</SyncML>|
## File format
@@ -103,7 +81,8 @@ This information is used to by the client device to properly manage the DM sessi
The following example shows the header component of a DM message. In this case, OMA DM version 1.2 is used as an example only.
-> **Note** The <LocURI> node value for the <Source> element in the SyncHdr of the device-generated DM package should be the same as the value of ./DevInfo/DevID. For more information about DevID, see [DevInfo configuration service provider](devinfo-csp.md).
+> [!NOTE]
+> The `| Location Service | -SUPL | -V2 UPL | -
|---|---|---|
Connection type |
-All connections other than CDMA |
-CDMA |
-
Configuration |
-
|
-
|
-
| Value | -Description | -
|---|---|
0 |
-None: The device uses the default positioning method. In this default mode, the GNSS obtains assistance (time injection, coarse position injection and ephemeris data) from the Microsoft Positioning Service. |
-
1 |
-Mobile Station Assisted: The device contacts the H-SLP server to obtain a position. The H-SLP does the calculation of the position and returns it to the device. |
-
2 |
-Mobile Station Based: The device obtains location-aiding data (almanac, ephemeris data, time and coarse initial position of the device) from the H-SLP server, and the device uses this information to help GPS obtain a fix. All position calculations are done in the device. |
-
3 |
-Mobile Station Standalone: The device obtains assistance as required from the Microsoft location services. |
-
4 |
-OTDOA |
-
5 |
-AFLT |
-
| Location toggle setting | -LocMasterSwitchDependencyNII setting | -NI request processing allowed | -
|---|---|---|
On |
-0 |
-Yes |
-
On |
-1 |
-Yes |
-
Off |
-0 |
-Yes |
-
Off |
-1 |
-No (unless privacyOverride is set) |
-
| Value | -Description | -
|---|---|
0 |
-None: The device uses the default positioning method. In this default mode, the GNSS obtains assistance (time injection, coarse position injection, and ephemeris data) from the Microsoft Positioning Service. |
-
1 |
-Mobile Station Assisted: The device contacts the H-SLP server to obtain a position. The H-SLP does the calculation of the position and returns it to the device. |
-
2 |
-Mobile Station Based: The device obtains location-aiding data (almanac, ephemeris data, time and coarse initial position of the device) from the H-SLP server, and the device uses this information to help GPS obtain a fix. All position calculations are done in the device. |
-
3 |
-Mobile Station Standalone: The device obtains assistance as required from the Microsoft location services. |
-
4 |
-AFLT |
-
| Location toggle setting | -LocMasterSwitchDependencyNII setting | -NI request processing allowed | -
|---|---|---|
On |
-0 |
-Yes |
-
On |
-1 |
-Yes |
-
Off |
-0 |
-Yes |
-
Off |
-1 |
-No (unless privacyOverride is set) |
-
| Elements | -Available | -
|---|---|
parm-query |
-Yes |
-
characteristic-query |
-Yes -Recursive query: No -Top level query: No |
-
Recursive query: No
Top level query: No| ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) \ No newline at end of file +[Configuration service provider reference](configuration-service-provider-reference.md) diff --git a/windows/client-management/mdm/surfacehub-csp.md b/windows/client-management/mdm/surfacehub-csp.md index 5a27e76916..059e52a062 100644 --- a/windows/client-management/mdm/surfacehub-csp.md +++ b/windows/client-management/mdm/surfacehub-csp.md @@ -206,63 +206,22 @@ SurfaceHub
The data type is boolean. Supported operation is Get and Replace. **DeviceAccount/ErrorContext** -
If there is an error calling ValidateAndCommit, there is additional context for that error in this node. Here are the possible error values: -
| ErrorContext value | -Stage where error occurred | -Description and suggestions | -
|---|---|---|
1 |
-Unknown |
-- |
2 |
-Populating account |
-Unable to retrieve account details using the username and password you provided. -
|
-
3 |
-Populating Exchange server address |
-Unable to auto-discover your Exchange server address. Try to manually specify the Exchange server address using the ExchangeServer field. |
-
4 |
-Validating Exchange server address |
-Unable to validate the Exchange server address. Ensure that the ExchangeServer field is valid. |
-
5 |
-Saving account information |
-Unable to save account details to the system. |
-
6 |
-Validating EAS policies |
-The device account uses an unsupported EAS policy. Make sure the EAS policy is configured correctly according to the admin guide. |
-
The data type is integer. Supported operation is Get.
+If there is an error calling ValidateAndCommit, there is additional context for that error in this node. Here are the possible error values:
+
+| ErrorContext value | Stage where error occurred | Description and suggestions |
+| --- | --- | --- |
+| 1 | Unknown | |
+| 2 | Populating account | Unable to retrieve account details using the username and password you provided.
-For Azure AD accounts, ensure that UserPrincipalName and Password are valid.
-For AD accounts, ensure that DomainName, UserName, and Password are valid.
-Ensure that the specified account has an Exchange server mailbox. |
+| 3 | Populating Exchange server address | Unable to auto-discover your Exchange server address. Try to manually specify the Exchange server address using the ExchangeServer field. |
+| 4 | Validating Exchange server address | Unable to validate the Exchange server address. Ensure that the ExchangeServer field is valid. |
+| 5 | Saving account information | Unable to save account details to the system. |
+| 6 | Validating EAS policies | The device account uses an unsupported EAS policy. Make sure the EAS policy is configured correctly according to the admin guide. |
+
+The data type is integer. Supported operation is Get.
**MaintenanceHoursSimple/Hours**
+
Node for maintenance schedule. **MaintenanceHoursSimple/Hours/StartTime** @@ -343,26 +302,11 @@ SurfaceHub **InBoxApps/WirelessProjection/Channel**
Wireless channel to use for Miracast operation. The supported channels are defined by the Wi-Fi Alliance Wi-Fi Direct specification. -
Works with all Miracast senders in all regions |
-1, 3, 4, 5, 6, 7, 8, 9, 10, 11 |
-
Works with all 5ghz band Miracast senders in all regions |
-36, 40, 44, 48 |
-
Works with all 5ghz band Miracast senders in all regions except Japan |
-149, 153, 157, 161, 165 |
-
The default value is 255. Outside of regulatory concerns, if the channel is configured incorrectly the driver will either not boot, or will broadcast on the wrong channel (which senders won't be looking for). @@ -397,50 +341,19 @@ SurfaceHub
The following table shows the permitted values. -
| Value | -Description | -
|---|---|
| 0 | -Never time out |
| 1 | -1 minute | -
| 2 | -2 minutes |
| 3 | -3 minutes |
| 5 | -5 minutes (default) |
| 10 | -10 minutes |
| 15 | -15 minutes |
| 30 | -30 minutes |
| 60 | -1 hour |
| 120 | -2 hours |
| 240 | -4 hours |
The data type is integer. Supported operation is Get and Replace. @@ -449,50 +362,19 @@ SurfaceHub
The following table shows the permitted values. -
| Value | -Description | -
|---|---|
| 0 | -Never time out |
| 1 | -1 minute (default) | -
| 2 | -2 minutes |
| 3 | -3 minutes |
| 5 | -5 minutes |
| 10 | -10 minutes |
| 15 | -15 minutes |
| 30 | -30 minutes |
| 60 | -1 hour |
| 120 | -2 hours |
| 240 | -4 hours |
The data type is integer. Supported operation is Get and Replace. @@ -501,50 +383,19 @@ SurfaceHub
The following table shows the permitted values. -
| Value | -Description | -
|---|---|
| 0 | -Never time out |
| 1 | -1 minute | -
| 2 | -2 minutes |
| 3 | -3 minutes |
| 5 | -5 minutes (default) |
| 10 | -10 minutes |
| 15 | -15 minutes |
| 30 | -30 minutes |
| 60 | -1 hour |
| 120 | -2 hours |
| 240 | -4 hours |
The data type is integer. Supported operation is Get and Replace. diff --git a/windows/client-management/mdm/wmi-providers-supported-in-windows.md b/windows/client-management/mdm/wmi-providers-supported-in-windows.md index bc19985a6a..c968865ad0 100644 --- a/windows/client-management/mdm/wmi-providers-supported-in-windows.md +++ b/windows/client-management/mdm/wmi-providers-supported-in-windows.md @@ -19,9 +19,8 @@ ms.date: 06/26/2017 Windows Management Infrastructure (WMI) providers (and the classes they support) are used to manage settings and applications on devices that subscribe to the Mobile Device Management (MDM) service. The following subsections show the list WMI MDM classes that are supported in Windows 10. -> **Note** Applications installed using WMI classes are not removed when the MDM account is removed from device. - - +> [!NOTE] +> Applications installed using WMI classes are not removed when the MDM account is removed from device. The child node names of the result from a WMI query are separated by a forward slash (/) and not URI escaped. Here is an example query. @@ -51,163 +50,46 @@ Result ## MDM Bridge WMI classes - For links to these classes, see [**MDM Bridge WMI Provider**](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal). ## MDM WMI classes -
| Class | -Test completed in Windows 10 for desktop | -
|---|---|
| MDM_AppInstallJob | -Currently testing. |
-
| MDM_Application | -Currently testing. |
-
| MDM_ApplicationFramework | -Currently testing. |
-
| MDM_ApplicationSetting | -Currently testing. |
-
| MDM_BrowserSecurityZones | -Yes | -
| MDM_BrowserSettings | -Yes | -
| MDM_Certificate | -Yes | -
| MDM_CertificateEnrollment | -Yes | -
| MDM_Client | -Currently testing. |
-
| MDM_ConfigSetting | -Yes | -
| MDM_DeviceRegistrationInfo | -- |
| MDM_EASPolicy | -Yes | -
| MDM_MgMtAuthority | -Yes | -
| MDM_MsiApplication | -- |
| MDM_MsiInstallJob | -- |
| MDM_RemoteApplication | -Test not started. |
-
| MDM_RemoteAppUseCookie | -Test not started. |
-
| MDM_Restrictions | -Yes | -
| MDM_RestrictionsUser | -Test not started. |
-
| MDM_SecurityStatus | -Yes | -
| MDM_SideLoader | -- |
| MDM_SecurityStatusUser | -Currently testing. |
-
| MDM_Updates | -Yes | -
| MDM_VpnApplicationTrigger | -Yes | -
| MDM_VpnConnection | -- |
| MDM_WebApplication | -Currently testing. |
-
| MDM_WirelessProfile | -Yes | -
| MDM_WirelesssProfileXML | -Yes | -
| MDM_WNSChannel | -Yes | -
| MDM_WNSConfiguration | -Yes | -
| MSFT_NetFirewallProfile | -Yes | -
| MSFT_VpnConnection | -Yes | -
| SoftwareLicensingProduct | -- |
| SoftwareLicensingService | -- |
| Policy | -Notes | -
|---|---|
| Clear history of recently opened documents on exit | -Documents that the user opens are tracked during the session. When the user signs off, the history of opened documents is deleted. | -
