FIPS 140 validated modules in Windows Server semi-annual releases
The following tables list the completed FIPS 140 validations of cryptographic modules used in Windows Server semi-annual releases, organized by major release of the operating system. The linked Security Policy document for each module provides details on the module capabilities and the policies the operator must follow to use the module in its FIPS approved mode of operation. For information on using the overall operating system in its FIPS approved mode, see Use Windows in a FIPS approved mode of operation. For details on the FIPS approved algorithms used by each module, including CAVP algorithm certificates, see the module's linked Security Policy document or CMVP module certificate.
Windows Server, version 2004 (May 2020 Update)
Build: 10.0.19041. Validated Editions: Standard Core, Datacenter Core
| Cryptographic Module (linked to Security Policy document) | CMVP Certificate # | Validated Algorithms |
|---|---|---|
| BitLocker Dump Filter | #4538 | FIPS Approved: AES, RSA, and SHS |
| Boot Manager | #3923 | FIPS Approved: AES, CKG, HMAC, PBKDF, RSA, and SHS |
| Code Integrity | #4511 | FIPS Approved: AES, RSA, and SHS |
| Cryptographic Primitives Library | #4536 | FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: NDRNG |
| Kernel Mode Cryptographic Primitives Library | #4515 | FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: NDRNG |
| Secure Kernel Code Integrity | #4512 | FIPS Approved: AES, RSA, and SHS |
| Virtual TPM | #4537 | FIPS Approved: AES, CKG, CVL, DRBG, ECDSA, HMAC, KAS, KBKDF, KTS, RSA, and SHS; Other Allowed: NDRNG |
| Windows OS Loader | #4339 | FIPS Approved: AES, CKG, DRBG, RSA, and SHS; Other Allowed: NDRNG |
Windows Server, version 1909 (November 2019 Update)
Build: 10.0.18363. Validated Editions: Standard Core, Datacenter Core
| Cryptographic Module (linked to Security Policy document) | CMVP Certificate # | Validated Algorithms |
|---|---|---|
| BitLocker Dump Filter | #4538 | FIPS Approved: AES, RSA, and SHS |
| Boot Manager | #3923 | FIPS Approved: AES, CKG, HMAC, PBKDF, RSA, and SHS |
| Code Integrity | #4511 | FIPS Approved: AES, RSA, and SHS |
| Cryptographic Primitives Library | #4536 | FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: NDRNG |
| Kernel Mode Cryptographic Primitives Library | #4515 | FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: NDRNG |
| Secure Kernel Code Integrity | #4512 | FIPS Approved: AES, RSA, and SHS |
| Virtual TPM | #4537 | FIPS Approved: AES, CKG, CVL, DRBG, ECDSA, HMAC, KAS, KBKDF, KTS, RSA, and SHS; Other Allowed: NDRNG |
| Windows OS Loader | #4339 | FIPS Approved: AES, CKG, DRBG, RSA, and SHS; Other Allowed: NDRNG |
Windows Server, version 1903 (May 2019 Update)
Build: 10.0.18362. Validated Editions: Standard Core, Datacenter Core
| Cryptographic Module (linked to Security Policy document) | CMVP Certificate # | Validated Algorithms |
|---|---|---|
| BitLocker Dump Filter | #4538 | FIPS Approved: AES, RSA, and SHS |
| Boot Manager | #3923 | FIPS Approved: AES, CKG, HMAC, PBKDF, RSA, and SHS |
| Code Integrity | #4511 | FIPS Approved: AES, RSA, and SHS |
| Cryptographic Primitives Library | #4536 | FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: NDRNG |
| Kernel Mode Cryptographic Primitives Library | #4515 | FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: NDRNG |
| Secure Kernel Code Integrity | #4512 | FIPS Approved: AES, RSA, and SHS |
| Virtual TPM | #4537 | FIPS Approved: AES, CKG, CVL, DRBG, ECDSA, HMAC, KAS, KBKDF, KTS, RSA, and SHS; Other Allowed: NDRNG |
| Windows OS Loader | #4339 | FIPS Approved: AES, CKG, DRBG, RSA, and SHS; Other Allowed: NDRNG |
Windows Server, version 1809
Build: 10.0.17763. Validated Editions: Standard Core, Datacenter Core
| Cryptographic Module (linked to Security Policy document) | CMVP Certificate # | Validated Algorithms |
|---|---|---|
| BitLocker Dump Filter | #3092 | FIPS Approved: AES, RSA, and SHS |
| Boot Manager | #3089 | FIPS Approved: AES, CKG, HMAC, PBKDF, RSA, and SHS |
| Code Integrity | #3644 | FIPS Approved: RSA and SHS |
| Cryptographic Primitives Library | #3197 | FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: HMAC-MD5, MD5, and NDRNG |
| Kernel Mode Cryptographic Primitives Library | #3196 | FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: HMAC-MD5, MD5, and NDRNG |
| Secure Kernel Code Integrity | #3651 | FIPS Approved: RSA and SHS |
| Virtual TPM | #3690 | FIPS Approved: AES, CKG, CVL, DRBG, ECDSA, HMAC, KAS, KBKDF, KTS, RSA, and SHS; Other Allowed: NDRNG |
| Windows OS Loader | #3615 | FIPS Approved: AES, CKG, DRBG, RSA, and SHS; Other Allowed: NDRNG |
Windows Server, version 1803
Build: 10.0.17134. Validated Editions: Standard Core, Datacenter Core
| Cryptographic Module (linked to Security Policy document) | CMVP Certificate # | Validated Algorithms |
|---|---|---|
| BitLocker Dump Filter | #3092 | FIPS Approved: AES, RSA, and SHS |
| Boot Manager | #3089 | FIPS Approved: AES, CKG, HMAC, PBKDF, RSA, and SHS |
| Code Integrity | #3195 | FIPS Approved: AES, RSA, and SHS |
| Cryptographic Primitives Library | #3197 | FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: HMAC-MD5, MD5, and NDRNG |
| Kernel Mode Cryptographic Primitives Library | #3196 | FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: HMAC-MD5, MD5, and NDRNG |
| Secure Kernel Code Integrity | #3096 | FIPS Approved: AES, RSA, and SHS |
| Windows OS Loader | #3480 | FIPS Approved: AES, CKG, DRBG, RSA, and SHS; Other Allowed: NDRNG |
Windows Server, version 1709
Build: 10.0.16299. Validated Editions: Standard Core, Datacenter Core
| Cryptographic Module (linked to Security Policy document) | CMVP Certificate # | Validated Algorithms |
|---|---|---|
| BitLocker Dump Filter | #3092 | FIPS Approved: AES, RSA, and SHS |
| Boot Manager | #3089 | FIPS Approved: AES, CKG, HMAC, PBKDF, RSA, and SHS |
| Code Integrity | #3195 | FIPS Approved: AES, RSA, and SHS |
| Cryptographic Primitives Library | #3197 | FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: HMAC-MD5, MD5, and NDRNG |
| Kernel Mode Cryptographic Primitives Library | #3196 | FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: HMAC-MD5, MD5, and NDRNG |
| Secure Kernel Code Integrity | #3096 | FIPS Approved: AES, RSA, and SHS |
| Windows OS Loader | #3194 | FIPS Approved: AES, RSA, and SHS; Other Allowed: NDRNG |