Certificate 2356 - Kernel Mode Cryptographic Primitives Library (cng.sys) in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series
intCertNum 2356
strVendorName Microsoft Corporation
strURL http://www.microsoft.com
strAddress1 One Microsoft Way
strAddress2
strAddress3
strCity Redmond
strStateProv WA
strPostalCode 98052-6399
strCountry 98052-6399
strContact Tim Myers
strEmail FIPS@microsoft.com
strPhone 800-642-7676
strFax
strContact2
strEmail2
strFax2
strPhone2
intCertNum 2356
strModuleName Kernel Mode Cryptographic Primitives Library (cng.sys) in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series
strPartNumber Software Versions: 6.3.9600 and 6.3.9600.17042
memModuleNotes When operated in FIPS mode with modules Boot Manager in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series validated to FIPS 140-2 under Cert. #2351 operating in FIPS mode, and BitLocker(R) Windows OS Loader (winload) in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series validated to FIPS 140-2 under Cert. #2352 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy
str140Version 140-2
_sp_ Security Policy   [pdf][html][txt]
_cert_ Certificate   [pdf]
strPURL
strModuleType Software
strValidationDate 05/19/2015;05/29/2015
intOverallLevel 1
memIndividualLevelNotes -Physical Security: N/A ;-Design Assurance: Level 2;;;-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 8.1 Enterprise (x86) running on a Dell PowerEdge SC440 without PAA; Microsoft Windows 8.1 Enterprise (x86) running on a Dell Dimension E521 without PAA; Microsoft Windows 8.1 Enterprise (x86) running on an Intel Maho Bay with PAA; Microsoft Windows 8.1 Enterprise (x86) running on an HP Compaq Pro 6305 with PAA; Microsoft Windows 8.1 Enterprise (x64) running on a Dell PowerEdge SC440 without PAA; Microsoft Windows 8.1 Enterprise (x64) running on a Dell Dimension E521 without PAA ; Microsoft Windows 8.1 Enterprise (x64) running on an Intel Maho Bay with PAA; Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA; Microsoft Windows 8.1 Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3; Microsoft Windows 8.1 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA and with PCLMULQDQ and SSSE 3; Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3; Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell PowerEdge SC440 without PAA; Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell Dimension E521 without PAA; Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an Intel Maho Bay with PAA; Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an HP Compaq Pro 6305 with PAA; Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell PowerEdge SC440 without PAA; Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Dimension E521 without PAA; Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA; Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA; Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3; Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3; Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3; Microsoft Windows Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA; Microsoft Windows Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA; Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA; Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA; Microsoft Windows Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3; Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3; Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3; Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA; Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA; Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA; Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA; Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3; Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3; Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3; Microsoft Windows 8.1 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Pro; Microsoft Windows 8.1 Pro (x64) running on an Intel i5 with PAA running on a Microsoft Surface Pro 2; Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet; Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Microsoft Surface RT; Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Microsoft Surface 2; Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Qualcomm Tablet; Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon S4 running on a Windows Phone 8.1; Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon 400 running on a Windows Phone 8.1; Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon 800 running on a Windows Phone 8.1; Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 without PAA; Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 with PAA; Microsoft Windows 8.1 Pro (x64) running on an Intel Core i7 with PAA and PCLMULQDQ and SSSE 3 running on a Microsoft Surface Pro 3 (single-user mode)
strFIPSAlgorithms AES (Cert. #2832);
CVL (Cert. #323);
DRBG (Certs. #489 and #523);
ECDSA (Cert. #505);
HMAC (Cert. #1773);
KAS (Cert. #47);
KBKDF (Cert. #30);
PBKDF (vendor affirmed);
RSA (Certs. #1487, #1493 and #1519);
SHS (Cert. #2373);
Triple-DES (Cert. #1692)
strOtherAlgorithms AES (Cert. #2832, key wrapping;
key establishment methodology provides between 128 and 256 bits of encryption strength);
AES-GCM encryption (non-compliant);
DES;
HMAC MD5;
Legacy CAPI KDF;
MD2;
MD4;
MD5;
NDRNG;
RC2;
RC4;
RSA (encrypt/decrypt)
strConfiguration Multi-chip standalone
memModuleDescription Kernel Mode Cryptographic Primitives Library (cng.sys) runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request IRP (I/O request packet).
intModuleCount 1
memAdditionalNotes 05/29/15: Added OE Microsoft Windows 8.1 Pro (x64) running on an Intel Core i7 with AES-NI and PCLMULQDQ and SSSE 3 running on a Microsoft Surface Pro 3 and updated the security policy.
strFirstValidtionDate 05/19/15 00:00:00
strLabName Leidos
strValidationYear 2015