| Do not allow pinning items in Jump Lists | -Jump Lists are lists of recently opened items, such as files, folders, or websites, organized by the program that you use to open them. This policy prevents users from pinning items to any Jump List. | -
| Do not display or track items in Jump Lists from remote locations | -When this policy is applied, only items local on the computer are shown in Jump Lists. | -
| Do not keep history of recently opened documents | -Documents that the user opens are not tracked during the session. | -
| Prevent changes to Taskbar and Start Menu Settings | -In Windows 10, this disables all of the settings in Settings > Personalization > Start as well as the options in dialog available via right-click Taskbar > Properties | -
| Prevent users from customizing their Start Screen | -Use this policy in conjunction with a customized Start layout to prevent users from changing it |
-
| Prevent users from uninstalling applications from Start | -In Windows 10, this removes the uninstall button in the context menu. It does not prevent users from uninstalling the app through other entry points (e.g. PowerShell) | -
| Remove All Programs list from the Start menu | -In Windows 10, this removes the All apps button. | -
| Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands | -This removes the Shut Down, Restart, Sleep, and Hibernate commands from the Start Menu, Start Menu power button, CTRL+ALT+DEL screen, and Alt+F4 Shut Down Windows menu. | -
| Remove common program groups from Start Menu | -As in earlier versions of Windows, this removes apps specified in the All Users profile from Start | -
| Remove frequent programs list from the Start Menu | -In Windows 10, this removes the top left Most used group of apps. | -
| Remove Logoff on the Start Menu | -Logoff has been changed to Sign Out in the user interface, however the functionality is the same. | -
| Remove pinned programs list from the Start Menu | -In Windows 10, this removes the bottom left group of apps (by default, only File Explorer and Settings are pinned). | -
| Show "Run as different user" command on Start | -This enables the Run as different user option in the right-click menu for apps. | -
| Start Layout | -This applies a specific Start layout, and it also prevents users from changing the layout. This policy can be configured in User Configuration or Computer Configuration. -
-
- |
-
| Force Start to be either full screen size or menu size | -This applies a specific size for Start. | -
| XML | -
|---|
|
-
| Windows Embedded 8.1 Industry lockdown feature | -Windows 10 feature | -Changes | -
|---|---|---|
Hibernate Once/Resume Many (HORM): Quick boot to device |
-HORM | -HORM is supported in Windows 10, version 1607 and later. |
-
Unified Write Filter: protect a device's physical storage media |
-Unified Write Filter | -The Unified Write Filter is continued in Windows 10. |
-
Keyboard Filter: block hotkeys and other key combinations |
-Keyboard Filter | -Keyboard filter is added in Windows 10, version 1511. As in Windows Embedded Industry 8.1, Keyboard Filter is an optional component that can be turned on via Turn Windows Features On/Off. Keyboard Filter (in addition to the WMI configuration previously available) will be configurable through Windows Imaging and Configuration Designer (ICD) in the SMISettings path. |
-
Shell Launcher: launch a Windows desktop application on sign-on |
-Shell Launcher | -Shell Launcher continues in Windows 10. It is now configurable in Windows ICD under the SMISettings category. -Learn how to use Shell Launcher to create a kiosk device that runs a Windows desktop application. |
-
Application Launcher: launch a Universal Windows Platform (UWP) app on sign-on |
-Assigned Access | -The Windows 8 Application Launcher has been consolidated into Assigned Access. Application Launcher enabled launching a Windows 8 app and holding focus on that app. Assigned Access offers a more robust solution for ensuring that apps retain focus. |
-
Dialog Filter: suppress system dialogs and control which processes can run |
-AppLocker | -Dialog Filter has been deprecated for Windows 10. Dialog Filter provided two capabilities; the ability to control which processes were able to run, and the ability to prevent dialogs (in practice, system dialogs) from appearing. -
|
-
Toast Notification Filter: suppress toast notifications |
-Mobile device management (MDM) and Group Policy | -Toast Notification Filter has been replaced by MDM and Group Policy settings for blocking the individual components of non-critical system toasts that may appear. For example, to prevent a toast from appearing when a USB drive is connected, ensure that USB connections have been blocked using the USB-related policies, and turn off notifications from apps. -Group Policy: User Configuration > Administrative Templates > Start Menu and Taskbar > Notifications -MDM policy name may vary depending on your MDM service. In Microsoft Intune, use Allow action center notifications and a custom OMA-URI setting for AboveLock/AllowActionCenterNotifications. |
-
Embedded Lockdown Manager: configure lockdown features |
-Windows Imaging and Configuration Designer (ICD) | -The Embedded Lockdown Manager has been deprecated for Windows 10 and replaced by the Windows ICD. Windows ICD is the consolidated tool for Windows imaging and provisioning scenarios and enables configuration of all Windows settings, including the lockdown features previously configurable through Embedded Lockdown Manager. |
-
USB Filter: restrict USB devices and peripherals on system |
-MDM and Group Policy | -The USB Filter driver has been replaced by MDM and Group Policy settings for blocking the connection of USB devices. -Group Policy: Computer Configuration > Administrative Templates > System > Device Installation > Device Installation Restrictions -MDM policy name may vary depending on your MDM service. In Microsoft Intune, use Removable storage. |
-
Assigned Access: launch a UWP app on sign-in and lock access to system |
-Assigned Access | -Assigned Access has undergone significant improvement for Windows 10. In Windows 8.1, Assigned Access blocked system hotkeys and edge gestures, and non-critical system notifications, but it also applied some of these limitations to other accounts on the device. -In Windows 10, Assigned Access no longer affects accounts other than the one being locked down. Assigned Access now restricts access to other apps or system components by locking the device when the selected user account logs in and launching the designated app above the lock screen, ensuring that no unintended functionality can be accessed. -Learn how to use Assigned Access to create a kiosk device that runs a Universal Windows app. |
-
Gesture Filter: block swipes from top, left, and right edges of screen |
-MDM and Group Policy | -In Windows 8.1, gestures provided the ability to close an app, to switch apps, and to reach the Charms. In Windows 10, Charms have been removed. In Windows 10, version 1607, you can block swipes using the Allow edge swipe policy. |
-
Custom Logon: suppress Windows UI elements during Windows sign-on, sign-off, and shutdown |
-Embedded Logon | -No changes. Applies only to Windows 10 Enterprise and Windows 10 Education. |
-
Unbranded Boot: custom brand a device by removing or replacing Windows boot UI elements |
-Unbranded Boot | -No changes. Applies only to Windows 10 Enterprise and Windows 10 Education. |
-
Learn [how to use Shell Launcher to create a kiosk device](/windows/configuration/kiosk-single-app) that runs a Windows desktop application.| +|[Application Launcher](/previous-versions/windows/embedded/dn449251(v=winembedded.82)): launch a Universal Windows Platform (UWP) app on sign-on|[Assigned Access](/windows/client-management/mdm/assignedaccess-csp)|The Windows 8 Application Launcher has been consolidated into Assigned Access. Application Launcher enabled launching a Windows 8 app and holding focus on that app. Assigned Access offers a more robust solution for ensuring that apps retain focus.| +|[Dialog Filter](/previous-versions/windows/embedded/dn449395(v=winembedded.82)): suppress system dialogs and control which processes can run|[AppLocker](/windows/device-security/applocker/applocker-overview)|Dialog Filter has been deprecated for Windows 10. Dialog Filter provided two capabilities; the ability to control which processes were able to run, and the ability to prevent dialogs (in practice, system dialogs) from appearing.
Group Policy: **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **Notifications**
MDM policy name may vary depending on your MDM service. In Microsoft Intune, use **Allow action center notifications** and a [custom OMA-URI setting](https://go.microsoft.com/fwlink/p/?LinkID=616317) for **AboveLock/AllowActionCenterNotifications**.| +|[Embedded Lockdown Manager](/previous-versions/windows/embedded/dn449279(v=winembedded.82)): configure lockdown features|[Windows Imaging and Configuration Designer (ICD)](/windows/configuration/provisioning-packages/provisioning-install-icd)|The Embedded Lockdown Manager has been deprecated for Windows 10 and replaced by the Windows ICD. Windows ICD is the consolidated tool for Windows imaging and provisioning scenarios and enables configuration of all Windows settings, including the lockdown features previously configurable through Embedded Lockdown Manager.| +|[USB Filter](/previous-versions/windows/embedded/dn449350(v=winembedded.82)): restrict USB devices and peripherals on system|MDM and Group Policy|The USB Filter driver has been replaced by MDM and Group Policy settings for blocking the connection of USB devices.
Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **Device Installation** > **Device Installation Restrictions**
MDM policy name may vary depending on your MDM service. In Microsoft Intune, use **Removable storage**.| +|[Assigned Access](/previous-versions/windows/embedded/dn449303(v=winembedded.82)): launch a UWP app on sign-in and lock access to system|[Assigned Access](/windows/client-management/mdm/assignedaccess-csp)|Assigned Access has undergone significant improvement for Windows 10. In Windows 8.1, Assigned Access blocked system hotkeys and edge gestures, and non-critical system notifications, but it also applied some of these limitations to other accounts on the device.
In Windows 10, Assigned Access no longer affects accounts other than the one being locked down. Assigned Access now restricts access to other apps or system components by locking the device when the selected user account logs in and launching the designated app above the lock screen, ensuring that no unintended functionality can be accessed.
