FIPS 140 validated modules for Windows 10
The following tables list the completed FIPS 140 validations of cryptographic modules used in Windows 10, organized by major release of the operating system. The linked Security Policy document for each module provides details on the module capabilities and the policies the operator must follow to use the module in its FIPS approved mode of operation. For information on using the overall operating system in its FIPS approved mode, see Use Windows in a FIPS approved mode of operation. For details on the FIPS approved algorithms used by each module, including CAVP algorithm certificates, see the module's linked Security Policy document or CMVP module certificate.
Windows 10, version 2004 (May 2020 Update)
Build: 10.0.19041. Validated Editions: Home, Pro, Enterprise, Education
| Cryptographic Module (linked to Security Policy document) | CMVP Certificate # | Validated Algorithms |
|---|---|---|
| BitLocker Dump Filter | #4538 | FIPS Approved: AES, RSA, and SHS |
| Boot Manager | #3923 | FIPS Approved: AES, CKG, HMAC, PBKDF, RSA, and SHS |
| Code Integrity | #4511 | FIPS Approved: AES, RSA, and SHS |
| Cryptographic Primitives Library | #4536 | FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: NDRNG |
| Kernel Mode Cryptographic Primitives Library | #4515 | FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: NDRNG |
| Secure Kernel Code Integrity | #4512 | FIPS Approved: AES, RSA, and SHS |
| TCB Launcher Applies only to Enterprise Edition. |
#4457 | FIPS Approved: AES, CKG, DRBG, RSA, and SHS; Other Allowed: NDRNG |
| Windows OS Loader | #4339 | FIPS Approved: AES, CKG, DRBG, RSA, and SHS; Other Allowed: NDRNG |
| Virtual TPM | #4537 | FIPS Approved: AES, CKG, CVL, DRBG, ECDSA, HMAC, KAS, KBKDF, KTS, RSA, and SHS; Other Allowed: NDRNG |
| Windows Resume | #4348 | FIPS Approved: AES, HMAC, KBKDF, RSA, and SHS |
Windows 10, version 1909 (November 2019 Update)
Build: 10.0.18363. Validated Editions: Home, Pro, Enterprise, Education
| Cryptographic Module (linked to Security Policy document) | CMVP Certificate # | Validated Algorithms |
|---|---|---|
| BitLocker Dump Filter | #4538 | FIPS Approved: AES, RSA, and SHS |
| Boot Manager | #3923 | FIPS Approved: AES, CKG, HMAC, PBKDF, RSA, and SHS |
| Code Integrity | #4511 | FIPS Approved: AES, RSA, and SHS |
| Cryptographic Primitives Library | #4536 | FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: NDRNG |
| Kernel Mode Cryptographic Primitives Library | #4515 | FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: NDRNG |
| Secure Kernel Code Integrity | #4512 | FIPS Approved: AES, RSA, and SHS |
| TCB Launcher Applies only to Enterprise Edition. |
#4457 | FIPS Approved: AES, CKG, DRBG, RSA, and SHS; Other Allowed: NDRNG |
| Windows OS Loader | #4339 | FIPS Approved: AES, CKG, DRBG, RSA, and SHS; Other Allowed: NDRNG |
| Virtual TPM | #4537 | FIPS Approved: AES, CKG, CVL, DRBG, ECDSA, HMAC, KAS, KBKDF, KTS, RSA, and SHS; Other Allowed: NDRNG |
| Windows Resume | #4348 | FIPS Approved: AES, HMAC, KBKDF, RSA, and SHS |
Windows 10, version 1903 (May 2019 Update)
Build: 10.0.18362. Validated Editions: Home, Pro, Enterprise, Education
| Cryptographic Module (linked to Security Policy document) | CMVP Certificate # | Validated Algorithms |
|---|---|---|
| BitLocker Dump Filter | #4538 | FIPS Approved: AES, RSA, and SHS |
| Boot Manager | #3923 | FIPS Approved: AES, CKG, HMAC, PBKDF, RSA, and SHS |
| Code Integrity | #4511 | FIPS Approved: AES, RSA, and SHS |
| Cryptographic Primitives Library | #4536 | FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: NDRNG |
