FIPS 140 validated modules in Windows Server 2016
The following tables list the completed FIPS 140 validations of cryptographic modules used in Windows Server 2016, organized by major release of the operating system. The linked Security Policy document for each module provides details on the module capabilities and the policies the operator must follow to use the module in its FIPS approved mode of operation. For information on using the overall operating system in its FIPS approved mode, see Use Windows in a FIPS approved mode of operation. For details on the FIPS approved algorithms used by each module, including CAVP algorithm certificates, see the module's linked Security Policy document or CMVP module certificate.
Windows Server 2016
Build: 10.0.14393.1770. Validated Editions: Standard, Datacenter, Storage Server.
| Cryptographic Module (linked to Security Policy document) | CMVP Certificate # | Validated Algorithms |
|---|---|---|
| BitLocker Windows OS Loader (winload) | #3502 | FIPS Approved: AES, RSA, and SHS; Other Allowed: NDRNG |
| BitLocker Windows Resume (winresume) | #3501 | FIPS Approved: AES, RSA, and SHS |
| Boot Manager | #3487 | FIPS Approved: AES, HMAC, PBKDF, RSA, and SHS |
| Code Integrity (ci.dll) | #3510 | FIPS Approved: AES, RSA, and SHS |
| Secure Kernel Code Integrity (skci.dll) | #3513 | FIPS Approved: RSA and SHS; Other Allowed: MD5 |
Build: 10.0.14393. Validated Editions: Standard, Datacenter, Storage Server.
| Cryptographic Module (linked to Security Policy document) | CMVP Certificate # | Validated Algorithms |
|---|---|---|
| BitLocker Dump Filter (dumpfve.sys) | #2934 | FIPS Approved: AES |
| BitLocker Windows OS Loader (winload) | #2932 | FIPS Approved: AES, RSA, and SHS; Other: NDRNG |
| BitLocker Windows Resume (winresume) | #2933 | FIPS Approved: AES, RSA, and SHS; Other: MD5 |
| Boot Manager | #2931 | FIPS Approved: AES, HMAC, PBKDF, RSA, and SHS; Other: MD5, Non-Compliant PBKDF, and VMK KDF |
| Code Integrity (ci.dll) | #2935 | FIPS Approved: RSA and SHS |
| Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) | #2937 | FIPS Approved: AES, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other: HMAC-MD5 and MD5. |
| Kernel Mode Cryptographic Primitives Library (cng.sys) | #2936 | FIPS Approved: AES, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other: HMAC-MD5, MD5, and NDRNG |
| Secure Kernel Code Integrity (skci.dll) | #2938 | FIPS Approved: RSA and SHS; Other: MD5 |