Learn [how to use Assigned Access to create a kiosk device](/windows/configuration/kiosk-single-app) that runs a Universal Windows app.| +|[Gesture Filter](/previous-versions/windows/embedded/dn449374(v=winembedded.82)): block swipes from top, left, and right edges of screen|MDM and Group Policy|In Windows 8.1, gestures provided the ability to close an app, to switch apps, and to reach the Charms. In Windows 10, Charms have been removed. In Windows 10, version 1607, you can block swipes using the [Allow edge swipe](/windows/client-management/mdm/policy-configuration-service-provider#LockDown_AllowEdgeSwipe) policy.| +|[Custom Logon](/previous-versions/windows/embedded/dn449309(v=winembedded.82)): suppress Windows UI elements during Windows sign-on, sign-off, and shutdown|[Embedded Logon](/windows-hardware/customize/desktop/unattend/microsoft-windows-embedded-embeddedlogon)|No changes. Applies only to Windows 10 Enterprise and Windows 10 Education.| +|[Unbranded Boot](/previous-versions/windows/embedded/dn449249(v=winembedded.82)): custom brand a device by removing or replacing Windows boot UI elements|[Unbranded Boot](/windows-hardware/customize/enterprise/unbranded-boot)|No changes. Applies only to Windows 10 Enterprise and Windows 10 Education.| diff --git a/windows/configuration/ue-v/uev-application-template-schema-reference.md b/windows/configuration/ue-v/uev-application-template-schema-reference.md index 1ac2f752ac..e383e3f70a 100644 --- a/windows/configuration/ue-v/uev-application-template-schema-reference.md +++ b/windows/configuration/ue-v/uev-application-template-schema-reference.md @@ -108,52 +108,14 @@ Architecture enumerates two possible values: **Win32** and **Win64**. These valu **Process** The Process data type is a container used to describe processes to be monitored by UE-V. It contains six child elements: **Filename**, **Architecture**, **ProductName**, **FileDescription**, **ProductVersion**, and **FileVersion**. This table details each element’s respective data type: -
Element |
-Data Type |
-Mandatory |
-
Filename |
-FilenameString |
-True |
-
Architecture |
-Architecture |
-False |
-
ProductName |
-String |
-False |
-
FileDescription |
-String |
-False |
-
ProductVersion |
-ProcessVersion |
-False |
-
FileVersion |
-ProcessVersion |
-False |
-
Element |
-Description |
-
Asynchronous |
-Asynchronous settings packages are applied without blocking the application startup so that the application start proceeds while the settings are still being applied. This is useful for settings that can be applied asynchronously, such as those |
-
PreventOverlappingSynchronization |
-By default, UE-V only saves settings for an application when the last instance of an application using the template is closed. When this element is set to ‘false’, UE-V exports the settings even if other instances of an application are running. Suited templates – those that include a Common element section– that are shipped with UE-V use this flag to enable shared settings to always export on application close, while preventing application-specific settings from exporting until the last instance is closed. |
-
AlwaysApplySettings |
-This parameter forces an imported settings package to be applied even if there are no differences between the package and the current state of the application. This parameter should be used only in special cases since it can slow down settings import. |
-
Field/Type |
-Description |
-
Name |
-Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see Name. |
-
ID |
-Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime. For more information, see ID. |
-
Description |
-An optional description of the template. |
-
LocalizedNames |
-An optional name displayed in the UI, localized by a language locale. |
-
LocalizedDescriptions |
-An optional template description localized by a language locale. |
-
Version |
-Identifies the version of the settings location template for administrative tracking of changes. For more information, see Version. |
-
DeferToMSAccount |
-Controls whether this template is enabled in conjunction with a Microsoft account or not. If MSA syncing is enabled for a user on a machine, then this template will automatically be disabled. |
-
DeferToOffice365 |
-Similar to MSA, this controls whether this template is enabled in conjunction with Office365. If Office 365 is being used to sync settings, this template will automatically be disabled. |
-
FixedProfile |
-Specifies that this template can only be associated with the profile specified within this element, and cannot be changed via WMI or PowerShell. |
-
Processes |
-A container for a collection of one or more Process elements. For more information, see Processes. |
-
Settings |
-A container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings. For more information, see Settings in Data types. |
-
Field/Type |
-Description |
-
Name |
-Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see Name. |
-
ID |
-Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime. For more information, see ID. |
-
Description |
-An optional description of the template. |
-
LocalizedNames |
-An optional name displayed in the UI, localized by a language locale. |
-
LocalizedDescriptions |
-An optional template description localized by a language locale. |
-
Version |
-Identifies the version of the settings location template for administrative tracking of changes. For more information, see Version. |
-
DeferToMSAccount |
-Controls whether this template is enabled in conjunction with a Microsoft account or not. If MSA syncing is enabled for a user on a machine, then this template will automatically be disabled. |
-
DeferToOffice365 |
-Similar to MSA, this controls whether this template is enabled in conjunction with Office365. If Office 365 is being used to sync settings, this template will automatically be disabled. |
-
FixedProfile |
-Specifies that this template can only be associated with the profile specified within this element, and cannot be changed via WMI or PowerShell. |
-
Settings |
-A container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings. For more information, see Settings in Data types. |
-
Field/Type |
-Description |
-
Name |
-Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see Name. |
-
ID |
-Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime. For more information, see ID. |
-
Description |
-An optional description of the template. |
-
LocalizedNames |
-An optional name displayed in the UI, localized by a language locale. |
-
LocalizedDescriptions |
-An optional template description localized by a language locale. |
-
-These tasks must remain enabled, because UE-V cannot function without them. +> [!NOTE] +> These tasks must remain enabled, because UE-V cannot function without them. These scheduled tasks are not configurable with the UE-V tools. Administrators who want to change the scheduled task for these items can create a script that uses the Schtasks.exe command-line options. @@ -44,55 +44,21 @@ The following scheduled tasks are included in UE-V with sample scheduled task co The **Monitor Application Settings** task is used to synchronize settings for Windows apps. It is runs at logon but is delayed by 30 seconds to not affect the logon detrimentally. The Monitor Application Status task runs the UevAppMonitor.exe file, which is located in the UE-V Agent installation directory. -
| Task name | -Default event | -
|---|---|
\Microsoft\UE-V\Monitor Application Status |
-Logon |
-
| Task name | -Default event | -
|---|---|
\Microsoft\UE-V\Sync Controller Application |
-Logon, and every 30 minutes thereafter |
-
| Task name | -Default event | -
|---|---|
\Microsoft\UE-V\Synchronize Settings at Logoff |
-Logon |
-
| Task name | -Default event | -
|---|---|
\Microsoft\UE-V\Template Auto Update |
-System startup and at 3:30 AM every day, at a random time within a 1-hour window |
-
Task Name (file name) |
-Default Frequency |
-Power Toggle |
-Idle Only |
-Network Connection |
-Description |
-
Monitor Application Settings (UevAppMonitor.exe) |
-Starts 30 seconds after logon and continues until logoff. |
-No |
-Yes |
-N/A |
-Synchronizes settings for Windows (AppX) apps. |
-
Sync Controller Application (Microsoft.Uev.SyncController.exe) |
-At logon and every 30 min thereafter. |
-Yes |
-Yes |
-Only if Network is connected |
-Starts the Sync Controller which synchronizes local settings with the settings storage location. |
-
Synchronize Settings at Logoff (Microsoft.Uev.SyncController.exe) |
-Runs at logon and then waits for Logoff to Synchronize settings. |
-No |
-Yes |
-N/A |
-Start an application at logon that controls the synchronization of applications at logoff. |
-
Template Auto Update (ApplySettingsCatalog.exe) |
-Runs at initial logon and at 3:30 AM every day thereafter. |
-Yes |
-No |
-N/A |
-Checks the settings template catalog for new, updated, or removed templates. This task only runs if SettingsTemplateCatalog is configured. |
-
| Group Policy setting name | -Target | -Group Policy setting description | -Configuration options | -
|---|---|---|---|
Do not use the sync provider |
-Computers and Users |
-By using this Group Policy setting, you can configure whether UE-V uses the sync provider feature. This policy setting also lets you enable notification to appear when the import of user settings is delayed. |
-Enable this setting to configure the UE-V service not to use the sync provider. |
-
First Use Notification |
-Computers Only |
-This Group Policy setting enables a notification in the notification area that appears when the UE-V service runs for the first time. |
-The default is enabled. |
-
Synchronize Windows settings |
-Computers and Users |
-This Group Policy setting configures the synchronization of Windows settings. |
-Select which Windows settings synchronize between computers. -By default, Windows themes, desktop settings, and Ease of Access settings synchronize settings between computers of the same operating system version. |
-
Settings package size warning threshold |
-Computers and Users |
-This Group Policy setting lets you configure the UE-V service to report when a settings package file size reaches a defined threshold. |
-Specify the preferred threshold for settings package sizes in kilobytes (KB). -By default, the UE-V service does not have a package file size threshold. |
-
Settings storage path |
-Computers and Users |
-This Group Policy setting configures where the user settings are to be stored. |
-Enter a Universal Naming Convention (UNC) path and variables such as \Server\SettingsShare%username%. |
-
Settings template catalog path |
-Computers Only |
-This Group Policy setting configures where custom settings location templates are stored. This policy setting also configures whether the catalog is to be used to replace the default Microsoft templates that are installed with the UE-V service. |
-Enter a Universal Naming Convention (UNC) path such as \Server\TemplateShare or a folder location on the computer. -Select the check box to replace the default Microsoft templates. |
-
Sync settings over metered connections |
-Computers and Users |
-This Group Policy setting defines whether UE-V synchronizes settings over metered connections. |
-By default, the UE-V service does not synchronize settings over a metered connection. |
-
Sync settings over metered connections even when roaming |
-Computers and Users |
-This Group Policy setting defines whether UE-V synchronizes settings over metered connections outside of the home provider network, for example, when the data connection is in roaming mode. |
-By default, UE-V does not synchronize settings over a metered connection when it is in roaming mode. |
-
Synchronization timeout |
-Computers and Users |
-This Group Policy setting configures the number of milliseconds that the computer waits before a time-out when it retrieves user settings from the remote settings location. If the remote storage location is unavailable, and the user does not use the sync provider, the application start is delayed by this many milliseconds. |
-Specify the preferred synchronization time-out in milliseconds. The default value is 2000 milliseconds. |
-
Tray Icon |
-Computers Only |
-This Group Policy setting enables the User Experience Virtualization (UE-V) tray icon. |
-This setting only has an effect for UE-V 2.x and earlier. It has no effect for UE-V in Windows 10, version 1607. |
-
Use User Experience Virtualization (UE-V) |
-Computers and Users |
-This Group Policy setting lets you enable or disable User Experience Virtualization (UE-V). |
-This setting only has an effect for UE-V 2.x and earlier. For UE-V in Windows 10, version 1607, use the Enable UE-V setting. |
-
Enable UE-V |
-Computers and Users |
-This policy setting allows you to enable or disable User Experience Virtualization (UE-V) feature. Reboot is needed for enable to take effect. |
-This setting only has an effect for UE-V in Windows 10, version 1607. For UE-V 2.x and earlier, choose the Use User Experience Virtualization (UE-V) setting. |
-
By default, Windows themes, desktop settings, and Ease of Access settings synchronize settings between computers of the same operating system version.| +|Settings package size warning threshold|Computers and Users|This Group Policy setting lets you configure the UE-V service to report when a settings package file size reaches a defined threshold.|Specify the preferred threshold for settings package sizes in kilobytes (KB).
By default, the UE-V service does not have a package file size threshold.| +|Settings storage path|Computers and Users|This Group Policy setting configures where the user settings are to be stored.|Enter a Universal Naming Convention (UNC) path and variables such as \Server\SettingsShare%username%.| +|Settings template catalog path|Computers Only|This Group Policy setting configures where custom settings location templates are stored. This policy setting also configures whether the catalog is to be used to replace the default Microsoft templates that are installed with the UE-V service.|Enter a Universal Naming Convention (UNC) path such as \Server\TemplateShare or a folder location on the computer.
