U.S. flag   An unofficial archive of your favorite United States government website

Computer Security Resource Center

Computer Security Resource Center

This is an archive
(replace .gov by .rip)
    Projects Cryptographic Module Validation Program Validated Modules Search

Cryptographic Module Validation Program CMVP

Certificate #3096

Details

Module Name
Secure Kernel Code Integrity
Standard
FIPS 140-2
Status
Active
Sunset Date
4/10/2023
Validation Dates
04/11/2018;10/16/2018;07/15/2019;08/27/2019
Overall Level
1
Caveat
When operated in FIPS mode with modules Windows OS Loader validated to FIPS 140-2 under Cert. #3090, #3194 or #3480 operating in FIPS mode or Windows Resume validated to FIPS 140-2 under Cert. #3091 operating in FIPS mode
Security Level Exceptions
  • Physical Security: N/A
  • Design Assurance: Level 2
Module Type
Software
Embodiment
Multi-Chip Stand Alone
Description
Secure Kernel Code Integrity (SKCI) running in the Virtual Secure Mode (VSM) of the Hyper-V hypervisor will only grant execute access to physical pages in the kernel that have been successfully verified. Executable pages will not have write permission outside of Hyper-V. Therefore, only verified code can be executed.
Tested Configuration(s)
  • Windows 10 Education April 2018 Update (x64) running on a Microsoft Surface Laptop without PAA [3]
  • Windows 10 Education Creators Update (x64) running on a Microsoft Surface Pro without PAA [1]
  • Windows 10 Education Fall Creators Update (x64) running on a Microsoft Surface Pro without PAA [2]
  • Windows 10 Enterprise April 2018 Update (x64) running on a Microsoft Surface Book 2 without PAA [3]
  • Windows 10 Enterprise April 2018 Update (x64) running on a Microsoft Surface Laptop without PAA [3]
  • Windows 10 Enterprise April 2018 Update (x64) running on a Microsoft Surface Pro LTE without PAA [3]
  • Windows 10 Enterprise April 2018 Update (x64) running on a Microsoft Surface Studio 2 with PAA [3]
  • Windows 10 Enterprise April 2018 Update (x64) running on a Microsoft Surface Studio without PAA [3]
  • Windows 10 Enterprise April 2018 Update (x64) running on an HP Pro x2 612 G2 Detachable PC with LTE without PAA [3]
  • Windows 10 Enterprise Creators Update (x64) running on a Microsoft Surface Book without PAA [1]
  • Windows 10 Enterprise Creators Update (x64) running on a Microsoft Surface Laptop without PAA [1]
  • Windows 10 Enterprise Creators Update (x64) running on a Microsoft Surface Pro 4 without PAA [1]
  • Windows 10 Enterprise Creators Update (x64) running on a Microsoft Surface Pro without PAA [1]
  • Windows 10 Enterprise Creators Update (x64) running on a Microsoft Surface Studio without PAA [1]
  • Windows 10 Enterprise Creators Update (x64) running on an HP Pro x2 612 G2 Detachable PC with LTE without PAA [1]
  • Windows 10 Enterprise Fall Creators Update (x64) running on a Microsoft Surface Book 2 without PAA [2]
  • Windows 10 Enterprise Fall Creators Update (x64) running on a Microsoft Surface Book without PAA [2]
  • Windows 10 Enterprise Fall Creators Update (x64) running on a Microsoft Surface Laptop without PAA [2]
  • Windows 10 Enterprise Fall Creators Update (x64) running on a Microsoft Surface Pro 4 without PAA [2]
  • Windows 10 Enterprise Fall Creators Update (x64) running on a Microsoft Surface Pro without PAA [2]
  • Windows 10 Enterprise Fall Creators Update (x64) running on a Microsoft Surface Studio without PAA [2]
  • Windows 10 Enterprise Fall Creators Update (x64) running on an HP Pro x2 612 G2 Detachable PC with LTE without PAA [2]
  • Windows 10 Pro April 2018 Update (x64) running on a Dell Latitude 12 Rugged Tablet without PAA [3]
  • Windows 10 Pro April 2018 Update (x64) running on a Dell Latitude 5290 without PAA [3]
  • Windows 10 Pro April 2018 Update (x64) running on a Microsoft Surface Book 2 without PAA [3]
  • Windows 10 Pro April 2018 Update (x64) running on a Microsoft Surface Go without PAA [3]
  • Windows 10 Pro April 2018 Update (x64) running on a Microsoft Surface Laptop 2 with PAA [3]
