FIPS 140 validated modules in Windows Server semi-annual releases

The following tables list the completed FIPS 140 validations of cryptographic modules used in Windows Server semi-annual releases, organized by major release of the operating system. The linked Security Policy document for each module provides details on the module capabilities and the policies the operator must follow to use the module in its FIPS approved mode of operation. For information on using the overall operating system in its FIPS approved mode, see Use Windows in a FIPS approved mode of operation. For details on the FIPS approved algorithms used by each module, including CAVP algorithm certificates, see the module's linked Security Policy document or CMVP module certificate.

Windows Server, version 20H2

Build: 10.0.19042. Validated Editions: Standard Core, Datacenter Core

Cryptographic Module (linked to Security Policy document) CMVP Certificate # Validated Algorithms
Cryptographic Primitives Library #4825 FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, ENT (P), HMAC, KAS, KAS-SSC, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES
Kernel Mode Cryptographic Primitives Library #4766 FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, ENT (P), HMAC, KAS, KAS-SSC, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES

Windows Server, version 2004

Build: 10.0.19041. Validated Editions: Standard Core, Datacenter Core

Cryptographic Module (linked to Security Policy document) CMVP Certificate # Validated Algorithms
BitLocker Dump Filter #4538 FIPS Approved: AES, RSA, and SHS
Boot Manager #3923 FIPS Approved: AES, CKG, HMAC, PBKDF, RSA, and SHS
Code Integrity #4511 FIPS Approved: AES, RSA, and SHS
Cryptographic Primitives Library #4536 FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: NDRNG
Kernel Mode Cryptographic Primitives Library #4515 FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: NDRNG
Secure Kernel Code Integrity #4512 FIPS Approved: AES, RSA, and SHS
Virtual TPM #4537 FIPS Approved: AES, CKG, CVL, DRBG, ECDSA, HMAC, KAS, KBKDF, KTS, RSA, and SHS; Other Allowed: NDRNG
Windows OS Loader #4339 FIPS Approved: AES, CKG, DRBG, RSA, and SHS; Other Allowed: NDRNG

Windows Server, version 1909

Build: 10.0.18363. Validated Editions: Standard Core, Datacenter Core

Cryptographic Module (linked to Security Policy document) CMVP Certificate # Validated Algorithms
BitLocker Dump Filter #4538 FIPS Approved: AES, RSA, and SHS
Boot Manager #3923 FIPS Approved: AES, CKG, HMAC, PBKDF, RSA, and SHS
Code Integrity #4511 FIPS Approved: AES, RSA, and SHS
Cryptographic Primitives Library #4536 FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: NDRNG
Kernel Mode Cryptographic Primitives Library #4515 FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: NDRNG
Secure Kernel Code Integrity #4512 FIPS Approved: AES, RSA, and SHS
Virtual TPM #4537 FIPS Approved: AES, CKG, CVL, DRBG, ECDSA, HMAC, KAS, KBKDF, KTS, RSA, and SHS; Other Allowed: NDRNG
Windows OS Loader #4339 FIPS Approved: AES, CKG, DRBG, RSA, and SHS; Other Allowed: NDRNG

Windows Server, version 1903

Build: 10.0.18362. Validated Editions: Standard Core, Datacenter Core

Cryptographic Module (linked to Security Policy document) CMVP Certificate # Validated Algorithms
BitLocker Dump Filter #4538 FIPS Approved: AES, RSA, and SHS
Boot Manager #3923 FIPS Approved: AES, CKG, HMAC, PBKDF, RSA, and SHS
Code Integrity #4511 FIPS Approved: AES, RSA, and SHS
Cryptographic Primitives Library #4536 FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: NDRNG
Kernel Mode Cryptographic Primitives Library #4515 FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: NDRNG
Secure Kernel Code Integrity #4512 FIPS Approved: AES, RSA, and SHS
Virtual TPM #4537 FIPS Approved: AES, CKG, CVL, DRBG, ECDSA, HMAC, KAS, KBKDF, KTS, RSA, and SHS; Other Allowed: NDRNG
Windows OS Loader #4339 FIPS Approved: AES, CKG, DRBG, RSA, and SHS; Other Allowed: NDRNG

Windows Server, version 1809

Build: 10.0.17763. Validated Editions: Standard Core, Datacenter Core

Cryptographic Module (linked to Security Policy document) CMVP Certificate # Validated Algorithms
BitLocker Dump Filter #3092 FIPS Approved: AES, RSA, and SHS
Boot Manager #3089 FIPS Approved: AES, CKG, HMAC, PBKDF, RSA, and SHS
Code Integrity #3644 FIPS Approved: RSA and SHS
Cryptographic Primitives Library #3197 FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: HMAC-MD5, MD5, and NDRNG
Kernel Mode Cryptographic Primitives Library #3196 FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: HMAC-MD5, MD5, and NDRNG
Secure Kernel Code Integrity #3651 FIPS Approved: RSA and SHS
Virtual TPM #3690 FIPS Approved: AES, CKG, CVL, DRBG, ECDSA, HMAC, KAS, KBKDF, KTS, RSA, and SHS; Other Allowed: NDRNG
Windows OS Loader #3615 FIPS Approved: AES, CKG, DRBG, RSA, and SHS; Other Allowed: NDRNG

Windows Server, version 1803

Build: 10.0.17134. Validated Editions: Standard Core, Datacenter Core

Cryptographic Module (linked to Security Policy document) CMVP Certificate # Validated Algorithms
BitLocker Dump Filter #3092 FIPS Approved: AES, RSA, and SHS
Boot Manager #3089 FIPS Approved: AES, CKG, HMAC, PBKDF, RSA, and SHS
Code Integrity #3195 FIPS Approved: AES, RSA, and SHS
Cryptographic Primitives Library #3197 FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: HMAC-MD5, MD5, and NDRNG
Kernel Mode Cryptographic Primitives Library #3196 FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: HMAC-MD5, MD5, and NDRNG
Secure Kernel Code Integrity #3096 FIPS Approved: AES, RSA, and SHS
Windows OS Loader #3480 FIPS Approved: AES, CKG, DRBG, RSA, and SHS; Other Allowed: NDRNG

Windows Server, version 1709

Build: 10.0.16299. Validated Editions: Standard Core, Datacenter Core

Cryptographic Module (linked to Security Policy document) CMVP Certificate # Validated Algorithms
BitLocker Dump Filter #3092 FIPS Approved: AES, RSA, and SHS
Boot Manager #3089 FIPS Approved: AES, CKG, HMAC, PBKDF, RSA, and SHS
Code Integrity #3195 FIPS Approved: AES, RSA, and SHS
Cryptographic Primitives Library #3197 FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: HMAC-MD5, MD5, and NDRNG
Kernel Mode Cryptographic Primitives Library #3196 FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES; Other Allowed: HMAC-MD5, MD5, and NDRNG
Secure Kernel Code Integrity #3096 FIPS Approved: AES, RSA, and SHS
Windows OS Loader #3194 FIPS Approved: AES, RSA, and SHS; Other Allowed: NDRNG