Select the check box to replace the default Microsoft templates.| +|Sync settings over metered connections|Computers and Users|This Group Policy setting defines whether UE-V synchronizes settings over metered connections.|By default, the UE-V service does not synchronize settings over a metered connection.| +|Sync settings over metered connections even when roaming|Computers and Users|This Group Policy setting defines whether UE-V synchronizes settings over metered connections outside of the home provider network, for example, when the data connection is in roaming mode.|By default, UE-V does not synchronize settings over a metered connection when it is in roaming mode.| +|Synchronization timeout|Computers and Users|This Group Policy setting configures the number of milliseconds that the computer waits before a time-out when it retrieves user settings from the remote settings location. If the remote storage location is unavailable, and the user does not use the sync provider, the application start is delayed by this many milliseconds.|Specify the preferred synchronization time-out in milliseconds. The default value is 2000 milliseconds.| +|Tray Icon|Computers Only|This Group Policy setting enables the User Experience Virtualization (UE-V) tray icon.|This setting only has an effect for UE-V 2.x and earlier. It has no effect for UE-V in Windows 10, version 1607.| +|Use User Experience Virtualization (UE-V)|Computers and Users|This Group Policy setting lets you enable or disable User Experience Virtualization (UE-V).|This setting only has an effect for UE-V 2.x and earlier. For UE-V in Windows 10, version 1607, use the **Enable UE-V** setting.| +|Enable UE-V|Computers and Users|This policy setting allows you to enable or disable User Experience Virtualization (UE-V) feature. Reboot is needed for enable to take effect.|This setting only has an effect for UE-V in Windows 10, version 1607. For UE-V 2.x and earlier, choose the **Use User Experience Virtualization (UE-V)** setting.| - - -**Note** -In addition, Group Policy settings are available for many desktop applications and Windows apps. You can use these settings to enable or disable settings synchronization for specific applications. - - +>[!NOTE] +>In addition, Group Policy settings are available for many desktop applications and Windows apps. You can use these settings to enable or disable settings synchronization for specific applications. **Windows App Group Policy settings** -
| Group Policy setting name | -Target | -Group Policy setting description | -Configuration options | -
|---|---|---|---|
Do not synchronize Windows Apps |
-Computers and Users |
-This Group Policy setting defines whether the UE-V service synchronizes settings for Windows apps. |
-The default is to synchronize Windows apps. |
-
Windows App List |
-Computer and User |
-This setting lists the family package names of the Windows apps and states expressly whether UE-V synchronizes that app’s settings. |
-You can use this setting to specify that settings of an app are never synchronized by UE-V, even if the settings of all other Windows apps are synchronized. |
-
Sync Unlisted Windows Apps |
-Computer and User |
-This Group Policy setting defines the default settings sync behavior of the UE-V service for Windows apps that are not explicitly listed in the Windows app list. |
-By default, the UE-V service only synchronizes settings of those Windows apps that are included in the Windows app list. |
-
Max package size |
- Enable/disable Windows app sync |
- Wait for sync on application start |
-
Setting import delay |
- Sync unlisted Windows apps |
- Wait for sync on logon |
-
Settings import notification |
- IT contact URL |
- Wait for sync timeout |
-
Settings storage path |
- IT contact descriptive text |
- Settings template catalog path |
-
Sync enablement |
- Tray icon enabled |
- Start/Stop UE-V agent service |
-
Sync method |
- First use notification |
- Define which Windows apps will roam settings |
-
Sync timeout |
- - | - |
| Windows PowerShell cmdlet | -Description | -
|---|---|
|
- Restores the user settings for an application or restores a group of Windows settings. |
-
| WMI command | -Description | -
|---|---|
|
- Restores the user settings for an application or restores a group of Windows settings. |
-
| Windows PowerShell command | -Description | -
|---|---|
|
- Lists all the settings location templates that are registered on the computer. |
-
|
- Lists all the settings location templates that are registered on the computer where the application name or template name contains <string>. |
-
|
- Lists all the settings location templates that are registered on the computer where the template ID contains <string>. |
-
|
- Lists all the settings location templates that are registered on the computer where the application or template name, or template ID contains <string>. |
-
|
- Gets the name of the program and version information, which depend on the template ID. |
-
|
- Gets the effective list of Windows apps. |
-
|
- Gets the list of Windows apps that are configured for the computer. |
-
|
- Gets the list of Windows apps that are configured for the current user. |
-
|
- Registers one or more settings location template with UE-V by using relative paths and/or wildcard characters in file paths. After a template is registered, UE-V synchronizes the settings that are defined in the template between computers that have the template registered. |
-
|
- Registers one or more settings location template with UE-V by using literal paths, where no characters can be interpreted as wildcard characters. After a template is registered, UE-V synchronizes the settings that are defined in the template between computers that have the template registered. |
-
|
- Unregisters a settings location template with UE-V. When a template is unregistered, UE-V no longer synchronizes the settings that are defined in the template between computers. |
-
|
- Unregisters all settings location templates with UE-V. When a template is unregistered, UE-V no longer synchronizes the settings that are defined in the template between computers. |
-
|
- Updates one or more settings location templates with a more recent version of the template. Use relative paths and/or wildcard characters in the file paths. The new template should be a newer version than the existing template. |
-
|
- Updates one or more settings location templates with a more recent version of the template. Use full paths to template files, where no characters can be interpreted as wildcard characters. The new template should be a newer version than the existing template. |
-
|
- Removes one or more Windows apps from the computer Windows app list. |
-
|
- Removes Windows app from the current user Windows app list. |
-
|
- Removes all Windows apps from the computer Windows app list. |
-
|
- Removes one or more Windows apps from the current user Windows app list. |
-
|
- Removes all Windows apps from the current user Windows app list. |
-
|
- Disables a settings location template for the current user of the computer. |
-
|
- Disables one or more Windows apps in the computer Windows app list. |
-
|
- Disables one or more Windows apps in the current user Windows app list. |
-
|
- Enables a settings location template for the current user of the computer. |
-
|
- Enables one or more Windows apps in the computer Windows app list. |
-
|
- Enables one or more Windows apps in the current user Windows app list. |
-
|
- Determines whether one or more settings location templates comply with its XML schema. Can use relative paths and wildcard characters. |
-
|
- Determines whether one or more settings location templates comply with its XML schema. The path must be a full path to the template file, but does not include wildcard characters. |
-
Windows PowerShell command |
- Description | -
|---|---|
|
- Lists all the settings location templates that are registered for the computer. |
-
|
- Gets the name of the program and version information, which depends on the template name. |
-
|
- Gets the effective list of Windows apps. |
-
Get-WmiObject -Namespace root\Microsoft\UEV MachineConfiguredWindows8App |
- Gets the list of Windows apps that are configured for the computer. |
-
|
- Gets the list of Windows apps that are configured for the current user. |
-
|
- Registers a settings location template with UE-V. |
-
|
- Unregisters a settings location template with UE-V. As soon as a template is unregistered, UE-V no longer synchronizes the settings that are defined in the template between computers. |
-
|
- Updates a settings location template with UE-V. The new template should be a newer version than the existing one. |
-
|
- Removes one or more Windows apps from the computer Windows app list. |
-
|
- Removes one or more Windows apps from the current user Windows app list. |
-
|
- Disables one or more settings location templates with UE-V. |
-
|
- Disables one or more Windows apps in the computer Windows app list. |
-
|
- Disables one or more Windows apps in the current user Windows app list. |
-
|
- Enables a settings location template with UE-V. |
-
|
- Enables Windows apps in the computer Windows app list. |
-
|
- Enables Windows apps in the current user Windows app list. |
-
|
- Determines whether a given settings location template complies with its XML schema. |
-
| Windows PowerShell command | -Description | -
|---|---|
|
- Turns on the UE-V service. Requires reboot. |
-
|
- Turns off the UE-V service. Requires reboot. |
-
|
- Displays whether UE-V service is enabled or disabled, using a Boolean value. |
-
|
- Gets the effective UE-V service settings. User-specific settings have precedence over the computer settings. |
-
|
- Gets the UE-V service settings values for the current user only. |
-
|
- Gets the UE-V service configuration settings values for all users on the computer. |
-
|
- Gets the details for each configuration setting. Displays where the setting is configured or if it uses the default value. Is displayed if the current setting is valid. |
-
|
- Configures the UE-V service to not synchronize any Windows apps for all users on the computer. |
-
|
- Configures the UE-V service to not synchronize any Windows apps for the current computer user. |
-
|
- Configures the UE-V service to display notification the first time the service runs for all users on the computer. |
-
|
- Configures the UE-V service to not display notification the first time that the service runs for all users on the computer. |
-
|
- Configures the UE-V service to notify all users on the computer when settings synchronization is delayed. -Use the DisableSettingsImportNotify parameter to disable notification. |
-
|
- Configures the UE-V service to notify the current user when settings synchronization is delayed. -Use the DisableSettingsImportNotify parameter to disable notification. |
-
|
- Configures the UE-V service to synchronize all Windows apps that are not explicitly disabled by the Windows app list for all users of the computer. For more information, see "Get-UevAppxPackage" in Managing UE-V Settings Location Templates Using Windows PowerShell and WMI. -Use the DisableSyncUnlistedWindows8Apps parameter to configure the UE-V service to synchronize only Windows apps that are explicitly enabled by the Windows App List. |
-
|
- Configures the UE-V service to synchronize all Windows apps that are not explicitly disabled by the Windows app list for the current user on the computer. For more information, see "Get-UevAppxPackage" in Managing UE-V Settings Location Templates Using Windows PowerShell and WMI. -Use the DisableSyncUnlistedWindows8Apps parameter to configure the UE-V service to synchronize only Windows apps that are explicitly enabled by the Windows App List. |
-
|
- Disables UE-V for all the users on the computer. -Use the EnableSync parameter to enable or re-enable. |
-
|
- Disables UE-V for the current user on the computer. -Use the EnableSync parameter to enable or re-enable. |
-
|
- Enables the UE-V icon in the notification area for all users of the computer. -Use the DisableTrayIcon parameter to disable the icon. |
-
|
- Configures the UE-V service to report when a settings package file size reaches the defined threshold for all users on the computer. Sets the threshold package size in bytes. |
-
|
- Configures the UE-V service to report when a settings package file size reaches the defined threshold. Sets the package size warning threshold for the current user. |
-
|
- Specifies the time in seconds before the user is notified for all users of the computer |
-
|
- Specifies the time in seconds before notification for the current user is sent. |
-
|
- Defines a per-computer settings storage location for all users of the computer. |
-
|
- Defines a per-user settings storage location. |
-
|
- Sets the settings template catalog path for all users of the computer. |
-
|
- Sets the synchronization method for all users of the computer: SyncProvider or None. |
-
|
- Sets the synchronization method for the current user: SyncProvider or None. |
-
|
- Sets the synchronization time-out in milliseconds for all users of the computer |
-
|
- Set the synchronization time-out for the current user. |
-
|
- Clears the specified setting for all users on the computer. |
-
|
- Clears the specified setting for the current user only. |
-
|
- Exports the UE-V computer configuration to a settings migration file. The file name extension must be .uev. -The |
-
|
- Imports the UE-V computer configuration from a settings migration file. The file name extension must be .uev. |
-
Use the DisableSettingsImportNotify parameter to disable notification.| + |`Set-UevConfiguration -CurrentComputerUser -EnableSettingsImportNotify`|Configures the UE-V service to notify the current user when settings synchronization is delayed.
Use the DisableSettingsImportNotify parameter to disable notification.| + |`Set-UevConfiguration -Computer -EnableSyncUnlistedWindows8Apps`|Configures the UE-V service to synchronize all Windows apps that are not explicitly disabled by the Windows app list for all users of the computer. For more information, see "Get-UevAppxPackage" in [Managing UE-V Settings Location Templates Using Windows PowerShell and WMI](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md).
Use the DisableSyncUnlistedWindows8Apps parameter to configure the UE-V service to synchronize only Windows apps that are explicitly enabled by the Windows App List.| + |`Set-UevConfiguration -CurrentComputerUser - EnableSyncUnlistedWindows8Apps`|Configures the UE-V service to synchronize all Windows apps that are not explicitly disabled by the Windows app list for the current user on the computer. For more information, see "Get-UevAppxPackage" in [Managing UE-V Settings Location Templates Using Windows PowerShell and WMI](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md).
Use the DisableSyncUnlistedWindows8Apps parameter to configure the UE-V service to synchronize only Windows apps that are explicitly enabled by the Windows App List.| + |`Set-UevConfiguration -Computer -DisableSync`|Disables UE-V for all the users on the computer.
Use the EnableSync parameter to enable or re-enable.| + |`Set-UevConfiguration -CurrentComputerUser -DisableSync`|Disables UE-V for the current user on the computer.
Use the EnableSync parameter to enable or re-enable.| + |`Set-UevConfiguration -Computer -EnableTrayIcon`|Enables the UE-V icon in the notification area for all users of the computer.
