CVP Certification Exam Domains
Domain 1: Physical Security (10%)
- Understand the different embodiments for modules
- Understand requirements for physical security for modules specific to levels 1-3
- Understand the requirements for physical security for modules specific to level 4
Domain 2: Authentication, Roles, Services, and Operational Environment (16%)
- Understand authentication requirements and concepts
- Define the requirements for role
- Understand the concepts of services using approved and non-approved functions, and bypass
- Understand the concepts of reviewing and testing Software Modules
- Describe the operational environment requirements/concepts and how to test them
Domain 3: Algorithms & Self-Tests (24%)
- Understand the concepts of the approved and allowed algorithms
- Identify which algorithms are approved or allowed
- Understand the issues related to testing the components of the algorithms
- Identify the tester’s responsibilities when reviewing an algorithm’s implementation
- Identify the power-up tests and know the associated requirements
- Understand the requirements for conditional tests
Domain 4: Key Establishment (24%)
- Understand the requirements for key generation, key agreement, key transport and key derivation and applicable standards and guidance
- Understand and identify the approved random bit generators
- Understand the notion of entropy and methods of entropy estimation
- Possess general knowledge of the key establishment protocols and standards in the IT industry
Domain 5: Key Management (11%)
- Understand the requirements for key entry/output and trusted paths
- Understand the requirements for key storage
- Understand the various types of key and CSP zeroization
Domain 6: Security Assurances (15%)
- Understand the requirements of module specification including approved and non-approved modes
- Understand the FIPS Standards, programmatic guidance, implementation guidance and associated documentation requirements
- Understand the requirements for ports & interfaces, finite state model, EMI/EMC, Mitigation of Other Attacks and design assurance
- Understand the concept and testing requirements for formal modeling
Last updated 2017-06-01