Редактиране

Споделяне чрез


FIPS 140 validated modules for Windows 10

The following tables list the completed FIPS 140 validations of cryptographic modules used in Windows 10, organized by major release of the operating system. The linked Security Policy document for each module provides details on the module capabilities and the policies the operator must follow to use the module in its FIPS approved mode of operation. For information on using the overall operating system in its FIPS approved mode, see Use Windows in a FIPS approved mode of operation. For details on the FIPS approved algorithms used by each module, including CAVP algorithm certificates, see the module's linked Security Policy document or CMVP module certificate.

Windows 10, version 2004 (May 2020 Update)

Build: 10.0.19041. Validated Editions: Home, Pro, Enterprise, Education

Cryptographic Module (linked to Security Policy document) CMVP Certificate # Validated Algorithms
BitLocker Dump Filter #4538 FIPS Approved: AES, RSA, and SHS
Boot Manager #3923 FIPS Approved: AES, CKG, HMAC, PBKDF, RSA, and SHS
Code Integrity #4511 FIPS Approved: AES, RSA, and SHS
Cryptographic Primitives Library #4536 FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: NDRNG
Kernel Mode Cryptographic Primitives Library #4515 FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: NDRNG
Secure Kernel Code Integrity #4512 FIPS Approved: AES, RSA, and SHS
TCB Launcher
Applies only to Enterprise Edition.
#4457 FIPS Approved: AES, CKG, DRBG, RSA, and SHS; Other Allowed: NDRNG
Windows OS Loader #4339 FIPS Approved: AES, CKG, DRBG, RSA, and SHS; Other Allowed: NDRNG
Virtual TPM #4537 FIPS Approved: AES, CKG, CVL, DRBG, ECDSA, HMAC, KAS, KBKDF, KTS, RSA, and SHS; Other Allowed: NDRNG
Windows Resume #4348 FIPS Approved: AES, HMAC, KBKDF, RSA, and SHS

Windows 10, version 1909 (November 2019 Update)

Build: 10.0.18363. Validated Editions: Home, Pro, Enterprise, Education

Cryptographic Module (linked to Security Policy document) CMVP Certificate # Validated Algorithms
BitLocker Dump Filter #4538 FIPS Approved: AES, RSA, and SHS
Boot Manager #3923 FIPS Approved: AES, CKG, HMAC, PBKDF, RSA, and SHS
Code Integrity #4511 FIPS Approved: AES, RSA, and SHS
Cryptographic Primitives Library #4536 FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: NDRNG
Kernel Mode Cryptographic Primitives Library #4515 FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: NDRNG
Secure Kernel Code Integrity #4512 FIPS Approved: AES, RSA, and SHS
TCB Launcher
Applies only to Enterprise Edition.
#4457 FIPS Approved: AES, CKG, DRBG, RSA, and SHS; Other Allowed: NDRNG
Windows OS Loader #4339 FIPS Approved: AES, CKG, DRBG, RSA, and SHS; Other Allowed: NDRNG
Virtual TPM #4537 FIPS Approved: AES, CKG, CVL, DRBG, ECDSA, HMAC, KAS, KBKDF, KTS, RSA, and SHS; Other Allowed: NDRNG
Windows Resume #4348 FIPS Approved: AES, HMAC, KBKDF, RSA, and SHS

Windows 10, version 1903 (May 2019 Update)

Build: 10.0.18362. Validated Editions: Home, Pro, Enterprise, Education

Cryptographic Module (linked to Security Policy document) CMVP Certificate # Validated Algorithms
BitLocker Dump Filter #4538 FIPS Approved: AES, RSA, and SHS
Boot Manager #3923 FIPS Approved: AES, CKG, HMAC, PBKDF, RSA, and SHS
Code Integrity #4511 FIPS Approved: AES, RSA, and SHS
Cryptographic Primitives Library #4536 FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: NDRNG
Kernel Mode Cryptographic Primitives Library #4515 FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: NDRNG
Secure Kernel Code Integrity #4512 FIPS Approved: AES, RSA, and SHS
Windows OS Loader #4339 FIPS Approved: AES, CKG, DRBG, RSA, and SHS; Other Allowed: NDRNG
Virtual TPM #4537 FIPS Approved: AES, CKG, CVL, DRBG, ECDSA, HMAC, KAS, KBKDF, KTS, RSA, and SHS; Other Allowed: NDRNG
Windows Resume #4348 FIPS Approved: AES, HMAC, KBKDF, RSA, and SHS

