Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cryptographic Module Validation Program CMVP

Certificate #4766

Details

Module Name
Kernel Mode Cryptographic Primitives Library
Standard
FIPS 140-2
Status
Active
Sunset Date
9/21/2026
Overall Level
1
Caveat
When operated in FIPS mode with modules Windows OS Loader validated to FIPS 140-2 under Cert. #4339 operating in FIPS mode, Windows Resume validated to FIPS 140-2 under Cert. #4348 operating in FIPS mode, or TCB Launcher under Cert. #4457 operating in FIPS mode
Security Level Exceptions
  • Physical Security: N/A
  • Design Assurance: Level 2
Module Type
Software
Embodiment
Multi-Chip Stand Alone
Description
Kernel Mode Cryptographic Primitives Library (cng.sys) runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request IRP (I/O request packet).
Tested Configuration(s)
  • Azure Host OS 2021 (64-bit) running on a Dell PowerEdge R840 with an Intel Xeon Platinum 8260 with PAA
  • Azure Stack HCI version 21H2 (64-bit) running on an HPE ProLiant DL380 with an Intel Xeon Platinum 8276L with PAA
  • Windows 10 version 20H2 Enterprise (64-bit) running on a Dell Latitude 7420 with an Intel i7-1185G7 with PAA
  • Windows 10 version 20H2 Enterprise (64-bit) running on a Dell Latitude 9520 with an Intel i7-1185G7 with PAA
  • Windows 10 version 20H2 Pro (64-bit) running on a Dell Latitude 3520 with an Intel i3-1115G4 with PAA
  • Windows 10 version 20H2 Pro (64-bit) running on a Microsoft Surface Laptop 4 with an Intel i5-1145G7 with PAA
  • Windows 10 version 20H2 Pro (64-bit) running on an HP EliteBook x360 830 G8 with an Intel i7-1165G7 with PAA
  • Windows 10 version 21H1 Pro (64-bit) running on a HP EliteBook x360 830 G8 with an Intel i7-1165G7 with PAA
  • Windows 10 version 21H1 Pro (64-bit) running on a Microsoft Surface Laptop 4 with an Intel i5-1145G7 with PAA
  • Windows 11 (64-bit) running on a Microsoft Surface Laptop 4 with an Intel i5-1145G7 with PAA
  • Windows Server 2022 Core (64-bit) on Microsoft Windows Server 2019 Hyper-V running on a Dell PowerEdge R630 with an Intel Xeon E5-2660 with PAA
  • Windows Server 2022 Core Datacenter (64-bit) on Microsoft Windows Server 2019 Hyper-V running on a Dell PowerEdge R630 with an Intel Xeon E5-2660 with PAA
  • Windows Server 2022 Core Datacenter (64-bit) running on an HPE ProLiant E910 with an Intel Xeon Gold 6248 without PAA
  • Windows Server 20H2 Core (64-bit) on Microsoft Windows Server 2019 Hyper-V running on a Dell PowerEdge R630 with an Intel Xeon E5-2660 with PAA
  • Windows Server 20H2 Core Datacenter (64-bit) on Microsoft Windows Server 2019 Hyper-V running on a Dell PowerEdge R630 with an Intel Xeon E5-2660 with PAA
  • Windows Server Azure Edition (64-bit) running on a Dell PowerEdge R840 with an Intel Xeon Platinum 8260 with PAA (single-user mode)
Approved Algorithms
AES Certs. #A2001, #A2004, #A2019, #A2023, #A2025, #A2031, #A2066 and #A2069
CKG vendor affirmed
CVL Certs. #A2004, #A2019, #A2025 and #A2066
DRBG Certs. #A2004, #A2019, #A2025 and #A2066
DSA Certs. #A2004, #A2019, #A2025 and #A2066
ECDSA Certs. #A2004, #A2019, #A2025 and #A2066
ENT P
HMAC Certs. #A2004, #A2019, #A2025 and #A2066
KAS Certs. #A2004, #A2019, #A2025 and #A2066
KAS-SSC Certs. #A2004, #A2019, #A2025 and #A2066
KBKDF Certs. #A2001, #A2023, #A2031 and #A2069
KTS AES Certs. #A2001, #A2023, #A2031 and #A2069; key establishment methodology provides between 128 and 256 bits of encryption strength
PBKDF Certs. #A2004, #A2019, #A2025 and #A2066
RSA Certs. #A2003, #A2004, #A2018, #A2019, #A2024, #A2025, #A2066 and #A2071
SHS Certs. #A2004, #A2019, #A2025 and #A2066
Triple-DES Certs. #A2004, #A2019, #A2025 and #A2066
Software Versions
10.0.19042, 10.0.19043, 10.0.20348 and 10.0.22000

Vendor

Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Mike Grimm
FIPS@microsoft.com
Phone: 800-Microsoft

Validation History

Date Type Lab
8/19/2024 Initial LEIDOS CSTL