Certificate 1891 - Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, Microsoft Windows Phone 8, and Microsoft Windows Storage Server 2012 Kernel Mode Cryptographic Primitives Library (CNG.SYS)

intCertNum 1891 strVendorName Microsoft Corporation strURL http://www.microsoft.com strAddress1 One Microsoft Way strAddress2 strAddress3 strCity Redmond strStateProv WA strPostalCode 98052-6399 strCountry 98052-6399 strContact Tim Myers strEmail FIPS@microsoft.com strPhone 800-MICROSOFT strFax strContact2 strEmail2 strFax2 strPhone2 intCertNum 1891 strModuleName Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, Microsoft Windows Phone 8, and Microsoft Windows Storage Server 2012 Kernel Mode Cryptographic Primitives Library (CNG.SYS) strPartNumber Software Version: 6.2.9200 memModuleNotes When operated in FIPS mode with modules Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Boot Manager validated to FIPS 140-2 under Cert. #1895 operating in FIPS mode, and Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 BitLocker Windows OS Loader (WINLOAD) validated to FIPS 140-2 under Cert. #1896 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. str140Version 140-2 _sp_ Security Policy   [pdf][html][txt] _cert_ Certificate   [pdf] strPURL strModuleType Software strValidationDate 09/06/2013;01/09/2015 intOverallLevel 1 memIndividualLevelNotes -Design Assurance: Level 2;;;-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521; Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without PAA; Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop; Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without PAA; Microsoft Windows Server 2012 (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop; Microsoft Windows RT (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet; Microsoft Windows RT (ARMv7 Thumb-2) running on a Qualcomm Tablet; Microsoft Windows RT (ARMv7 Thumb-2) running on a Microsoft Surface Windows RT; Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Windows 8 Pro; Microsoft Windows Phone 8 (ARMv7 Thumb-2) running on a Windows Phone 8; Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay with PAA; Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay without PAA (single-user mode) strFIPSAlgorithms AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RNG (Cert. #1110); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387) strOtherAlgorithms AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt) strConfiguration Multi-chip standalone memModuleDescription Kernel Mode Cryptographic Primitives Library (CNG.SYS) runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request IRP (I/O request packet). This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter. intModuleCount 6 memAdditionalNotes 01/09/15: Updated module name, added OE Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay with AES-NI; Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay without AES-NI and updated the security policy. strFirstValidtionDate 09/06/13 00:00:00 strLabName Leidos strValidationYear 2013