Windows 10, version 1809 (October 2018 Update)

Build: 10.0.17763. Validated Editions: Home, Pro, Enterprise, Education

Cryptographic Module (linked to Security Policy document) CMVP Certificate # Validated Algorithms
BitLocker Dump Filter #3092 FIPS Approved: AES, RSA, and SHS
Boot Manager #3089 FIPS Approved: AES, CKG, HMAC, PBKDF, RSA, and SHS
Code Integrity #3644 FIPS Approved: RSA and SHS
Cryptographic Primitives Library #3197 FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: HMAC-MD5, MD5, and NDRNG
Kernel Mode Cryptographic Primitives Library #3196 FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: HMAC-MD5, MD5, and NDRNG
Secure Kernel Code Integrity #3651 FIPS Approved: RSA and SHS
Virtual TPM #3690 FIPS Approved: AES, CKG, CVL, DRBG, ECDSA, HMAC, KAS, KBKDF, KTS, RSA, and SHS; Other Allowed: NDRNG
Windows OS Loader #3615 FIPS Approved: AES, CKG, DRBG, RSA, and SHS; Other Allowed: NDRNG

Windows 10, version 1803 (April 2018 Update)

Build: 10.0.17134. Validated Editions: Home, Pro, Enterprise, Education

Cryptographic Module (linked to Security Policy document) CMVP Certificate # Validated Algorithms
BitLocker Dump Filter #3092 FIPS Approved: AES, RSA, and SHS
Boot Manager #3089 FIPS Approved: AES, CKG, HMAC, PBKDF, RSA, and SHS
Code Integrity #3195 FIPS Approved: AES, RSA, and SHS
Cryptographic Primitives Library #3197 FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: HMAC-MD5, MD5, and NDRNG
Kernel Mode Cryptographic Primitives Library #3196 FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: HMAC-MD5, MD5, and NDRNG
Secure Kernel Code Integrity #3096 FIPS Approved: AES, RSA, and SHS
Windows OS Loader #3480 FIPS Approved: AES, CKG, DRBG, RSA, and SHS; Other Allowed: NDRNG

Windows 10, version 1709 (Fall Creators Update)

Build: 10.0.16299. Validated Editions: Home, Pro, Enterprise, Education, S, Surface Hub, Mobile

Cryptographic Module (linked to Security Policy document) CMVP Certificate # Validated Algorithms
BitLocker Dump Filter #3092 FIPS Approved: AES, RSA, and SHS
Boot Manager #3089 FIPS Approved: AES, CKG, HMAC, PBKDF, RSA, and SHS
Code Integrity #3195 FIPS Approved: AES, RSA, and SHS
Cryptographic Primitives Library #3197 FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: HMAC-MD5, MD5, and NDRNG
Kernel Mode Cryptographic Primitives Library #3196 FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: HMAC-MD5, MD5, and NDRNG
Secure Kernel Code Integrity #3096 FIPS Approved: AES, RSA, and SHS
Windows Resume #3091 FIPS Approved: AES, RSA, and SHS
Windows OS Loader #3194 FIPS Approved: AES, RSA, and SHS; Other Allowed: NDRNG

Windows 10, version 1703 (Creators Update)

Build: 10.0.15063. Validated Editions: Home, Pro, Enterprise, Education, S, Surface Hub, Mobile