Use the DisableTrayIcon parameter to disable the icon.|
+ |`Set-UevConfiguration -Computer -MaxPackageSizeInBytes The `Export` cmdlet exports all UE-V service settings that are configurable with the Computer parameter.|
+ |`Import-UevConfiguration Windows PowerShell command Description Extracts the settings from a Microsoft Notepad package file and converts them into a human-readable format in XML. Repairs the index of the UE-V settings location templates. Displays the active UE-V service settings. User-specific settings have precedence over the computer settings. Displays the UE-V service configuration that is defined for a user. Displays the UE-V service configuration that is defined for a computer. Displays the details for each configuration item. $config.Put() Defines a per-computer settings storage location. Defines a per-user settings storage location. Sets the synchronization time-out in milliseconds for all users of the computer. Configures the UE-V service to report when a settings package file size reaches a defined threshold. Set the threshold package file size in bytes for all users of the computer. Sets the synchronization method for all users of the computer: SyncProvider or None. To enable a specific per-computer setting, clear the setting, and use $null as the setting value. Use UserConfiguration for per-user settings. To disable a specific per-computer setting, clear the setting, and use $null as the setting value. Use User Configuration for per-user settings. Updates a specific per-computer setting. To clear the setting, use $null as the setting value. Updates a specific per-user setting for all users of the computer. To clear the setting, use $null as the setting value. `$config.SettingsStoragePath = `$config.Put()`|Defines a per-computer settings storage location.|
+ |`$config = Get-WmiObject -Namespace root\Microsoft\UEV UserConfiguration` `$config.SettingsStoragePath = `$config.Put()`|Defines a per-user settings storage location.|
+ |`$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration` `$config.SyncTimeoutInMilliseconds = `$config.Put()`|Sets the synchronization time-out in milliseconds for all users of the computer.|
+ |`$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration` `$config.MaxPackageSizeInBytes = `$config.Put()`|Configures the UE-V service to report when a settings package file size reaches a defined threshold. Set the threshold package file size in bytes for all users of the computer.|
+ |`$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration` `$config.SyncMethod = `$config.Put()`|Sets the synchronization method for all users of the computer: SyncProvider or None.|
+ |`$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration` `$config. `$config.Put()`|To enable a specific per-computer setting, clear the setting, and use $null as the setting value. Use UserConfiguration for per-user settings.|
+ |`$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration` `$config. `$config.Put()`|To disable a specific per-computer setting, clear the setting, and use $null as the setting value. Use User Configuration for per-user settings.|
+ |`$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration` `$config. `$config.Put()`|Updates a specific per-computer setting. To clear the setting, use $null as the setting value.|
+ |`$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration` `$config. `$config.Put()`|Updates a specific per-user setting for all users of the computer. To clear the setting, use $null as the setting value.|
When you are finished configuring the UE-V service with WMI and Windows PowerShell, the defined configuration is stored in the registry in the following locations.
@@ -323,33 +113,10 @@ When you are finished configuring the UE-V service with WMI and Windows PowerShe
2. Use the following WMI commands.
- Extracts the settings from a package file and converts them into a human-readable format in XML. Repairs the index of the UE-V settings location templates. Must be run as administrator. Everyone No permissions Security group of UE-V Full control Creator/Owner No permissions No permissions Domain Admins Full control This folder, subfolders, and files Security group of UE-V users List folder/read data, create folders/append data This folder only Everyone Remove all permissions No permissions Everyone No permissions Domain computers Read permission Levels Administrators Read/write permission levels Creator/Owner Full control This folder, subfolders, and files Domain Computers List folder contents and Read permissions This folder, subfolders, and files Everyone No permissions No permissions Administrators Full Control This folder, subfolders, and files UE-V Trigger Event SyncMethod=SyncProvider SyncMethod=None Windows Logon Application and Windows settings are imported to the local cache from the settings storage location. Asynchronous Windows settings are applied. Synchronous Windows settings will be applied during the next Windows logon. Application settings will be applied when the application starts. Application and Windows settings are read directly from the settings storage location. Asynchronous and synchronous Windows settings are applied. Application settings will be applied when the application starts. Windows Logoff Store changes locally and cache and copy asynchronous and synchronous Windows settings to the settings storage location server, if available Store changes to asynchronous and synchronous Windows settings storage location Windows Connect (RDP) / Unlock Synchronize any asynchronous Windows settings from settings storage location to local cache, if available. Apply cached Windows settings Download and apply asynchronous windows settings from settings storage location Windows Disconnect (RDP) / Lock Store asynchronous Windows settings changes to the local cache. Synchronize any asynchronous Windows settings from the local cache to settings storage location, if available Store asynchronous Windows settings changes to the settings storage location Application start Apply application settings from local cache as the application starts Apply application settings from settings storage location as the application starts Application closes Store any application settings changes to the local cache and copy settings to settings storage location, if available Store any application settings changes to settings storage location Sync Controller Scheduled Task Application and Windows settings are synchronized between the settings storage location and the local cache. Settings changes are not cached locally until an application closes. This trigger will not export changes made to a currently running application. For Windows settings, this means that any changes will not be cached locally and exported until the next Lock (Asynchronous) or Logoff (Asynchronous and Synchronous). Settings are applied in these cases: Asynchronous Windows settings are applied directly. Application settings are applied when the application starts. Both asynchronous and synchronous Windows settings are applied during the next Windows logon. Windows app (AppX) settings are applied during the next refresh. See Monitor Application Settings for more information. NA Asynchronous Settings updated on remote store* Load and apply new asynchronous settings from the cache. Load and apply settings from central server Apply cached Windows settings|Download and apply asynchronous windows settings from settings storage location|
+|**Windows Disconnect (RDP) / Lock**|Store asynchronous Windows settings changes to the local cache. Synchronize any asynchronous Windows settings from the local cache to settings storage location, if available|Store asynchronous Windows settings changes to the settings storage location|
+|**Application start**|Apply application settings from local cache as the application starts|Apply application settings from settings storage location as the application starts|
+|**Application closes**|Store any application settings changes to the local cache and copy settings to settings storage location, if available|Store any application settings changes to settings storage location|
+|**Sync Controller Scheduled Task**|Application and Windows settings are synchronized between the settings storage location and the local cache. For Windows settings, this means that any changes will not be cached locally and exported until the next Lock (Asynchronous) or Logoff (Asynchronous and Synchronous). Settings are applied in these cases: MicrosoftOffice2016Win32.xml MicrosoftOffice2016Win64.xml MicrosoftSkypeForBusiness2016Win32.xml MicrosoftSkypeForBusiness2016Win64.xml MicrosoftOffice2013Win32.xml MicrosoftOffice2013Win64.xml MicrosoftLync2013Win32.xml MicrosoftLync2013Win64.xml MicrosoftOffice2010Win32.xml MicrosoftOffice2010Win64.xml MicrosoftLync2010.xml MicrosoftOffice2016Win64.xml MicrosoftSkypeForBusiness2016Win32.xml MicrosoftSkypeForBusiness2016Win64.xml|MicrosoftOffice2013Win32.xml MicrosoftOffice2013Win64.xml MicrosoftLync2013Win32.xml MicrosoftLync2013Win64.xml|MicrosoftOffice2010Win32.xml MicrosoftOffice2010Win64.xml MicrosoftLync2010.xml|
### Microsoft Office Applications supported by the UE-V templates
- Microsoft Access 2016 Microsoft Lync 2016 Microsoft Excel 2016 Microsoft OneNote 2016 Microsoft Outlook 2016 Microsoft PowerPoint 2016 Microsoft Project 2016 Microsoft Publisher 2016 Microsoft SharePoint Designer 2013 (not updated for 2016) Microsoft Visio 2016 Microsoft Word 2016 Microsoft Office Upload Manager Microsoft Access 2013 Microsoft Lync 2013 Microsoft Excel 2013 Microsoft InfoPath 2013 Microsoft OneNote 2013 Microsoft Outlook 2013 Microsoft PowerPoint 2013 Microsoft Project 2013 Microsoft Publisher 2013 Microsoft SharePoint Designer 2013 Microsoft Visio 2013 Microsoft Word 2013 Microsoft Office Upload Manager Microsoft Access 2010 Microsoft Lync 2010 Microsoft Excel 2010 Microsoft InfoPath 2010 Microsoft OneNote 2010 Microsoft Outlook 2010 Microsoft PowerPoint 2010 Microsoft Project 2010 Microsoft Publisher 2010 Microsoft SharePoint Designer 2010 Microsoft Visio 2010 Microsoft Word 2010 Microsoft Lync 2016 Microsoft Excel 2016 Microsoft OneNote 2016 Microsoft Outlook 2016 Microsoft PowerPoint 2016 Microsoft Project 2016 Microsoft Publisher 2016 Microsoft SharePoint Designer 2013 (not updated for 2016) Microsoft Visio 2016 Microsoft Word 2016 Microsoft Office Upload Manager|Microsoft Access 2013 Microsoft Lync 2013 Microsoft Excel 2013 Microsoft InfoPath 2013 Microsoft OneNote 2013 Microsoft Outlook 2013 Microsoft PowerPoint 2013 Microsoft Project 2013 Microsoft Publisher 2013 Microsoft SharePoint Designer 2013 Microsoft Visio 2013 Microsoft Word 2013 Microsoft Office Upload Manager|Microsoft Access 2010 Microsoft Lync 2010 Microsoft Excel 2010 Microsoft InfoPath 2010 Microsoft OneNote 2010 Microsoft Outlook 2010 Microsoft PowerPoint 2010 Microsoft Project 2010 Microsoft Publisher 2010 Microsoft SharePoint Designer 2010 Microsoft Visio 2010 Microsoft Word 2010|
## Deploying Office templates
diff --git a/windows/deployment/mbr-to-gpt.md b/windows/deployment/mbr-to-gpt.md
index 1f836e3637..bae2b9eb0d 100644
--- a/windows/deployment/mbr-to-gpt.md
+++ b/windows/deployment/mbr-to-gpt.md
@@ -25,8 +25,9 @@ ms.collection: highpri
**MBR2GPT.EXE** converts a disk from the Master Boot Record (MBR) to the GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. The tool is designed to be run from a Windows Preinstallation Environment (Windows PE) command prompt, but can also be run from the full Windows 10 operating system (OS) by using the **/allowFullOS** option.
->MBR2GPT.EXE is located in the **Windows\\System32** directory on a computer running Windows 10 version 1703 (also known as the Creator's Update) or later.
->The tool is available in both the full OS environment and Windows PE. To use this tool in a deployment task sequence with Configuration Manager or Microsoft Deployment Toolkit (MDT), you must first update the Windows PE image (winpe.wim, boot.wim) with the [Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) 1703, or a later version.
+MBR2GPT.EXE is located in the **Windows\\System32** directory on a computer running Windows 10 version 1703 (also known as the Creator's Update) or later.
+
+The tool is available in both the full OS environment and Windows PE. To use this tool in a deployment task sequence with Configuration Manager or Microsoft Deployment Toolkit (MDT), you must first update the Windows PE image (winpe.wim, boot.wim) with the [Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) 1703, or a later version.
See the following video for a detailed description and demonstration of MBR2GPT.
@@ -41,8 +42,10 @@ You can use MBR2GPT to:
Offline conversion of system disks with earlier versions of Windows installed, such as Windows 7, 8, or 8.1 are not officially supported. The recommended method to convert these disks is to upgrade the operating system to Windows 10 first, then perform the MBR to GPT conversion.