| Kernel Mode Cryptographic Primitives Library | #4515 | FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: NDRNG |
| Secure Kernel Code Integrity | #4512 | FIPS Approved: AES, RSA, and SHS |
| Windows OS Loader | #4339 | FIPS Approved: AES, CKG, DRBG, RSA, and SHS; Other Allowed: NDRNG |
| Virtual TPM | #4537 | FIPS Approved: AES, CKG, CVL, DRBG, ECDSA, HMAC, KAS, KBKDF, KTS, RSA, and SHS; Other Allowed: NDRNG |
| Windows Resume | #4348 | FIPS Approved: AES, HMAC, KBKDF, RSA, and SHS |
Windows 10, version 1809 (October 2018 Update)
Build: 10.0.17763. Validated Editions: Home, Pro, Enterprise, Education
| Cryptographic Module (linked to Security Policy document) | CMVP Certificate # | Validated Algorithms |
|---|---|---|
| BitLocker Dump Filter | #3092 | FIPS Approved: AES, RSA, and SHS |
| Boot Manager | #3089 | FIPS Approved: AES, CKG, HMAC, PBKDF, RSA, and SHS |
| Code Integrity | #3644 | FIPS Approved: RSA and SHS |
| Cryptographic Primitives Library | #3197 | FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: HMAC-MD5, MD5, and NDRNG |
| Kernel Mode Cryptographic Primitives Library | #3196 | FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: HMAC-MD5, MD5, and NDRNG |
| Secure Kernel Code Integrity | #3651 | FIPS Approved: RSA and SHS |
| Virtual TPM | #3690 | FIPS Approved: AES, CKG, CVL, DRBG, ECDSA, HMAC, KAS, KBKDF, KTS, RSA, and SHS; Other Allowed: NDRNG |
| Windows OS Loader | #3615 | FIPS Approved: AES, CKG, DRBG, RSA, and SHS; Other Allowed: NDRNG |
Windows 10, version 1803 (April 2018 Update)
Build: 10.0.17134. Validated Editions: Home, Pro, Enterprise, Education
| Cryptographic Module (linked to Security Policy document) | CMVP Certificate # | Validated Algorithms |
|---|---|---|
| BitLocker Dump Filter | #3092 | FIPS Approved: AES, RSA, and SHS |
| Boot Manager | #3089 | FIPS Approved: AES, CKG, HMAC, PBKDF, RSA, and SHS |
| Code Integrity | #3195 | FIPS Approved: AES, RSA, and SHS |
| Cryptographic Primitives Library | #3197 | FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: HMAC-MD5, MD5, and NDRNG |
| Kernel Mode Cryptographic Primitives Library | #3196 | FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: HMAC-MD5, MD5, and NDRNG |
| Secure Kernel Code Integrity | #3096 | FIPS Approved: AES, RSA, and SHS |
| Windows OS Loader | #3480 | FIPS Approved: AES, CKG, DRBG, RSA, and SHS; Other Allowed: NDRNG |
Windows 10, version 1709 (Fall Creators Update)
Build: 10.0.16299. Validated Editions: Home, Pro, Enterprise, Education, S, Surface Hub, Mobile
| Cryptographic Module (linked to Security Policy document) | CMVP Certificate # | Validated Algorithms |
|---|---|---|
| BitLocker Dump Filter | #3092 | FIPS Approved: AES, RSA, and SHS |
| Boot Manager | #3089 | FIPS Approved: AES, CKG, HMAC, PBKDF, RSA, and SHS |
| Code Integrity | #3195 | FIPS Approved: AES, RSA, and SHS |
| Cryptographic Primitives Library | #3197 | FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: HMAC-MD5, MD5, and NDRNG |
| Kernel Mode Cryptographic Primitives Library | #3196 | FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: HMAC-MD5, MD5, and NDRNG |
| Secure Kernel Code Integrity | #3096 | FIPS Approved: AES, RSA, and SHS |
| Windows Resume | #3091 | FIPS Approved: AES, RSA, and SHS |
| Windows OS Loader | #3194 | FIPS Approved: AES, RSA, and SHS; Other Allowed: NDRNG |
Windows 10, version 1703 (Creators Update)
Build: 10.0.15063. Validated Editions: Home, Pro, Enterprise, Education, S, Surface Hub, Mobile
| Cryptographic Module (linked to Security Policy document) | CMVP Certificate # | Validated Algorithms |
|---|---|---|
