographic Equipment
Assessment Laboratory (CEAL)

The following steps outline the process flow for testing a Cryptographic Module (CM) by a CEAL tester. This is just an general flow and changes depending on the nature of the module. The steps explain the process of testing, preparing the report and answering queries raised by NIST for each module.

1. In this step an agreement between the vendor and CEAL would be reached.
2. Vendor provides CEAL with the requisite material for the tester to proceed. In this step itself a CEAL tester is assigned to the module.
3. The tester reviews the material provided by the vendor and asserts whether the material is sufficient to go ahead with the testing.
4. This step is optional. Sometimes it is required or the Vendor feels it wouldbe better to present the module to the CEAL team to better assist the team follow the product and shorten the testing cycle.
5. The tester tests the module against the security requirements under the eleven areas. In this tester would go back forth along with the vendor to discuss some issues which requires furhter clarifications.
6. Tester prepares the report based on the testing done on the module and otherdocuments required for submission. Also for quality purposes the report would be verified by another CEAL staff member.
7. The whole package is submitted to NIST
8. NIST gets back to CEAL if any questions arise and the CEAL team along with the Vendor would try to resolve these issues.

The general flow of the CMVP process is shown at http://csrc.nist.gov/cryptval/140-1/140-1flow.gif