CMUF

Welcome to the Cryptographic Module User Forum

The Cryptographic Module Users Forum (CMUF) was founded in 2013 and is a non-profit community based around those working with and validating the security for cryptographic modules.

Cryptographic Module User Forum Governance


1. Mission

 
The Cryptographic Module User Forum (CMUF) mission is to provide a platform for practitioners in the community of UNCLASSIFIED Cryptographic Module (CM) and UNCLASSIFIED Cryptographic Algorithm (CA) Validation Programs (VP). The forum aims to facilitate the communications among crypto module and algorithm developers, vendors, test labs and other interested parties, and the various national, international, and multi-lateral organizational committees, government agencies, and policy makers. In order to further the CMUF mission, our objectives are to improve and promote CM usage and resolution of issues and concerns by seeking to:

Enable focused technical working groups to address issues of interest to the community, e.g., reference standards for testing correct implementation of cryptographic algorithms
Develop and promote meaningful test/certification results which help to assure customers of tested/validated/certified modules
Encourage viable policies and processes for maintaining certification through module/product updates
Rationalize the time, effort, and cost required to complete validations/certifications which lead to appropriate levels of security in CMs
Support and foster the goal of worldwide mutual recognition of tested/validated/certified CMs
Not address issues related to the quality or fitness for purpose of any particular cryptographic algorithm or security function
Not promote particular vendor solutions or products
 

2. Principles of Operation

a The CMUF will seek to operate within the guidance of these Principles and will refrain from actions, or inactions, which would contradict these Principles.
b The operation of CMUF will be independent of any influence imposed by any Government or Validation/Certification Authority.
c The CMUF will provide an open forum for a broad spectrum of participants.
d The CMUF will accept any member who joins and participates in good faith.
e The CMUF will not favor any group or interest within its membership.
f The CMUF will facilitate the formation of technical working groups of a specific topic. These groups may be publicly or privately accessible to the entire CMUF membership and will operate within the CMUF Principles of Operation, subject to direction from the CMUF Steering Committee (SC).
g The CMUF will consider the expression and consideration of minority opinions and interests.
h The CMUF may address issues which are also being addressed by other organizations or groups.
i The CMUF will maintain its independence and identity in order to adhere to these principles.
j The CMUF will remain vigilant to ensure that no single group acquires undue influence within the CMUF which would contravene these Principles.
k CMUF members must not take part in discussions which may give rise to accusations of collusion, monopolistic, anti-trust or anti-competitive behavior.
l The CMUF should not allow the discussion of inappropriate topics or the sharing of confidential intellectual property in the form of proprietary information and should encourage its members to formally object to such discussions. Any complaints about such inappropriate discussions should be sent to sc@cmuf.org.
 

3. CMUF Membership

a Membership in the CMUF is free and open to all with an interest in unclassified cryptographic modules and unclassified cryptographic algorithms including, but not limited to acquirers and users of CM products; module/product vendors; validation/certification authorities; national, international and multi-lateral policy makers; consultancies; test labs; academia; and individuals.
b Membership is effectively maintained by allowing access to online CMUF collaboration tools.
c The CMUF portal administrator does not have influence over the potential membership of a group member.
d CMUF members are expected to follow the CMUF Principles of Operation.
e Donations of time, effort and a small dollar amount from members to keep the CMUF operational are welcome, but not required. No donation will have an impact on the independence of the CMUF.
 

4. CMUF Steering Committee (SC)

a The SC consists of a few CMUF members with profound knowledge in CMVP and CAVP. The participation in SC is voluntary-based. While SC is open for new members, a prospective candidate must be an experienced IT security professional and have a concrete plan to improve CMUF. An email application may be sent to sc@cmuf.org for review. The candidate will be informed with the SC’s decision in a timely manner.
b Broad guidelines for SC membership:
  • Optimum number of members in SC is 8.
  • Each SC member may nominate one representative from his/her organization as a “back-up” for the purposes of sharing workload. This individual may attend the SC meetings when the primary member is not able to. However, the back-up person must be informed of the SC’s role within the CMUF and in meetings represent the goals and agenda of the SC.
  • Although an SC member may be represented by two individuals from the same organization and its affiliates, the organization, being one SC member, has one vote within the SC.
  • No more than four members from the same community of users (Lab/vendor/developer/independent consultant).
  • Information internal to the SC (e.g., meeting preparation notes, discussion notes on the draft CMVP guidance) shall not be used to gain a competitive advantage for a member’s organization. Such information shall not be shared outside of SC before it has been approved by the SC. Only then can it be made available to all CMUF members via the CMUF portal.
c The role of the CMUF SC is to operate the CMUF in accordance with the guiding principles with minimal operational overhead.
d The responsibilities of the CMUF SC are:
  • Act as a liaison to CMVP, CAVP and ISO/IEC 19790 and ISO/IEC 24759 WG
  • Organizes the CMUF meetings and capture minutes from those meetings
  • Foster CMUF Working Groups (WG)
  • Share the operation cost for maintaining CMUF mailing lists, website, collaboration tools

5. CMUF Meetings

a The CMUF will have a face to face meeting yearly, which is likely to coincide in time and location with the annual International Cryptographic Module Conference (ICMC). The CMUF SC may decide to vary the arrangement and provide advance notice to the Membership.
b The CMUF will also have monthly e-meetings (usually with exception of July and December).
c Draft Agendas for CMUF meetings will be published by the CMUF SC and CMUF members will be able to request additional items to be added to such Agenda.
d Meeting notes of CMUF meetings will be published by the CMUF SC in a timely manner after the review and approval by the meeting speakers. Preferably have a draft by Friday following the meeting and post it by the Tuesday after the meeting.
e CMUF WG’s may organize their own group meetings.
 

Contact

Steering committee:
sc@cmuf.org

Website and Forum Admin:
admin@cmuf.org

The Collaboration Tool

Join the CMUF to participate in working groups, discussions and events.

Powered by

Projects CRM Documents