| BitLocker Dump Filter Applies only to Pro, Enterprise, Education, S, Mobile, and Surface Hub Editions. |
#3092 | FIPS Approved: AES, RSA, and SHS |
| Boot Manager | #3089 | FIPS Approved: AES, CKG, HMAC, PBKDF, RSA, and SHS |
| Code Integrity (ci.dll) | #3093 | FIPS Approved: AES, RSA, and SHS |
| Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) | #3095 | FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: HMAC-MD5, MD5, and NDRNG |
| Kernel Mode Cryptographic Primitives Library (cng.sys) | #3094 | FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: HMAC-MD5, MD5, and NDRNG |
| Secure Kernel Code Integrity (skci.dll) Applies only to Pro, Enterprise, Education, and S Editions. |
#3096 | FIPS Approved: AES, RSA, and SHS |
| Windows OS Loader | #3090 | FIPS Approved: AES, RSA, and SHS |
| Windows Resume Applies only to Home, Pro, Enterprise, Education, and S Editions. |
#3091 | FIPS Approved: AES, RSA, and SHS |
Windows 10, version 1607 (Anniversary Update)
Build: 10.0.14393.1770. Validated Editions: Windows 10 (Home/Consumer), Pro, Enterprise, Enterprise LTSB, Mobile
| Cryptographic Module (linked to Security Policy document) | CMVP Certificate # | Validated Algorithms |
|---|---|---|
| BitLocker Windows OS Loader (winload) | #3502 | FIPS Approved: AES, RSA, and SHS; Other Allowed: NDRNG |
| BitLocker Windows Resume (winresume) Applies only to Home, Pro, Enterprise, and Enterprise LTSB Editions. |
#3501 | FIPS Approved: AES, RSA, and SHS |
| Boot Manager | #3487 | FIPS Approved: AES, HMAC, PBKDF, RSA, and SHS |
| Code Integrity (ci.dll) | #3510 | FIPS Approved: AES, RSA, and SHS |
| Secure Kernel Code Integrity (skci.dll) Applies only to Pro, Enterprise, and Enterprise LTSB Editions. |
#3513 | FIPS Approved: RSA and SHS; Other Allowed: MD5 |
Build: 10.0.14393. Validated Editions: Windows 10 (Home/Consumer), Pro, Enterprise, Enterprise LTSB, Mobile
| Cryptographic Module (linked to Security Policy document) | CMVP Certificate # | Validated Algorithms |
|---|---|---|
| BitLocker Dump Filter (dumpfve.sys) Applies only to Pro, Enterprise, Enterprise LTSB, and Mobile Editions. |
#2934 | FIPS Approved: AES |
| BitLocker Windows OS Loader (winload) | #2932 | FIPS Approved: AES, RSA, and SHS; Other Allowed: NDRNG |
| BitLocker Windows Resume (winresume) Applies only to Home, Pro, Enterprise, and Enterprise LTSB Editions. |
#2933 | FIPS Approved: AES, RSA, and SHS; Other Allowed: MD5 |
| Boot Manager | #2931 | FIPS Approved: AES, HMAC, PBKDF, RSA, and SHS; Other Allowed: MD5, Non-Compliant PBKDF, and VMK KDF |
| Code Integrity (ci.dll) | #2935 | FIPS Approved: RSA and SHS |
| Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) | #2937 | FIPS Approved: AES, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: HMAC-MD5 and MD5 |
| Kernel Mode Cryptographic Primitives Library (cng.sys) | #2936 | FIPS Approved: AES, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: HMAC-MD5, MD5, and NDRNG |
| Secure Kernel Code Integrity (skci.dll) Applies only to Pro, Enterprise, and Enterprise LTSB Editions. |
#2938 | FIPS Approved: RSA and SHS; Other Allowed: MD5 |
Windows 10, version 1511 (November Update)
Build: 10.0.10586.1176. Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, Surface Hub
| Cryptographic Module (linked to Security Policy document) | CMVP Certificate # | Validated Algorithms |
|---|---|---|
| BitLocker Windows OS Loader (winload) | #3451 | FIPS Approved: AES, RSA, and SHS |
| BitLocker Windows Resume (winresume) Applies only to Home, Pro, and Enterprise Editions. |
#3464 | FIPS Approved: AES, RSA, and SHS |
