Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

    Projects Cryptographic Module Validation Program Validated Modules Search

Cryptographic Module Validation Program CMVP

Certificate #4687

Details

Module Name
Cryptographic Primitives Library
Standard
FIPS 140-2
Status
Active
Sunset Date
9/21/2026
Overall Level
1
Caveat
When operated in FIPS mode with modules Kernel Mode Cryptographic Primitives Library validated to FIPS 140-2 under Cert. #4670 operating in FIPS mode and Code Integrity validated to FIPS 140-2 under Cert. #4602 operating in FIPS mode or Secure Kernel Code Integrity validated to FIPS 140-2 under Cert. #4640 operating in FIPS mode
Security Level Exceptions
  • Design Assurance: Level 2
Module Type
Software-Hybrid
Embodiment
Multi-Chip Stand Alone
Description
The Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) provides cryptographic services to Windows components and applications. It includes cryptographic algorithms in an easy-to-use cryptographic module via the Cryptography Next Generation (CNG) API. It can be dynamically linked into applications for the use of general-purpose FIPS 140-2 validated cryptography.
Tested Configuration(s)
  • Windows Server 2019 Datacenter Core (x64) running on a Dell PowerEdge R640 Server with an Intel Xeon Gold 6230 with PAA
  • Windows Server 2019 Datacenter Core (x64) running on a Dell PowerEdge R840 Server with an Intel Xeon Platinum 8260 with PAA
  • Windows Server 2019 Datacenter Core (x64) running on a Dell XR2 with an Intel Xeon Silver 4114 with PAA
  • Windows Server 2019 Datacenter Core (x64) running on a Rugged Mobile Appliance with an Intel Xeon D-1559 with PAA (single-user mode)
Approved Algorithms
AES Certs. #C1577, #C1584, #C2044 and #C2050
CKG vendor affirmed
CVL Certs. #C1577 and #C2044
DRBG Certs. #C1577 and #C2044
DSA Certs. #C1577 and #C2044
ECDSA Certs. #C1577 and #C2044
HMAC Certs. #C1577 and #C2044
KAS Certs. #C1577 and #C2044
KBKDF Certs. #C1584 and #C2050
KTS AES Certs. #C1584 and #C2050; key establishment methodology provides between 128 and 256 bits of encryption strength
PBKDF vendor affirmed
RSA Certs. #C1577 and #C2044
SHS Certs. #C1577 and #C2044
Triple-DES Certs. #C1577 and #C2044
Allowed Algorithms
EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256-bits of encryption strength); NDRNG
Hardware Versions
Intel Xeon Silver 4114, Intel Xeon Gold 6230, Intel Xeon Platinum 8260 and Intel Xeon D-1559
Software Versions
10.0.17763.10021 and 10.0.17763.10127

Vendor

Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Mike Grimm
FIPS@microsoft.com
Phone: 800-Microsoft

Related Files

Security Policy
Consolidated Certificate

Validation History

Date Type Lab
4/3/2024 Initial LEIDOS CSTL