Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Cryptographic Module Validation Program

Certificate #2936

Details

Module Name
Kernel Mode Cryptographic Primitives Library (cng.sys) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016
Standard
FIPS 140-2
Status
Active
Sunset Date
1/25/2022
Validation Dates
1/26/2017
8/7/2019
Overall Level
1
Caveat
When operated in FIPS mode with modules BitLocker(R) Windows OS Loader (winload) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 validated to FIPS 140-2 under Cert. #2932 or #3502 operating in FIPS mode or BitLocker(R) Windows Resume (winresume) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 validated to FIPS 140-2 under Cert. #2933 or #3501 operating in FIPS mode
Security Level Exceptions
  • Physical Security: N/A
  • Design Assurance: Level 2
Module Type
Software
Embodiment
Multi-Chip Stand Alone
Description
Kernel Mode Cryptographic Primitives Library (cng.sys) runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request IRP (I/O request packet).
Tested Configuration(s)
  • Windows 10 Anniversary Update (x64) running on a Dell XPS 8700 with PAA
  • Windows 10 Anniversary Update (x64) running on a Microsoft Surface 3 with PAA
  • Windows 10 Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
  • Windows 10 Enterprise Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
  • Windows 10 Enterprise Anniversary Update (x64) running on a HP Compaq Pro 6305 with PAA
  • Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Book with PAA
  • Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA
  • Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA
  • Windows 10 Enterprise Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
  • Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
  • Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell XPS 8700 with PAA
  • Windows 10 Enterprise LTSB Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
  • Windows 10 Mobile Anniversary Update (ARMv7) running on a Microsoft Lumia 950 (single-user mode)
  • Windows 10 Pro Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
  • Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Book with PAA
  • Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA
  • Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA
  • Windows 10 Pro Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
  • Windows Server 2016 Datacenter Edition (x64) running on a Dell PowerEdge R630 Server with PAA
  • Windows Server 2016 Standard Edition (x64) running on a Dell PowerEdge R630 Server with PAA
  • Windows Server 2016 Standard Edition (x64) running on a HP Compaq Pro 6305 with PAA
  • Windows Storage Server 2016 (x64) running on a Dell PowerEdge R630 Server with PAA
FIPS Algorithms
AES Certs. #4064 and #5295
CVL Certs. #886, #887, #1762 and #1763
DRBG Certs. #1217 and #2036
DSA Certs. #1098 and #1371
ECDSA Certs. #911 and #1384
HMAC Certs. #2651 and #3497
KAS Certs. #92 and #171
KBKDF Certs. #101 and #185
KTS AES Certs. #4062 and #5298; key establishment methodology provides between 128 and 256 bits of encryption strength
PBKDF vendor affirmed
RSA Certs. #2192, #2193, #2195, #2833, #2834 and #2847
SHS Certs. #3347 and #4250
Triple-DES Certs. #2227 and #2675
Other Algorithms
HMAC-MD5; MD5; NDRNG
Software Versions
10.0.14393 and 10.0.14393.1770

Vendor

Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Mike Grimm
FIPS@microsoft.com
Phone: 800-Microsoft

Lab

LEIDOS ACCREDITED TESTING & EVALUATION (AT&E)
NVLAP Code: 200427-0