->[!IMPORTANT]
->After the disk has been converted to GPT partition style, the firmware must be reconfigured to boot in UEFI mode. Filter Noise Filters noise from the issues. This command is selected by default. Load Noise Filter File Opens the Open Noise Filter File dialog box, in which you can load an existing noise filter (.xml) file. Export Noise Filter File Opens the Save Noise Filter File dialog box, in which you can save filter settings as a noise filter (.xml) file. Only Display Records with Application Name in StackTrace Filters out records that do not have the application name in the stack trace. However, because the SUA tool captures only the first 32 stack frames, this command can also filter out real issues with the application where the call stack is deeper than 32 frames. Show More Details in StackTrace Shows additional stack frames that are related to the SUA tool, but not related to the diagnosed application. Warn Before Deleting AppVerifier Logs Displays a warning message before the SUA tool deletes all of the existing SUA-related log files on the computer. This command is selected by default. Logging Provides the following logging-related options: Show or hide log errors. Show or hide log warnings. Show or hide log information. To maintain a manageable file size, we recommend that you do not select the option to show informational messages. This command is selected by default.|
+ |**Load Noise Filter File**|Opens the **Open Noise Filter File** dialog box, in which you can load an existing noise filter (.xml) file.|
+ |**Export Noise Filter File**|Opens the **Save Noise Filter File** dialog box, in which you can save filter settings as a noise filter (.xml) file.|
+ |**Only Display Records with Application Name in StackTrace**|Filters out records that do not have the application name in the stack trace. However, because the SUA tool captures only the first 32 stack frames, this command can also filter out real issues with the application where the call stack is deeper than 32 frames.|
+ |**Show More Details in StackTrace**|Shows additional stack frames that are related to the SUA tool, but not related to the diagnosed application.|
+ |**Warn Before Deleting AppVerifier Logs**|Displays a warning message before the SUA tool deletes all of the existing SUA-related log files on the computer. This command is selected by default.|
+ |**Logging**|Provides the following logging-related options: To maintain a manageable file size, we recommend that you do not select the option to show informational messages.|
+
+
\ No newline at end of file
diff --git a/windows/deployment/planning/available-data-types-and-operators-in-compatibility-administrator.md b/windows/deployment/planning/available-data-types-and-operators-in-compatibility-administrator.md
index f128528a5e..2db04e673e 100644
--- a/windows/deployment/planning/available-data-types-and-operators-in-compatibility-administrator.md
+++ b/windows/deployment/planning/available-data-types-and-operators-in-compatibility-administrator.md
@@ -45,195 +45,41 @@ Customized-compatibility databases in Compatibility Administrator contain the fo
The following table shows the attributes you can use for querying your customized-compatibility databases in Compatibility Administrator.
- APP_NAME Name of the application. String DATABASE_GUID Unique ID for your compatibility database. String DATABASE_INSTALLED Specifies if you have installed the database. Boolean DATABASE_NAME Descriptive name of your database. String DATABASE_PATH Location of the database on your computer. String FIX_COUNT Number of compatibility fixes applied to a specific application. Integer FIX_NAME Name of your compatibility fix. String MATCH_COUNT Number of matching files for a specific, fixed application. Integer MATCHFILE_NAME Name of a matching file used to identify a specific, fixed application. String MODE_COUNT Number of compatibility modes applied to a specific, fixed application. Integer MODE_NAME Name of your compatibility mode. String PROGRAM_APPHELPTYPE Type of AppHelp message applied to an entry. The value can be 1 or 2, where 1 enables the program to run and 2 blocks the program. Integer PROGRAM_DISABLED Specifies if you disabled the compatibility fix for an application. If True, Compatibility Administrator does not apply the fixes to the application. Boolean PROGRAM_GUID Unique ID for an application. String PROGRAM_NAME Name of the application that you are fixing. String > Greater than Integer or string 1 >= Greater than or equal to Integer or string 1 < Less than Integer or string 1 <= Less than or equal to Integer or string 1 <> Not equal to Integer or string 1 = Equal to Integer, string, or Boolean 1 HAS A special SQL operator used to check if the left-hand operand contains a substring specified by the right-hand operand. Left-hand operand. MATCHFILE_NAME, MODE_NAME, FIX_NAME Only the HAS operator can be applied to the MATCHFILE_NAME, MODE_NAME, and FIX_NAME attributes. Right-hand operand. String 1 OR Logical OR operator Boolean 2 AND Logical AND operator Boolean 2 This section provides information about using the Compatibility Administrator tool. Managing Application-Compatibility Fixes and Custom Fix Databases This section provides information about managing your application-compatibility fixes and custom-compatibility fix databases. This section explains the reasons for using compatibility fixes and how to deploy custom-compatibility fix databases. You must deploy your customized database (.sdb) files to other computers in your organization before your compatibility fixes, compatibility modes, and AppHelp messages are applied. You can deploy your customized database files in several ways, including by using a logon script, by using Group Policy, or by performing file copy operations. 8And16BitAggregateBlts Applications that are mitigated by 8/16-bit mitigation can exhibit performance issues. This layer aggregates all the blt operations and improves performance. 8And16BitDXMaxWinMode Applications that use DX8/9 and are mitigated by the 8/16-bit mitigation are run in a maximized windowed mode. This layer mitigates applications that exhibit graphical corruption in full screen mode. 8And16BitGDIRedraw This fix repairs applications that use GDI and that work in 8-bit color mode. The application is forced to repaint its window on RealizePalette. AccelGdipFlush This fix increases the speed of GdipFlush, which has perf issues in DWM. AoaMp4Converter This fix resolves a display issue for the AoA Mp4 Converter. BIOSRead This problem is indicated when an application cannot access the Device\PhysicalMemory object beyond the kernel-mode drivers, on any of the Windows Server® 2003 operating systems. The fix enables OEM executable (.exe) files to use the GetSystemFirmwareTable function instead of the NtOpenSection function when the BIOS is queried for the \Device\Physical memory information.. BlockRunasInteractiveUser This problem occurs when InstallShield creates installers and uninstallers that fail to complete and that generate error messages or warnings. The fix blocks InstallShield from setting the value of RunAs registry keys to InteractiveUser Because InteractiveUser no longer has Administrator rights. For more detailed information about this application fix, see Using the BlockRunAsInteractiveUser Fix. ChangeFolderPathToXPStyle This fix is required when an application cannot return shell folder paths when it uses the SHGetFolder API. The fix intercepts the SHGetFolder path request to the common appdata file path and returns the Windows® XP-style file path instead of the Windows Vista-style file path. ClearLastErrorStatusonIntializeCriticalSection This fix is indicated when an application fails to start. The fix modifies the InitializeCriticalSection function call so that it checks the NTSTATUS error code, and then sets the last error to ERROR_SUCCESS. CopyHKCUSettingsFromOtherUsers This problem occurs when an application's installer must run in elevated mode and depends on the HKCU settings that are provided for other users. The fix scans the existing user profiles and tries to copy the specified keys into the HKEY_CURRENT_USER registry area. You can control this fix further by entering the relevant registry keys as parameters that are separated by the ^ Symbol; for example: For more detailed information about this application fix, see Using the CopyHKCUSettingsFromOtherUsers Fix. CorrectCreateBrushIndirectHatch The problem is indicated by an access violation error message that displays and when the application fails when you select or crop an image. The fix corrects the brush style hatch value, which is passed to the CreateBrushIndirect() function and enables the information to be correctly interpreted. CorrectFilePaths The problem is indicated when an application tries to write files to the hard disk and is denied access or receives a file not found or path not found error message. The fix modifies the file path names to point to a new location on the hard disk. For more detailed information about the CorrectFilePaths application fix, see Using the CorrectFilePaths Fix. We recommend that you use this fix together with the CorrectFilePathsUninstall fix if you are applying it to a setup installation file. CorrectFilePathsUninstall This problem occurs when an uninstalled application leaves behind files, directories, and links. The fix corrects the file paths that are used by the uninstallation process of an application. For more detailed information about this fix, see Using the CorrectFilePathsUninstall Fix. We recommend that you use this fix together with the CorrectFilePaths fix if you are applying it to a setup installation file. CorrectShellExecuteHWND This problem occurs when you start an executable (.exe) and a taskbar item blinks instead of an elevation prompt being opened, or when the application does not provide a valid HWND value when it calls the ShellExecute(Ex) function. The fix intercepts the ShellExecute(Ex) calls, and then inspects the HWND value. If the value is invalid, this fix enables the call to use the currently active HWND value. For more detailed information about the CorrectShellExecuteHWND application fix, see Using the CorrectShellExecuteHWND Fix. CustomNCRender This fix instructs DWM to not render the non-client area, thereby forcing the application to do its own NC rendering. This often gives windows an XP look. DelayApplyFlag This fix applies a KERNEL, USER, or PROCESS flag if the specified DLL is loaded. You can control this fix further by typing the following command at the command prompt: DLL_Name;Flag_Type;Hexidecimal_Value Where the DLL_Name is the name of the specific DLL, including the file extension. Flag_Type is KERNEL, USER, or PROCESS, and a Hexidecimal_Value, starting with 0x and up to 64-bits long. The PROCESS flag type can have a 32-bit length only. You can separate multiple entries with a backslash (). DeprecatedServiceShim The problem is indicated when an application tries to install a service that has a dependency on a deprecated service. An error message displays. The fix intercepts the CreateService function calls and removes the deprecated dependency service from the lpDependencies parameter. You can control this fix further by typing the following command at the command prompt: Deprecated_Service\App_Service/Deprecated_Service2 \App_Service2 Where Deprecated_Service is the name of the service that has been deprecated and App_Service is the name of the specific application service that is to be modified; for example, NtLmSsp\WMI. If you do not provide an App_Service name, the deprecated service will be removed from all newly created services. You can separate multiple entries with a forward slash (/). DirectXVersionLie This problem occurs when an application fails because it does not find the correct version number for DirectX®. The fix modifies the DXDIAGN GetProp function call to return the correct DirectX version. You can control this fix further by typing the following command at the command prompt: MAJORVERSION.MINORVERSION.LETTER For example, DetectorDWM8And16Bit This fix offeres mitigation for applications that work in 8/16-bit display color mode because these legacy color modes are not supported in Windows 8 . Disable8And16BitD3D This fix improves performance of 8/16-bit color applications that render using D3D and do not mix directdraw. Disable8And16BitModes This fix disables 8/16-bit color mitigation and enumeration of 8/16-bit color modes. DisableDWM The problem occurs when some objects are not drawn or object artifacts remain on the screen in an application. The fix temporarily disables the Windows Aero menu theme functionality for unsupported applications. For more detailed information about this application fix, see Using the DisableDWM Fix. DisableFadeAnimations The problem is indicated when an application fade animations, buttons, or other controls do not function properly. The fix disables the fade animations functionality for unsupported applications. DisableThemeMenus The problem is indicated by an application that behaves unpredictably when it tries to detect and use the correct Windows settings. The fix temporarily disables the Windows Aero menu theme functionality for unsupported applications. DisableWindowsDefender The fix disables Windows Defender for security applications that do not work with Windows Defender. DWM8And16BitMitigation The fix offers mitigation for applications that work in 8/16-bit display color mode because these legacy color modes are not supported in Windows 8. DXGICompat The fix allows application-specific compatibility instructions to be passed to the DirectX engine. DXMaximizedWindowedMode Applications that use DX8/9 are run in a maximized windowed mode. This is required for applications that use GDI/DirectDraw in addition to Direct3D. ElevateCreateProcess The problem is indicated when installations, de-installations, or updates fail because the host process calls the CreateProcess function and it returns an ERROR_ELEVATION_REQUIRED error message. The fix handles the error code and attempts to recall the CreateProcess function together with requested elevation. If the fixed application already has a UAC manifest, the error code will be returned unchanged. For more detailed information about this application fix, see Using the ElevateCreateProcess Fix. EmulateOldPathIsUNC The problem occurs when an application fails because of an incorrect UNC path. The fix changes the PathIsUNC function to return a value of True for UNC paths in Windows. EmulateGetDiskFreeSpace The problem is indicated when an application fails to install or to