NIST CMVP Data API
Static JSON API for NIST CMVP data. Updated weekly.
Status: Online
Updated: Loading...
Validated: Loading...
Historical: Loading...
In Process: Loading...
With Algorithms: Loading...
Updated: Loading...
Validated: Loading...
Historical: Loading...
In Process: Loading...
With Algorithms: Loading...
About
CMVP validates cryptographic modules to FIPS 140-2/140-3 standards. Joint program between NIST and CCCS.
Disclaimer: Unofficial project. Not affiliated with NIST. See official source for authoritative data.
Quick Start
https://ethanolivertroy.github.io/NIST-CMVP-API/api/
Get API Information
curl https://ethanolivertroy.github.io/NIST-CMVP-API/api/index.jsonfetch('https://ethanolivertroy.github.io/NIST-CMVP-API/api/index.json')
.then(response => response.json())
.then(data => console.log(data));import requests
response = requests.get('https://ethanolivertroy.github.io/NIST-CMVP-API/api/index.json')
data = response.json()
print(data)Endpoints
GET /api/index.json
API info
GET /api/metadata.json
Dataset metadata
GET /api/modules.json
Active validated modules
GET /api/historical-modules.json
Expired/revoked modules
GET /api/modules-in-process.json
Pending validation
GET /api/algorithms.json
Algorithm usage statistics across all certificates
Data Schema
Validated Module Object
| Field | Type | Description |
|---|---|---|
| Certificate Number | String | Unique certificate identifier |
| Certificate Number_url | String | Link to NIST certificate page |
| Vendor Name | String | Module vendor/manufacturer |
| Module Name | String | Official module name |
| Module Type | String | Software, Hardware, Firmware, or Hybrid |
| Validation Date | String | Date of validation (MM/DD/YYYY) |
| security_policy_url | String | Direct link to Security Policy PDF |
| certificate_detail_url | String | Link to certificate detail page |
| algorithms | Array | List of approved algorithms (e.g., ["AES", "SHA-256", "RSA"]) |
| standard | String | FIPS standard (e.g., "FIPS 140-3") |
| status | String | Certificate status (Active, Historical, Revoked) |
| overall_level | Number | Security level (1-4) |
| sunset_date | String | Certificate expiration date |
| caveat | String | Operational caveat/limitations (important security warnings) |
| embodiment | String | Module embodiment type |
| description | String | Module description |
| lab | String | Testing laboratory name |
Algorithm Summary Object
| Field | Type | Description |
|---|---|---|
| total_unique_algorithms | Number | Count of unique algorithms |
| total_certificate_algorithm_pairs | Number | Total algorithm entries across all certs |
| algorithms | Object | Map of algorithm name to {count, certificates[]} |
Examples
Filter by Vendor
# Search for Microsoft modules
curl -s https://ethanolivertroy.github.io/NIST-CMVP-API/api/modules.json | \
jq '.modules[] | select(.Vendor | contains("Microsoft"))'// Search for vendor across all endpoints
async function findVendorModules(vendorName) {
const response = await fetch('/api/modules.json');
const data = await response.json();
return data.modules.filter(module =>
module.Vendor.toLowerCase().includes(vendorName.toLowerCase())
);
}
const microsoftModules = await findVendorModules('Microsoft');
console.log(`Found ${microsoftModules.length} Microsoft modules`);import requests
def find_vendor_modules(vendor_name):
response = requests.get('/api/modules.json')
data = response.json()
return [module for module in data['modules']
if vendor_name.lower() in module.get('Vendor', '').lower()]
microsoft_modules = find_vendor_modules('Microsoft')
print(f"Found {len(microsoft_modules)} Microsoft modules")