Cryptographic Module Validation Program CMVP

Certificate #3096

Details

Module Name
Secure Kernel Code Integrity
Standard
FIPS 140-2
Status
Active
Sunset Date
4/10/2023
Validation Dates
04/11/2018;10/16/2018;07/15/2019;08/27/2019
Overall Level
1
Caveat
When operated in FIPS mode with modules Windows OS Loader validated to FIPS 140-2 under Cert. #3090, #3194 or #3480 operating in FIPS mode or Windows Resume validated to FIPS 140-2 under Cert. #3091 operating in FIPS mode
Security Level Exceptions
  • Physical Security: N/A
  • Design Assurance: Level 2
Module Type
Software
Embodiment
Multi-Chip Stand Alone
Description
Secure Kernel Code Integrity (SKCI) running in the Virtual Secure Mode (VSM) of the Hyper-V hypervisor will only grant execute access to physical pages in the kernel that have been successfully verified. Executable pages will not have write permission outside of Hyper-V. Therefore, only verified code can be executed.
Tested Configuration(s)
  • Windows 10 Education April 2018 Update (x64) running on a Microsoft Surface Laptop without PAA [3]
  • Windows 10 Education Creators Update (x64) running on a Microsoft Surface Pro without PAA [1]
  • Windows 10 Education Fall Creators Update (x64) running on a Microsoft Surface Pro without PAA [2]
  • Windows 10 Enterprise April 2018 Update (x64) running on a Microsoft Surface Book 2 without PAA [3]
  • Windows 10 Enterprise April 2018 Update (x64) running on a Microsoft Surface Laptop without PAA [3]
  • Windows 10 Enterprise April 2018 Update (x64) running on a Microsoft Surface Pro LTE without PAA [3]
  • Windows 10 Enterprise April 2018 Update (x64) running on a Microsoft Surface Studio 2 with PAA [3]
  • Windows 10 Enterprise April 2018 Update (x64) running on a Microsoft Surface Studio without PAA [3]
  • Windows 10 Enterprise April 2018 Update (x64) running on an HP Pro x2 612 G2 Detachable PC with LTE without PAA [3]
  • Windows 10 Enterprise Creators Update (x64) running on a Microsoft Surface Book without PAA [1]
  • Windows 10 Enterprise Creators Update (x64) running on a Microsoft Surface Laptop without PAA [1]
  • Windows 10 Enterprise Creators Update (x64) running on a Microsoft Surface Pro 4 without PAA [1]
  • Windows 10 Enterprise Creators Update (x64) running on a Microsoft Surface Pro without PAA [1]
  • Windows 10 Enterprise Creators Update (x64) running on a Microsoft Surface Studio without PAA [1]
  • Windows 10 Enterprise Creators Update (x64) running on an HP Pro x2 612 G2 Detachable PC with LTE without PAA [1]
  • Windows 10 Enterprise Fall Creators Update (x64) running on a Microsoft Surface Book 2 without PAA [2]
  • Windows 10 Enterprise Fall Creators Update (x64) running on a Microsoft Surface Book without PAA [2]
  • Windows 10 Enterprise Fall Creators Update (x64) running on a Microsoft Surface Laptop without PAA [2]
  • Windows 10 Enterprise Fall Creators Update (x64) running on a Microsoft Surface Pro 4 without PAA [2]
  • Windows 10 Enterprise Fall Creators Update (x64) running on a Microsoft Surface Pro without PAA [2]
  • Windows 10 Enterprise Fall Creators Update (x64) running on a Microsoft Surface Studio without PAA [2]
  • Windows 10 Enterprise Fall Creators Update (x64) running on an HP Pro x2 612 G2 Detachable PC with LTE without PAA [2]
  • Windows 10 Pro April 2018 Update (x64) running on a Dell Latitude 12 Rugged Tablet without PAA [3]
  • Windows 10 Pro April 2018 Update (x64) running on a Dell Latitude 5290 without PAA [3]
  • Windows 10 Pro April 2018 Update (x64) running on a Microsoft Surface Book 2 without PAA [3]
  • Windows 10 Pro April 2018 Update (x64) running on a Microsoft Surface Go without PAA [3]
  • Windows 10 Pro April 2018 Update (x64) running on a Microsoft Surface Laptop 2 with PAA [3]
  • Windows 10 Pro April 2018 Update (x64) running on a Microsoft Surface Laptop without PAA [3]