run, and it generates an error message that there is not enough free disk space to install or use the application, even though there is enough free disk space to meet the application requirements. The fix determines the amount of free space, so that if the amount of free space is larger than 2 GB, the compatibility fix returns a value of 2 GB, but if the amount of free space is smaller than 2 GB, the compatibility fix returns the actual free space amount. For more detailed information about this application fix, see Using the EmulateGetDiskFreeSpace Fix. EmulateSorting The problem occurs when an application experiences search functionality issues. The fix forces applications that use the CompareStringW/LCMapString sorting table to use an older version of the table. For more detailed information about this e application fix, see Using the EmulateSorting Fix. EmulateSortingWindows61 The fix emulates the sorting order of Windows 7 and Windows Server 2008 R2 for various APIs. EnableRestarts The problem is indicated when an application and computer appear to hang because processes cannot end to allow the computer to complete its restart processes. The fix enables the computer to restart and finish the installation process by verifying and enabling that the SeShutdownPrivilege service privilege exists. For more detailed information about this application fix, see Using the EnableRestarts Fix. ExtraAddRefDesktopFolder The problem occurs when an application invokes the Release() method too many times and causes an object to be prematurely destroyed. The fix counteracts the application's tries to obtain the shell desktop folder by invoking the AddRef() method on the Desktop folder, which is returned by the SHGetDesktopFolder function. FailObsoleteShellAPIs The problem occurs when an application fails because it generated deprecated API calls. The fix either fully implements the obsolete functions or implements the obsolete functions with stubs that fail. You can type FailAll=1 at the command prompt to suppress the function implementation and force all functions to fail. FailRemoveDirectory The problem occurs when an application uninstallation process does not remove all of the application files and folders. This fix fails calls to RemoveDirectory() when called with a path matching the one specified in the shim command-line. Only a single path is supported. The path can contain environment variables, but must be an exact path – no partial paths are supported. The fix can resolve an issue where an application expects RemoveDirectory() to delete a folder immediately even though a handle is open to it. FakeLunaTheme The problem occurs when a theme application does not properly display: the colors are washed out or the user interface is not detailed. The fix intercepts the GetCurrentThemeName API and returns the value for the Windows XP default theme, (Luna). For more detailed information about the FakeLunaTheme application fix, see Using the FakeLunaTheme Fix. FlushFile This problem is indicated when a file is updated and changes do not immediately appear on the hard disk. Applications cannot see the file changes. The fix enables the WriteFile function to call to the FlushFileBuffers APIs, which flush the file cache onto the hard disk. FontMigration The fix replaces an application-requested font with a better font selection, to avoid text truncation. ForceAdminAccess The problem occurs when an application fails to function during an explicit administrator check. The fix allows the user to temporarily imitate being a part of the Administrators group by returning a value of True during the administrator check. For more detailed information about this application fix, see Using the ForceAdminAccess Fix. ForceInvalidateOnClose The fix invalidates any windows that exist under a closing or hiding window for applications that rely on the invalidation messages. ForceLoadMirrorDrvMitigation The fix loads the Windows 8 mirror driver mitigation for applications where the mitigation is not automatically applied. FreestyleBMX The fix resolves an application race condition that is related to window message order. GetDriveTypeWHook The application presents unusual behavior during installation; for example, the setup program states that it cannot install to a user-specified location. The fix changes GetDriveType() so that only the root information appears for the file path. This is required when an application passes an incomplete or badly-formed file path when it tries to retrieve the drive type on which the file path exists. GlobalMemoryStatusLie The problem is indicated by a Computer memory full error message that displays when you start an application. The fix modifies the memory status structure, so that it reports a swap file that is 400 MB, regardless of the true swap file size. HandleBadPtr The problem is indicated by an access violation error message that displays because an API is performing pointer validation before it uses a parameter. The fix supports using lpBuffer validation from the InternetSetOptionA and InternetSetOptionW functions to perform the additional parameter validation. HandleMarkedContentNotIndexed The problem is indicated by an application that fails when it changes an attribute on a file or directory. The fix intercepts any API calls that return file attributes and directories that are invoked from the %TEMP% directory, and resets the FILE_ATTRIBUTE_NOT_CONTENT_INDEXED attribute to its original state. HeapClearAllocation The problem is indicated when the allocation process shuts down unexpectedly. The fix uses zeros to clear out the heap allocation for an application. IgnoreAltTab The problem occurs when an application fails to function when special key combinations are used. The fix intercepts the RegisterRawInputDevices API and prevents the delivery of the WM_INPUT messages. This delivery failure forces the included hooks to be ignored and forces DInput to use Windows-specific hooks. For more detailed information about this application fix, see Using the IgnoreAltTab Fix. IgnoreChromeSandbox The fix allows Google Chrome to run on systems that have ntdll loaded above 4GB. IgnoreDirectoryJunction The problem is indicated by a read or access violation error message that displays when an application tries to find or open files. The fix links the FindNextFileW, FindNextFileA, FindFirstFileExW, FindFirstFileExA, FindFirstFileW and FindFirstFileA APIs to prevent them from returning directory junctions. Symbolic links appear starting in Windows Vista. IgnoreException The problem is indicated when an application stops functioning immediately after it starts, or the application starts with only a cursor appearing on the screen. The fix enables the application to ignore specified exceptions. By default, this fix ignores privileged-mode exceptions; however, it can be configured to ignore any exception. You can control this fix further by typing the following command at the command prompt: Exception1;Exception2 Where Exception1 and Exception2 are specific exceptions to be ignored. For example: ACCESS_VIOLATION_READ:1;ACCESS_VIOLATION_WRITE:1. You should use this compatibility fix only if you are certain that it is acceptable to ignore the exception. You might experience additional compatibility issues if you choose to incorrectly ignore an exception. For more detailed information about this application fix, see Using the IgnoreException Fix. IgnoreFloatingPointRoundingControl This fix enables an application to ignore the rounding control request and to behave as expected in previous versions of the application. Before floating point SSE2 support in the C runtime library, the rounding control request was being ignored which would use round to nearest option by default. This shim ignores the rounding control request to support applications relying on old behavior. IgnoreFontQuality The problem occurs when application text appears to be distorted. The fix enables color-keyed fonts to properly work with anti-aliasing. IgnoreMessageBox The problem is indicated by a message box that displays with debugging or extraneous content when the application runs on an unexpected operating system. The fix intercepts the MessageBox* APIs and inspects them for specific message text. If matching text is found, the application continues without showing the message box. For more detailed information about this application fix, see Using the IgnoreMessageBox Fix. IgnoreMSOXMLMF The problem is indicated by an error message that states that the operating system cannot locate the MSVCR80D.DLL file. The fix ignores the registered MSOXMLMF.DLL object, which Microsoft® Office 2007 loads into the operating system any time that you load an XML file, and then it fails the CoGetClassObject for its CLSID. This compatibility fix will just ignore the registered MSOXMLMF and fail the CoGetClassObject for its CLSID. IgnoreSetROP2 The fix ignores read-modify-write operations on the desktop to avoid performance issues. InstallComponent The fix prompts the user to install.Net 3.5 or .Net 2.0 because .Net is not included with Windows 8. LoadLibraryRedirect The fix forces an application to load system versions of libraries instead of loading redistributable versions that shipped with the application. LocalMappedObject The problem occurs when an application unsuccessfully tries to create an object in the Global namespace. The fix intercepts the function call to create the object and replaces the word Global with Local. For more detailed information about this application fix, see Using the LocalMappedObject Fix. MakeShortcutRunas The problem is indicated when an application fails to uninstall because of access-related errors. The fix locates any RunDLL.exe-based uninstallers and forces them to run with different credentials during the application installation. After it applies this fix, the installer will create a shortcut that specifies a matching string to run during the application installation, thereby enabling the uninstallation to occur later. For more detailed information about this application fix, see Using the MakeShortcutRunas Fix ManageLinks The fix intercepts common APIs that are going to a directory or to an executable (.exe) file, and then converts any symbolic or directory junctions before passing it back to the original APIs. MirrorDriverWithComposition The fix allows mirror drivers to work properly with acceptable performance with desktop composition. MoveToCopyFileShim The problem occurs when an application experiences security access issues during setup. The fix forces the CopyFile APIs to run instead of the MoveFile APIs. CopyFile APIs avoid moving the security descriptor, which enables the application files to get the default descriptor of the destination folder and prevents the security access issue. OpenDirectoryAcl The problem is indicated by an error message that states that you do not have the appropriate permissions to access the application. The fix reduces the security privilege levels on a specified set of files and folders. For more detailed information about this application fix, see Using the OpenDirectoryACL Fix. PopCapGamesForceResPerf The fix resolves the performance issues in PopCap games like Bejeweled2. The performance issues are visible in certain low-end cards at certain resolutions where the 1024x768 buffer is scaled to fit the display resolution. PreInstallDriver The fix preinstalls drivers for applications that would otherwise try to install or start drivers during the initial start process. PreInstallSmarteSECURE The fix preinstalls computer-wide CLSIDs for applications that use SmartSECURE copy protection, which would otherwise try to install the CLSIDs during the initial start process. ProcessPerfData The problem is indicated by an Unhandled Exception error message because the application tried to read the process performance data registry value to determine if another instance of the application is running. The fix handles the failure case by passing a fake process performance data registry key, so that the application perceives that it is the only instance running. This issue seems to occur most frequently with .NET applications. PromoteDAM The fix registers an application for power state change notifications. PropagateProcessHistory The problem occurs when an application incorrectly fails to apply an application fix. The fix sets the _PROCESS_HISTORY environment variable so that child processes can look in the parent directory for matching information while searching for application fixes. ProtectedAdminCheck The problem occurs when an application fails to run because of incorrect Protected Administrator permissions. The fix addresses the issues that occur when applications use non-standard Administrator checks, thereby generating false positives for user accounts that are being run as Protected Administrators. In this case, the associated SID exists, but it is set as deny-only. RedirectCRTTempFile The fix intercepts failing CRT calls that try to create a temporary file at the root of the volume, thereby redirecting the calls to a temporary file in the user's temporary directory. RedirectHKCUKeys The problem occurs when an application cannot be accessed because of User Account Control (UAC) restrictions. The fix duplicates any newly created HKCU keys to other users' HKCU accounts. This fix is generic for UAC restrictions, whereby the HKCU keys are required, but are unavailable to an application at runtime. RedirectMP3Codec This problem occurs when you cannot play MP3 files. The fix intercepts the CoCreateInstance call for the missing filter and then redirects it to a supported version. RedirectShortcut The problem occurs when an application cannot be accessed by its shortcut, or application shortcuts are not removed during the application uninstallation process. The fix redirects all of the shortcuts created during the application setup to appear according to a specified path. Start Menu shortcuts: Appear in the \ProgramData\Microsoft\Windows\Start Menu directory for all users. Desktop or Quick Launch shortcuts:You must manually place the shortcuts on the individual user's desktop or Quick Launch bar. This issue occurs because of UAC restrictions: specifically, when an application setup runs by using elevated privileges and stores the shortcuts according to the elevated user's context. In this situation, a restricted user cannot access the shortcuts. You cannot apply this fix to an .exe file that includes a manifest and provides a runlevel. RelaunchElevated The problem occurs when installers, uninstallers, or updaters fail when they are started from a host