FIPS 140 validated modules in previous Windows Server versions
The following tables list the completed FIPS 140 validations of cryptographic modules used in versions of Windows Server prior to Windows Server 2016, organized by major release of the operating system. The linked Security Policy document for each module provides details on the module capabilities and the policies the operator must follow to use the module in its FIPS approved mode of operation. For information on using the overall operating system in its FIPS approved mode, see Use Windows in a FIPS approved mode of operation. For details on the FIPS approved algorithms used by each module, including CAVP algorithm certificates, see the module's linked Security Policy document or CMVP module certificate.
Windows Server 2012 R2
Validated Editions: Server, Storage Server, StorSimple 8000 Series, Azure StorSimple Virtual Array Windows Server 2012 R2
| Cryptographic Module | Version (link to Security Policy) | CMVP Certificate # |
|---|---|---|
| BitLocker Dump Filter (dumpfve.sys) Doesn't apply to Azure StorSimple Virtual Array Windows Server 2012 R2 |
6.3.9600 6.3.9600.17031 | 2354 |
| BitLocker Windows OS Loader (winload) | 6.3.9600 6.3.9600.17031 | 2352 |
| BitLocker Windows Resume (winresume) Doesn't apply to Azure StorSimple Virtual Array Windows Server 2012 R2 |
6.3.9600 6.3.9600.17031 | 2353 |
| Boot Manager | 6.3.9600 6.3.9600.17031 | 2351 |
| Code Integrity (ci.dll) | 6.3.9600 6.3.9600.17031 | 2355 |
| Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) | 6.3.9600 6.3.9600.17031 | 2357 |
| Kernel Mode Cryptographic Primitives Library (cng.sys) | 6.3.9600 6.3.9600.17042 | 2356 |
Windows Server 2012
Validated Editions: Server, Storage Server
| Cryptographic Module | Version (link to Security Policy) | CMVP Certificate # |
|---|---|---|
| BitLocker Dump Filter (DUMPFVE.SYS) | 6.2.9200 | 1899 |
| BitLocker Windows OS Loader (WINLOAD) | 6.2.9200 | 1896 |
| BitLocker Windows Resume (WINRESUME) | 6.2.9200 | 1898 |
| Boot Manager | 6.2.9200 | 1895 |
| Code Integrity (CI.DLL) | 6.2.9200 | 1897 |
| Enhanced Cryptographic Provider (RSAENH.DLL) | 6.2.9200 | 1894 |
| Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL) | 6.2.9200 | 1893 |
| Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL) | 6.2.9200 | [1892] |
| Kernel Mode Cryptographic Primitives Library (cng.sys) | 6.2.9200 | 1891 |
Windows Server 2008 R2
| Cryptographic Module | Version (link to Security Policy) | CMVP Certificate # |
|---|---|---|
| BitLocker Drive Encryption | 6.1.7600.16385, 6.1.7600.16429, 6.1.7600.16757, 6.1.7600.20536, 6.1.7600.20873, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21634, 6.1.7601.21655 or 6.1.7601.21675 | 1339 |
| Boot Manager (bootmgr) | 6.1.7600.16385 or 6.1.7601.17514 | 1321 |
| Cryptographic Primitives Library (bcryptprimitives.dll) | 66.1.7600.16385 or 6.1.7601.17514 | 1336 |
| Enhanced Cryptographic Provider (RSAENH) | 6.1.7600.16385 | 1337 |
| Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) | 6.1.7600.16385 | 1338 |
| Kernel Mode Cryptographic Primitives Library (cng.sys) | 6.1.7600.16385, 6.1.7600.16915, 6.1.7600.21092, 6.1.7601.17514, 6.1.7601.17919, 6.1.7601.17725, 6.1.7601.21861 and 6.1.7601.22076 | 1335 |
| Winload OS Loader (winload.exe) | 6.1.7600.16385, 6.1.7600.16757, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21655 and 6.1.7601.21675 | 1333 |
Windows Server 2008
| Cryptographic Module | Version (link to Security Policy) | CMVP Certificate # |
|---|---|---|
| Boot Manager (bootmgr) | 6.0.6001.18000, 6.0.6002.18005 and 6.0.6002.22497 | 1004 |
| Code Integrity (ci.dll) | 6.0.6001.18000 and 6.0.6002.18005 | 1006 |
| Cryptographic Primitives Library (bcrypt.dll) | 6.0.6001.22202, 6.0.6002.18005 and 6.0.6002.22872 | 1008 |
| Enhanced Cryptographic Provider (RSAENH) | 6.0.6001.22202 and 6.0.6002.18005 | 1010 |
| Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) | 6.0.6001.18000 and 6.0.6002.18005 | 1009 |
| Kernel Mode Security Support Provider Interface (ksecdd.sys) | 6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742 and 6.0.6002.22869 | 1007 |
| Winload OS Loader (winload.exe) | 6.0.6001.18000, 6.0.6001.18606, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411, 6.0.6002.22497 and 6.0.6002.22596 | 1005 |
Windows Server 2003 SP2
| Cryptographic Module | Version (link to Security Policy) | CMVP Certificate # |
|---|---|---|
| Enhanced Cryptographic Provider (RSAENH) | 5.2.3790.3959 | 868 |
| Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) | 5.2.3790.3959 | 875 |
| Kernel Mode Cryptographic Module (FIPS.SYS) | 5.2.3790.3959 | 869 |
Windows Server 2003 SP1
| Cryptographic Module | Version (link to Security Policy) | CMVP Certificate # |
|---|---|---|
| Enhanced Cryptographic Provider (RSAENH) | 5.2.3790.1830 [Service Pack 1]) | 382 |
| Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) | 5.2.3790.1830 [Service Pack 1] | 381 |
| Kernel Mode Cryptographic Module (FIPS.SYS) | 5.2.3790.1830 [SP1] | 405 |
Windows Server 2003
| Cryptographic Module | Version (link to Security Policy) | CMVP Certificate # |
|---|---|---|
| Enhanced Cryptographic Provider (RSAENH) | 5.2.3790.0 | 382 |
| Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) | 5.2.3790.0 | 381 |
| Kernel Mode Cryptographic Module (FIPS.SYS) | 5.2.3790.0 | 405 |
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for