  • Windows 10 Pro April 2018 Update (x64) running on a Microsoft Surface Pro 6 with PAA [3] (single-user mode)
  • Windows 10 Pro April 2018 Update (x64) running on a Microsoft Surface Pro LTE without PAA [3]
  • Windows 10 Pro April 2018 Update (x64) running on an HP Slimline Desktop with PAA [3]
  • Windows 10 Pro Creators Update (x64) on Hyper-V on Windows Server 2016 running on a Surface Pro 4 without PAA [1]
  • Windows 10 Pro Creators Update (x64) running on a Dell Latitude 5285 without PAA [1]
  • Windows 10 Pro Creators Update (x64) running on a Dell PowerEdge R630 Server without PAA [1]
  • Windows 10 Pro Creators Update (x64) running on a Dell Precision Tower 5810MT without PAA [1]
  • Windows 10 Pro Creators Update (x64) running on a Microsoft Surface Laptop without PAA [1]
  • Windows 10 Pro Creators Update (x64) running on a Microsoft Surface Pro 3 without PAA [1]
  • Windows 10 Pro Creators Update (x64) running on a Microsoft Surface Pro without PAA [1]
  • Windows 10 Pro Creators Update (x64) running on a Panasonic Toughbook without PAA [1]
  • Windows 10 Pro Creators Update (x64) running on an HP Compaq Pro 6305 without PAA [1]
  • Windows 10 Pro Creators Update (x64) running on an HP Slimline Desktop with PAA [1]
  • Windows 10 Pro Fall Creators Update (x64) on Hyper-V on Windows Server 2016 running on a Surface Pro 4 without PAA [2]
  • Windows 10 Pro Fall Creators Update (x64) running on a Dell Latitude 5285 without PAA [2]
  • Windows 10 Pro Fall Creators Update (x64) running on a Dell Latitude 5290 without PAA [2]
  • Windows 10 Pro Fall Creators Update (x64) running on a Dell PowerEdge R630 Server without PAA [2]
  • Windows 10 Pro Fall Creators Update (x64) running on a Dell Precision Tower 5810MT without PAA [2]
  • Windows 10 Pro Fall Creators Update (x64) running on a Microsoft Surface Laptop without PAA [2]
  • Windows 10 Pro Fall Creators Update (x64) running on a Microsoft Surface Pro 3 without PAA [2]
  • Windows 10 Pro Fall Creators Update (x64) running on a Microsoft Surface Pro without PAA [2]
  • Windows 10 Pro Fall Creators Update (x64) running on a Panasonic Toughbook without PAA [2]
  • Windows 10 Pro Fall Creators Update (x64) running on an HP Compaq Pro 6305 without PAA [2]
  • Windows 10 Pro Fall Creators Update (x64) running on an HP Slimline Desktop with PAA [2]
  • Windows 10 S Creators Update (x64) running on a Microsoft Surface Laptop without PAA [1]
  • Windows 10 S Fall Creators Update (x64) running on a Microsoft Surface Laptop without PAA [2]
  • Windows Server Datacenter Core (x64) on Hyper-V on Windows Server running on a Dell Precision Tower 5810MT without PAA [2][3]
  • Windows Server Datacenter Core (x64) running on a Dell PowerEdge R630 Server without PAA [2]
  • Windows Server Datacenter Core (x64) running on a Dell PowerEdge R740 Server without PAA [2][3]
  • Windows Server Datacenter Core (x64) running on a Dell Precision Tower 5810MT without PAA [2]
  • Windows Server Standard Core (x64) on Hyper-V on Windows Server 2016 running on a Dell PowerEdge R740 Server without PAA [3]
  • Windows Server Standard Core (x64) on Hyper-V on Windows Server running on a Dell Precision Tower 5810MT without PAA [2][3]
  • Windows Server Standard Core (x64) running on a Dell PowerEdge R630 Server without PAA [2]
  • Windows Server Standard Core (x64) running on a Dell PowerEdge R740 Server without PAA [2][3]
  • Windows Server Standard Core (x64) running on a Dell Precision Tower 5810MT without PAA [2]
FIPS Algorithms
AES Certs. #4624 and #4897
RSA Certs. #2522, #2523, #2668, #2674, #3080 and #3081
SHS Certs. #3790, #4009 and #4633
Allowed Algorithms
N/A
Software Versions
10.0.15063 [1], 10.0.16299 [2] and 10.0.17134 [3]

Vendor

Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Mike Grimm
FIPS@microsoft.com
Phone: 800-Microsoft

Lab

LEIDOS CSTL
NVLAP Code: 200427-0