Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

    Projects Cryptographic Module Validation Program Validated Modules Search

Cryptographic Module Validation Program CMVP

Certificate #2605

Details

Module Name
Kernel Mode Cryptographic Primitives Library (cng.sys) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows 10 for Surface Hub
Standard
FIPS 140-2
Status
Historical
 Historical Reason
Moved to historical list due to sunsetting
Overall Level
1
Caveat
When operated in FIPS mode with modules BitLocker(R) Windows OS Loader (winload) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB validated to FIPS 140-2 under Cert. #2601 operating in FIPS mode or BitLocker(R) Windows Resume (winresume) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB validated to FIPS 140-2 under Cert. #2602 operating in FIPS mode or BitLocker(R) Windows OS Loader (winload) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Mobile, Windows 10 for Surface Hub validated to FIPS 140-2 under Cert. #2701 or #3451 operating in FIPS mode or BitLocker(R) Windows Resume (winresume) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise validated to FIPS 140-2 under Cert. #2702 or #3464 operating in FIPS mode or BitLocker(R) Windows OS Loader (winload) in Windows 10 Enterprise LTSB validated to FIPS 140-2 under Cert. #3427 operating in FIPS mode or BitLocker(R) Windows Resume (winresume) in Windows 10 Enterprise LTSB validated to FIPS 140-2 under Cert. #3426 operating in FIPS mode
Security Level Exceptions
  • Physical Security: N/A
  • Design Assurance: Level 2
Module Type
Software
Embodiment
Multi-Chip Stand Alone
Description
Kernel Mode Cryptographic Primitives Library (cng.sys) runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request IRP (I/O request packet).
Tested Configuration(s)
  • Windows 10 (x64) running on a Dell XPS 8700 with PAA [1][3][4]
  • Windows 10 (x64) running on a HP Compaq Pro 6305 with PAA [1][3][4]
  • Windows 10 (x86) running on a Dell Inspiron 660s without PAA [1][3][4]
  • Windows 10 Enterprise (x64) running on a HP Compaq Pro 6305 with PAA [1][3][4]
  • Windows 10 Enterprise (x64) running on a Microsoft Surface 3 with PAA [1][3][4]
  • Windows 10 Enterprise (x64) running on a Microsoft Surface Book with PAA [3][4]
  • Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA [1][3][4]
  • Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 3 with PAA [1][3][4]
  • Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 4 with PAA [3][4]
  • Windows 10 Enterprise (x64) running on a Microsoft Surface Pro with PAA [1][3][4]
  • Windows 10 Enterprise (x86) running on a Dell Inspiron 660s without PAA [1][3][4]
  • Windows 10 Enterprise LTSB (x64) running on a Dell XPS 8700 with PAA [1][2]
  • Windows 10 Enterprise LTSB (x64) running on a HP Compaq Pro 6305 with PAA [1][2]
  • Windows 10 Enterprise LTSB (x64) running on a Microsoft Surface 3 with PAA [2]
  • Windows 10 Enterprise LTSB (x64) running on a Microsoft Surface Pro 2 with PAA [2]
  • Windows 10 Enterprise LTSB (x64) running on a Microsoft Surface Pro 3 with PAA [2]
  • Windows 10 Enterprise LTSB (x64) running on a Microsoft Surface Pro with PAA [2] (single-user mode)
  • Windows 10 Enterprise LTSB (x86) running on a Dell Inspiron 660s without PAA [1][2]
  • Windows 10 for Surface Hub (x64) running on a Microsoft Surface Hub 55" with PAA [3][4]
  • Windows 10 for Surface Hub (x64) running on a Microsoft Surface Hub 84" with PAA [3][4]
  • Windows 10 Mobile (ARMv7) running on a Microsoft Lumia 635 [3][4]
  • Windows 10 Mobile (ARMv7) running on a Microsoft Lumia 950 [3][4]
  • Windows 10 Pro (x64) running on a HP Compaq Pro 6305 with PAA [1][3][4]
  • Windows 10 Pro (x64) running on a Microsoft Surface Book with PAA [3][4]
  • Windows 10 Pro (x64) running on a Microsoft Surface Pro 2 with PAA [1][3][4]
  • Windows 10 Pro (x64) running on a Microsoft Surface Pro 3 with PAA [1][3][4]
  • Windows 10 Pro (x64) running on a Microsoft Surface Pro 4 with PAA [3][4]
  • Windows 10 Pro (x64) running on a Microsoft Surface Pro with PAA [1][3][4]
  • Windows 10 Pro (x86) running on a Dell Inspiron 660s without PAA [1][3][4]
Approved Algorithms
AES Certs. #3497, #3629, #5287 and #5291
CVL Certs. #576, #663, #1755 and #1758
DRBG Certs. #868, #955, #2033 and #2035
DSA Certs. #983, #1024, #1369 and #1370
ECDSA Certs. #706, #760, #1381 and #1383
HMAC Certs. #2233, #2381, #3494 and #3496
KAS Certs. #64, #72, #169 and #170
KBKDF Certs. #66, #72, #183 and #184
KTS AES Certs. #3507, #3653, #5290 and #5294; key establishment methodology provides between 128 and 256 bits of encryption strength
PBKDF vendor affirmed
RSA Certs. #1783, #1784, #1798, #1802, #1871, #1887, #1888, #1889, #2821, #2825, #2827, #2828, #2829, #2830, #2831 and #2835
SHS Certs. #2871, #2886, #3047, #3048, #4240, #4246, #4248 and #4249
Triple-DES Certs. #1969, #2024, #2672 and #2674
Other Algorithms
HMAC-MD5; MD5; NDRNG
Software Versions
10.0.10240 [1], 10.0.10240.17643 [2], 10.0.10586 [3], 10.0.10586.1176 [4]

Vendor

Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Mike Grimm
FIPS@microsoft.com
Phone: 800-Microsoft

Related Files

Security Policy
Consolidated Certificate

Validation History

Date Type Lab
6/2/2016 Initial LEIDOS CSTL
8/26/2016 Update LEIDOS CSTL
6/6/2019 Update LEIDOS CSTL