Cryptographic Module (linked to Security Policy document) CMVP Certificate # Validated Algorithms
BitLocker Dump Filter
Applies only to Pro, Enterprise, Education, S, Mobile, and Surface Hub Editions.
#3092 FIPS Approved: AES, RSA, and SHS
Boot Manager #3089 FIPS Approved: AES, CKG, HMAC, PBKDF, RSA, and SHS
Code Integrity (ci.dll) #3093 FIPS Approved: AES, RSA, and SHS
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) #3095 FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: HMAC-MD5, MD5, and NDRNG
Kernel Mode Cryptographic Primitives Library (cng.sys) #3094 FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: HMAC-MD5, MD5, and NDRNG
Secure Kernel Code Integrity (skci.dll)
Applies only to Pro, Enterprise, Education, and S Editions.
#3096 FIPS Approved: AES, RSA, and SHS
Windows OS Loader #3090 FIPS Approved: AES, RSA, and SHS
Windows Resume
Applies only to Home, Pro, Enterprise, Education, and S Editions.
#3091 FIPS Approved: AES, RSA, and SHS

Windows 10, version 1607 (Anniversary Update)

Build: 10.0.14393.1770. Validated Editions: Windows 10 (Home/Consumer), Pro, Enterprise, Enterprise LTSB, Mobile

Cryptographic Module (linked to Security Policy document) CMVP Certificate # Validated Algorithms
BitLocker Windows OS Loader (winload) #3502 FIPS Approved: AES, RSA, and SHS; Other Allowed: NDRNG
BitLocker Windows Resume (winresume)
Applies only to Home, Pro, Enterprise, and Enterprise LTSB Editions.
#3501 FIPS Approved: AES, RSA, and SHS
Boot Manager #3487 FIPS Approved: AES, HMAC, PBKDF, RSA, and SHS
Code Integrity (ci.dll) #3510 FIPS Approved: AES, RSA, and SHS
Secure Kernel Code Integrity (skci.dll)
Applies only to Pro, Enterprise, and Enterprise LTSB Editions.
#3513 FIPS Approved: RSA and SHS; Other Allowed: MD5

Build: 10.0.14393. Validated Editions: Windows 10 (Home/Consumer), Pro, Enterprise, Enterprise LTSB, Mobile

Cryptographic Module (linked to Security Policy document) CMVP Certificate # Validated Algorithms
BitLocker Dump Filter (dumpfve.sys)
Applies only to Pro, Enterprise, Enterprise LTSB, and Mobile Editions.
#2934 FIPS Approved: AES
BitLocker Windows OS Loader (winload) #2932 FIPS Approved: AES, RSA, and SHS; Other Allowed: NDRNG
BitLocker Windows Resume (winresume)
Applies only to Home, Pro, Enterprise, and Enterprise LTSB Editions.
#2933 FIPS Approved: AES, RSA, and SHS; Other Allowed: MD5
Boot Manager #2931 FIPS Approved: AES, HMAC, PBKDF, RSA, and SHS; Other Allowed: MD5, Non-Compliant PBKDF, and VMK KDF
Code Integrity (ci.dll) #2935 FIPS Approved: RSA and SHS
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) #2937 FIPS Approved: AES, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: HMAC-MD5 and MD5
Kernel Mode Cryptographic Primitives Library (cng.sys) #2936 FIPS Approved: AES, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: HMAC-MD5, MD5, and NDRNG
Secure Kernel Code Integrity (skci.dll)
Applies only to Pro, Enterprise, and Enterprise LTSB Editions.
#2938 FIPS Approved: RSA and SHS; Other Allowed: MD5

Windows 10, version 1511 (November Update)

Build: 10.0.10586.1176. Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, Surface Hub

Cryptographic Module (linked to Security Policy document) CMVP Certificate # Validated Algorithms
BitLocker Windows OS Loader (winload) #3451 FIPS Approved: AES, RSA, and SHS
BitLocker Windows Resume (winresume)
Applies only to Home, Pro, and Enterprise Editions.
#3464 FIPS Approved: AES, RSA, and SHS
Boot Manager #3447 FIPS Approved: AES, HMAC, PBKDF, RSA, and SHS
Code Integrity (ci.dll) #3469 FIPS Approved: AES, RSA, and SHS