| Boot Manager | #3447 | FIPS Approved: AES, HMAC, PBKDF, RSA, and SHS |
| Code Integrity (ci.dll) | #3469 | FIPS Approved: AES, RSA, and SHS |
Build: 10.0.10586. Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, Surface Hub
| Cryptographic Module (linked to Security Policy document) | CMVP Certificate # | Validated Algorithms |
|---|---|---|
| BitLocker Dump Filter (dumpfve.sys) Applies only to Pro, Enterprise, Mobile, and Surface Hub Editions. |
#2703 | FIPS Approved: AES |
| BitLocker Windows OS Loader (winload) Applies only to Home, Pro, Enterprise, Mobile, and Surface Hub Editions. |
#2701 | FIPS Approved: AES, RSA, and SHS; Other Allowed: MD5 and NDRNG |
| BitLocker Windows Resume (winresume) Applies only to Home, Pro, and Enterprise Editions. |
#2702 | FIPS Approved: AES, RSA, and SHS; Other Allowed: MD5 |
| Boot Manager Applies only to Home, Pro, Enterprise, Mobile, and Surface Hub Editions. |
#2700 | FIPS Approved: AES, HMAC, PBKDF, RSA, and SHS; Other Allowed: MD5, Non-Compliant KDF, and Non-Compliant PBKDF |
| Code Integrity (ci.dll) | #2604 | FIPS Approved: RSA and SHS; Other Allowed: Non-Compliant AES and MD5 |
| Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) | #2606 | FIPS Approved: AES, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: HMAC-MD5, MD5, and NDRNG |
| Kernel Mode Cryptographic Primitives Library (cng.sys) | #2605 | FIPS Approved: AES, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: HMAC-MD5, MD5, and NDRNG |
| Secure Kernel Code Integrity (skci.dll) Applies only to Enterprise and Enterprise LTSB Editions. |
#2607 | FIPS Approved: RSA and SHS |
Windows 10, version 1507
Build: 10.0.10240.17643. Validated Editions: Enterprise LTSB
| Cryptographic Module (linked to Security Policy document) | CMVP Certificate # | Validated Algorithms |
|---|---|---|
| BitLocker Windows OS Loader (winload) | #3427 | FIPS Approved: AES, RSA, and SHS; Other Allowed: NDRNG |
| BitLocker Windows Resume (winresume) | #3426 | FIPS Approved: AES, RSA, and SHS |
| Boot Manager | #3415 | FIPS Approved: AES, HMAC, PBKDF, RSA, and SHS |
| Code Integrity (ci.dll) | #3437 | FIPS Approved: AES, RSA, and SHS |
Build: 10.0.10240. Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, and Surface Hub
| Cryptographic Module (linked to Security Policy document) | CMVP Certificate # | Validated Algorithms |
|---|---|---|
| BitLocker Dump Filter (dumpfve.sys) Applies only to Pro, Enterprise, and Enterprise LTSB Editions. |
#2603 | FIPS Approved: AES |
| BitLocker Windows OS Loader (winload) Applies only to Home, Pro, Enterprise, and Enterprise LTSB Editions. |
#2601 | FIPS Approved: AES, RSA, and SHS; Other Allowed: MD5 and NDRNG |
| BitLocker Windows Resume (winresume) Applies only to Home, Pro, Enterprise, and Enterprise LTSB Editions. |
#2602 | FIPS Approved: AES, RSA, and SHS; Other Allowed: MD5 |
| Boot Manager Applies only to Home, Pro, Enterprise, and Enterprise LTSB Editions. |
#2600 | FIPS Approved: AES, HMAC, KTS, PBKDF, RSA, and SHS; Other Allowed: MD5, Non-Compliant KDF, and Non-Compliant PBKDF |
| Code Integrity (ci.dll) | #2604 | FIPS Approved: RSA and SHS; Other Allowed: Non-Compliant AES and MD5 |
| Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) | #2606 | FIPS Approved: AES, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: HMAC-MD5, MD5, and NDRNG |
| Kernel Mode Cryptographic Primitives Library (cng.sys) | #2605 | FIPS Approved: AES, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: HMAC-MD5, MD5, and NDRNG |
| Secure Kernel Code Integrity (skci.dll) Applies only to Enterprise and Enterprise LTSB Editions. |
#2607 | FIPS Approved: RSA and SHS |