U.S. flag   An unofficial archive of your favorite United States government website
This is an archive
(replace .gov by .rip)

Cryptographic Module Validation Program CMVP

Certificate #3094

Details

Module Name
Kernel Mode Cryptographic Primitives Library
Standard
FIPS 140-2
Status
Active
Sunset Date
3/21/2023
Validation Dates
03/22/2018
Overall Level
1
Caveat
When operated in FIPS mode with modules Windows OS Loader validated to FIPS 140-2 under Cert. #3090 operating in FIPS mode or Windows Resume validated to FIPS 140-2 under Cert. #3091 operating in FIPS mode
Security Level Exceptions
  • Physical Security: N/A
  • Design Assurance: Level 2
Module Type
Software
Embodiment
Multi-Chip Stand Alone
Description
Kernel Mode Cryptographic Primitives Library (cng.sys) runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request IRP (I/O request packet).
Tested Configuration(s)
  • Surface Hub (x64) running on a Microsoft Surface Hub with PAA
  • Windows 10 Education Creators Update (x64) running on a Microsoft Surface Pro with PAA
  • Windows 10 Enterprise Creators Update (x64) running on a Microsoft Surface 3 with PAA
  • Windows 10 Enterprise Creators Update (x64) running on a Microsoft Surface Book with PAA
  • Windows 10 Enterprise Creators Update (x64) running on a Microsoft Surface Laptop with PAA
  • Windows 10 Enterprise Creators Update (x64) running on a Microsoft Surface Pro 4 with PAA
  • Windows 10 Enterprise Creators Update (x64) running on a Microsoft Surface Pro with PAA
  • Windows 10 Enterprise Creators Update (x64) running on a Microsoft Surface Studio with PAA
  • Windows 10 Enterprise Creators Update (x64) running on an HP Pro x2 612 G2 Detachable PC with LTE with PAA
  • Windows 10 Home Creators Update (x86) running on a Dell Inspiron 660s without PAA
  • Windows 10 Mobile Creators Update (ARMv7) running on a Microsoft Lumia 650
  • Windows 10 Mobile Creators Update (ARMv7) running on a Microsoft Lumia 950
  • Windows 10 Mobile Creators Update (ARMv7) running on a Microsoft Lumia 950 XL
  • Windows 10 Mobile Creators Update (ARMv7) running on an HP Elite x3
  • Windows 10 Pro Creators Update (x64) on Hyper-V on Windows Server 2016 running on a Surface Pro 4 with PAA
  • Windows 10 Pro Creators Update (x64) running on a Dell Latitude 5285 with PAA
  • Windows 10 Pro Creators Update (x64) running on a Dell PowerEdge R630 Server with PAA
  • Windows 10 Pro Creators Update (x64) running on a Dell Precision Tower 5810MT with PAA
  • Windows 10 Pro Creators Update (x64) running on a Microsoft Surface 3 with LTE with PAA
  • Windows 10 Pro Creators Update (x64) running on a Microsoft Surface Laptop with PAA
  • Windows 10 Pro Creators Update (x64) running on a Microsoft Surface Pro 3 with PAA
  • Windows 10 Pro Creators Update (x64) running on a Microsoft Surface Pro with PAA
  • Windows 10 Pro Creators Update (x64) running on a Panasonic Toughbook with PAA (single-user mode)
  • Windows 10 Pro Creators Update (x64) running on an HP Compaq Pro 6305 with PAA
  • Windows 10 Pro Creators Update (x64) running on an HP Slimline Desktop with PAA
  • Windows 10 S Creators Update (x64) running on a Microsoft Surface Laptop with PAA
FIPS Algorithms
AES Certs. #4624 and #4626
CKG vendor affirmed
CVL Certs. #1278 and #1281
DRBG Cert. #1555
DSA Cert. #1223
ECDSA Cert. #1133
HMAC Cert. #3061
KAS Cert. #127
KBKDF Cert. #140
KTS AES Cert. #4626; key establishment methodology provides between 128 and 256 bits of encryption strength
PBKDF vendor affirmed
RSA Certs. #2521 and #2523
SHS Cert. #3790
Triple-DES Cert. #2459
Allowed Algorithms
HMAC-MD5; MD5; NDRNG
Software Versions
10.0.15063

Vendor

Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Mike Grimm
FIPS@microsoft.com
Phone: 800-Microsoft

Lab

LEIDOS CSTL
NVLAP Code: 200427-0