Build: 10.0.10586. Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, Surface Hub

Cryptographic Module (linked to Security Policy document) CMVP Certificate # Validated Algorithms
BitLocker Dump Filter (dumpfve.sys)
Applies only to Pro, Enterprise, Mobile, and Surface Hub Editions.
#2703 FIPS Approved: AES
BitLocker Windows OS Loader (winload)
Applies only to Home, Pro, Enterprise, Mobile, and Surface Hub Editions.
#2701 FIPS Approved: AES, RSA, and SHS; Other Allowed: MD5 and NDRNG
BitLocker Windows Resume (winresume)
Applies only to Home, Pro, and Enterprise Editions.
#2702 FIPS Approved: AES, RSA, and SHS; Other Allowed: MD5
Boot Manager
Applies only to Home, Pro, Enterprise, Mobile, and Surface Hub Editions.
#2700 FIPS Approved: AES, HMAC, PBKDF, RSA, and SHS; Other Allowed: MD5, Non-Compliant KDF, and Non-Compliant PBKDF
Code Integrity (ci.dll) #2604 FIPS Approved: RSA and SHS; Other Allowed: Non-Compliant AES and MD5
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) #2606 FIPS Approved: AES, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: HMAC-MD5, MD5, and NDRNG
Kernel Mode Cryptographic Primitives Library (cng.sys) #2605 FIPS Approved: AES, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: HMAC-MD5, MD5, and NDRNG
Secure Kernel Code Integrity (skci.dll)
Applies only to Enterprise and Enterprise LTSB Editions.
#2607 FIPS Approved: RSA and SHS

Windows 10, version 1507

Build: 10.0.10240.17643. Validated Editions: Enterprise LTSB

Cryptographic Module (linked to Security Policy document) CMVP Certificate # Validated Algorithms
BitLocker Windows OS Loader (winload) #3427 FIPS Approved: AES, RSA, and SHS; Other Allowed: NDRNG
BitLocker Windows Resume (winresume) #3426 FIPS Approved: AES, RSA, and SHS
Boot Manager #3415 FIPS Approved: AES, HMAC, PBKDF, RSA, and SHS
Code Integrity (ci.dll) #3437 FIPS Approved: AES, RSA, and SHS

Build: 10.0.10240. Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, and Surface Hub

Cryptographic Module (linked to Security Policy document) CMVP Certificate # Validated Algorithms
BitLocker Dump Filter (dumpfve.sys)
Applies only to Pro, Enterprise, and Enterprise LTSB Editions.
#2603 FIPS Approved: AES
BitLocker Windows OS Loader (winload)
Applies only to Home, Pro, Enterprise, and Enterprise LTSB Editions.
#2601 FIPS Approved: AES, RSA, and SHS; Other Allowed: MD5 and NDRNG
BitLocker Windows Resume (winresume)
Applies only to Home, Pro, Enterprise, and Enterprise LTSB Editions.
#2602 FIPS Approved: AES, RSA, and SHS; Other Allowed: MD5
Boot Manager
Applies only to Home, Pro, Enterprise, and Enterprise LTSB Editions.
#2600 FIPS Approved: AES, HMAC, KTS, PBKDF, RSA, and SHS; Other Allowed: MD5, Non-Compliant KDF, and Non-Compliant PBKDF
Code Integrity (ci.dll) #2604 FIPS Approved: RSA and SHS; Other Allowed: Non-Compliant AES and MD5
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) #2606 FIPS Approved: AES, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: HMAC-MD5, MD5, and NDRNG
Kernel Mode Cryptographic Primitives Library (cng.sys) #2605 FIPS Approved: AES, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: HMAC-MD5, MD5, and NDRNG
Secure Kernel Code Integrity (skci.dll)
Applies only to Enterprise and Enterprise LTSB Editions.
#2607 FIPS Approved: RSA and SHS