  • Windows 10 Pro April 2018 Update (x64) running on a Microsoft Surface Laptop without PAA [3]
  • Windows 10 Pro April 2018 Update (x64) running on a Microsoft Surface Pro 6 with PAA [3] (single-user mode)
  • Windows 10 Pro April 2018 Update (x64) running on a Microsoft Surface Pro LTE without PAA [3]
  • Windows 10 Pro April 2018 Update (x64) running on an HP Slimline Desktop with PAA [3]
  • Windows 10 Pro Creators Update (x64) on Hyper-V on Windows Server 2016 running on a Surface Pro 4 without PAA [1]
  • Windows 10 Pro Creators Update (x64) running on a Dell Latitude 5285 without PAA [1]
  • Windows 10 Pro Creators Update (x64) running on a Dell PowerEdge R630 Server without PAA [1]
  • Windows 10 Pro Creators Update (x64) running on a Dell Precision Tower 5810MT without PAA [1]
  • Windows 10 Pro Creators Update (x64) running on a Microsoft Surface Laptop without PAA [1]
  • Windows 10 Pro Creators Update (x64) running on a Microsoft Surface Pro 3 without PAA [1]
  • Windows 10 Pro Creators Update (x64) running on a Microsoft Surface Pro without PAA [1]
  • Windows 10 Pro Creators Update (x64) running on a Panasonic Toughbook without PAA [1]
  • Windows 10 Pro Creators Update (x64) running on an HP Compaq Pro 6305 without PAA [1]
  • Windows 10 Pro Creators Update (x64) running on an HP Slimline Desktop with PAA [1]
  • Windows 10 Pro Fall Creators Update (x64) on Hyper-V on Windows Server 2016 running on a Surface Pro 4 without PAA [2]
  • Windows 10 Pro Fall Creators Update (x64) running on a Dell Latitude 5285 without PAA [2]
  • Windows 10 Pro Fall Creators Update (x64) running on a Dell Latitude 5290 without PAA [2]
  • Windows 10 Pro Fall Creators Update (x64) running on a Dell PowerEdge R630 Server without PAA [2]
  • Windows 10 Pro Fall Creators Update (x64) running on a Dell Precision Tower 5810MT without PAA [2]
  • Windows 10 Pro Fall Creators Update (x64) running on a Microsoft Surface Laptop without PAA [2]
  • Windows 10 Pro Fall Creators Update (x64) running on a Microsoft Surface Pro 3 without PAA [2]
  • Windows 10 Pro Fall Creators Update (x64) running on a Microsoft Surface Pro without PAA [2]
  • Windows 10 Pro Fall Creators Update (x64) running on a Panasonic Toughbook without PAA [2]
  • Windows 10 Pro Fall Creators Update (x64) running on an HP Compaq Pro 6305 without PAA [2]
  • Windows 10 Pro Fall Creators Update (x64) running on an HP Slimline Desktop with PAA [2]
  • Windows 10 S Creators Update (x64) running on a Microsoft Surface Laptop without PAA [1]
  • Windows 10 S Fall Creators Update (x64) running on a Microsoft Surface Laptop without PAA [2]
  • Windows Server Datacenter Core (x64) on Hyper-V on Windows Server running on a Dell Precision Tower 5810MT without PAA [2][3]
  • Windows Server Datacenter Core (x64) running on a Dell PowerEdge R630 Server without PAA [2]
  • Windows Server Datacenter Core (x64) running on a Dell PowerEdge R740 Server without PAA [2][3]
  • Windows Server Datacenter Core (x64) running on a Dell Precision Tower 5810MT without PAA [2]
  • Windows Server Standard Core (x64) on Hyper-V on Windows Server 2016 running on a Dell PowerEdge R740 Server without PAA [3]
  • Windows Server Standard Core (x64) on Hyper-V on Windows Server running on a Dell Precision Tower 5810MT without PAA [2][3]
  • Windows Server Standard Core (x64) running on a Dell PowerEdge R630 Server without PAA [2]
  • Windows Server Standard Core (x64) running on a Dell PowerEdge R740 Server without PAA [2][3]
  • Windows Server Standard Core (x64) running on a Dell Precision Tower 5810MT without PAA [2]
FIPS Algorithms
AES Certs. #4624 and #4897
RSA Certs. #2522, #2523, #2668, #2674, #3080 and #3081
SHS Certs. #3790, #4009 and #4633
Allowed Algorithms
N/A
Software Versions
10.0.15063 [1], 10.0.16299 [2] and 10.0.17134 [3]

Vendor

Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Mike Grimm
FIPS@microsoft.com
Phone: 800-Microsoft

Related Files

Security Policy
Consolidated Certificate

Lab

LEIDOS CSTL
NVLAP Code: 200427-0