application. The fix enables a child .exe file to run with elevated privileges when it is difficult to determine the parent process with either the ElevateCreateProcess fix or by marking the .exe files to RunAsAdmin. For more detailed information about this application fix, see Using the RelaunchElevated Fix. RetryOpenSCManagerWithReadAccess The problem occurs when an application tries to open the Service Control Manager (SCM) and receives an Access Denied error message. The fix retries the call and requests a more restricted set of rights that include the following: SC_MANAGER_CONNECT SC_MANAGER_ENUMERATE_SERVICE SC_MANAGER_QUERY_LOCK_STATUS STANDARD_READ_RIGHTS For more detailed information about this application fix, see Using the RetryOpenSCManagerwithReadAccess Fix. RetryOpenServiceWithReadAccess The problem occurs when an Unable to open service due to your application using the OpenService() API to test for the existence of a particular service error message displays. The fix retries the OpenService() API call and verifies that the user has Administrator rights, is not a Protected Administrator, and by using read-only access. Applications can test for the existence of a service by calling the OpenService() API but some applications ask for all access when making this check. This fix retries the call but only asking for read-only access. The user needs to be an administrator for this to work For more detailed information about this application fix, see Using the RetryOpenServiceWithReadAccess Fix. RunAsAdmin The problem occurs when an application fails to function by using the Standard User or Protected Administrator account. The fix enables the application to run by using elevated privileges. The fix is the equivalent of specifying requireAdministrator in an application manifest. For more detailed information about this application fix, see Using the RunAsAdmin Fix. RunAsHighest The problem occurs when administrators cannot view the read/write version of an application that presents a read-only view to standard users. The fix enables the application to run by using the highest available permissions. This is the equivalent of specifying highestAvailable in an application manifest. For more detailed information about this application fix, see Using the RunAsHighest Fix. RunAsInvoker The problem occurs when an application is not detected as requiring elevation. The fix enables the application to run by using the privileges that are associated with the creation process, without requiring elevation. This is the equivalent of specifying asInvoker in an application manifest. For more detailed information about this application fix, see Using the RunAsInvoker Fix. SecuROM7 The fix repairs applications by using SecuROM7 for copy protection. SessionShim The fix intercepts API calls from applications that are trying to interact with services that are running in another session, by using the terminal service name prefix (Global or Local) as the parameter. At the command prompt, you can supply a list of objects to modify, separating the values by a double backslash (). Or, you can choose not to include any parameters, so that all of the objects are modified. Users cannot log in as Session 0 (Global Session) in Windows Vista and later. Therefore, applications that require access to Session 0 automatically fail. For more detailed information about this application fix, see Using the SessionShim Fix. SetProtocolHandler The fix registers an application as a protocol handler. You can control this fix further by typing the following command at the command prompt: Client;Protocol;App Where the Client is the name of the email protocol, Protocol is mailto, and App is the name of the application. Only the mail client and the mailto protocol are supported. You can separate multiple clients by using a backslash (). SetupCommitFileQueueIgnoreWow The problem occurs when a 32-bit setup program fails to install because it requires 64-bit drivers. The fix disables the Wow64 file system that is used by the 64-bit editions of Windows, to prevent 32-bit applications from accessing 64-bit file systems during the application setup. SharePointDesigner2007 The fix resolves an application bug that severely slows the application when it runs in DWM. ShimViaEAT The problem occurs when an application fails, even after applying acompatibility fix that is known to fix an issue. Applications that use unicows.dll or copy protection often present this issue. The fix applies the specified compatibility fixes by modifying the export table and by nullifying the use of module inclusion and exclusion. For more information about this application fix, see Using the ShimViaEAT Fix. ShowWindowIE The problem occurs when a web application experiences navigation and display issues because of the tabbing feature. The fix intercepts the ShowWindow API call to address the issues that can occur when a web application determines that it is in a child window. This fix calls the real ShowWindow API on the top-level parent window. SierraWirelessHideCDROM The fix repairs the Sierra Wireless Driver installation, thereby preventing bugcheck. Sonique2 The application uses an invalid window style, which breaks in DWM. This fix replaces the window style with a valid value. SpecificInstaller The problem occurs when an application installation file fails to be picked up by the GenericInstaller function. The fix flags the application as being an installer file (for example, setup.exe), and then prompts for elevation. For more detailed information about this application fix, see Using the SpecificInstaller Fix. SpecificNonInstaller The problem occurs when an application that is not an installer (and has sufficient privileges) generates a false positive from the GenericInstaller function. The fix flags the application to exclude it from detection by the GenericInstaller function. For more detailed information about this application fix, see Using the SpecificNonInstaller Fix. SystemMetricsLie The fix replaces SystemMetrics values and SystemParametersInfo values with the values of previous Windows versions. TextArt The application receives different mouse coordinates with DWM ON versus DWM OFF, which causes the application to hang. This fix resolves the issue. TrimDisplayDeviceNames The fix trims the names of the display devices that are returned by the EnumDisplayDevices API. UIPICompatLogging The fix enables the logging of Windows messages from Internet Explorer and other processes. UIPIEnableCustomMsgs The problem occurs when an application does not properly communicate with other processes because customized Windows messages are not delivered. The fix enables customized Windows messages to pass through to the current process from a lower Desktop integrity level. This fix is the equivalent of calling the RegisterWindowMessage function, followed by the ChangeWindowMessageFilter function in the code. You can control this fix further by typing the following command at the command prompt: MessageString1 MessageString2 Where MessageString1 and MessageString2 reflect the message strings that can pass. Multiple message strings must be separated by spaces. For more detailed information about this application fix, see Using the UIPIEnableCustomMsgs Fix. UIPIEnableStandardMsgs The problem occurs when an application does not communicate properly with other processes because standard Windows messages are not delivered. The fix enables standard Windows messages to pass through to the current process from a lower Desktop integrity level. This fix is the equivalent of calling the ChangeWindowMessageFilter function in the code. You can control this fix further by typing the following command at the command prompt: 1055 1056 1069 Where 1055 reflects the first message ID, 1056 reflects the second message ID, and 1069 reflects the third message ID that can pass. Multiple messages can be separated by spaces. For more detailed information about this application fix, see Using the UIPIEnableStandardMsgs Fix [act]. VirtualizeDeleteFileLayer The fix virtualizes DeleteFile operations for applications that try to delete protected files. VirtualizeDesktopPainting This fix improves the performance of a number of operations on the Desktop DC while using DWM. VirtualRegistry The problem is indicated when a Component failed to be located error message displays when an application is started. The fix enables the registry functions to allow for virtualization, redirection, expansion values, version spoofing, the simulation of performance data counters, and so on. For more detailed information about this application fix, see Using the VirtualRegistry Fix. VirtualizeDeleteFile The problem occurs when several error messages display and the application cannot delete files. The fix makes the application's DeleteFile function call a virtual call in an effort to remedy the UAC and file virtualization issues that were introduced with Windows Vista. This fix also links other file APIs (for example, GetFileAttributes) to ensure that the virtualization of the file is deleted. For more detailed information about this application fix, see Using the VirtualizeDeleteFile Fix. VirtualizeHKCRLite The problem occurs when an application fails to register COM components at runtime. The fix redirects the HKCR write calls (HKLM) to the HKCU hive for a per-user COM registration. This operates much like the VirtualRegistry fix when you use the VirtualizeHKCR parameter; however, VirtualizeHKCRLite provides better performance. HKCR is a virtual merge of the HKCU\Software\Classes and HKLM\Software\Classes directories. The use of HKCU is preferred if an application is not elevated and is ignored if the application is elevated. You typically will use this compatibility fix in conjunction with the VirtualizeRegisterTypeLib fix. For more detailed information about this application fix, see Using the VirtualizeHKCRLite Fix. VirtualizeRegisterTypeLib The fix, when it is used with the VirtualizeHKCRLite fix, ensures that the type library and the COM class registration happen simultaneously. This functions much like the RegistryTypeLib fix when the RegisterTypeLibForUser parameter is used. For more detailed information about this application fix, see Using the VirtualizeRegisterTypelib Fix. WaveOutIgnoreBadFormat This problem is indicated by an error message that states: Unable to initialize sound device from your audio driver; the application then closes. The fix enables the application to ignore the format error and continue to function properly. WerDisableReportException The fix turns off the silent reporting of exceptions to the Windows Error Reporting tool, including those that are reported by Object Linking and Embedding-Database (OLE DB). The fix intercepts the RtlReportException API and returns a STATUS_NOT_SUPPORTED error message. Win7RTM/Win8RTM The layer provides the application with Windows 7/Windows 8 compatibility mode. WinxxRTMVersionLie The problem occurs when an application fails because it does not find the correct version number for the required Windows operating system. All version lie compatibility fixes address the issue whereby an application fails to function because it is checking for, but not finding, a specific version of the operating system. The version lie fix returns the appropriate operating system version information. For example, the VistaRTMVersionLie returns the Windows Vista version information to the application, regardless of the actual operating system version that is running on the computer. Wing32SystoSys32 The problem is indicated by an error message that states that the WinG library was not properly installed. The fix detects whether the WinG32 library exists in the correct directory. If the library is located in the wrong location, this fix copies the information (typically during the runtime of the application) into the %WINDIR% \system32 directory. The application must have Administrator privileges for this fix to work. WinSrv08R2RTM WinXPSP2VersionLie The problem occurs when an application experiences issues because of a VB runtime DLL. The fix forces the application to follow these steps: Open the Compatibility Administrator, and then select None for Operating System Mode. On the Compatibility Fixes page, click WinXPSP2VersionLie, and then click Parameters. The Options for <fix_name> dialog box appears. Type vbrun60.dll into the Module Name box, click Include, and then click Add. Save the custom database. For more information about the WinXPSP2VersionLie application fix, see Using the WinXPSP2VersionLie Fix. WRPDllRegister The application fails when it tries to register a COM component that is released together with Windows Vista and later. The fix skips the processes of registering and unregistering WRP-protected COM components when calling the DLLRegisterServer and DLLUnregisterServer functions. You can control this fix further by typing the following command at the command prompt: Component1.dll;Component2.dll Where Component1.dll and Component2.dll reflect the components to be skipped. For more detailed information about this application fix, see Using the WRPDllRegister Fix. WRPMitigation The problem is indicated when an access denied error message displays when the application tries to access a protected operating system resource by using more than read-only access. The fix emulates the successful authentication and modification of file and registry APIs, so that the application can continue. For more detailed information about WRPMitigation, see Using the WRPMitigation Fix. WRPRegDeleteKey The problem is indicated by an access denied error message that displays when the application tries to delete a registry key. The fix verifies whether the registry key is WRP-protected. If the key is protected, this fix emulates the deletion process. XPAfxIsValidAddress The fix emulates the behavior of Windows XP for MFC42!AfxIsValidAddress. The fix enables OEM executable (.exe) files to use the GetSystemFirmwareTable function instead of the NtOpenSection function when the BIOS is queried for the **\Device\Physical** memory information..|
+|BlockRunasInteractiveUser|This problem occurs when **InstallShield** creates installers and uninstallers that fail to complete and that generate error messages or warnings. The fix blocks **InstallShield** from setting the value of RunAs registry keys to InteractiveUser Because InteractiveUser no longer has Administrator rights. The fix intercepts the **SHGetFolder**path request to the common **appdata** file path and returns the Windows® XP-style file path instead of the Windows Vista-style file path.|
+|ClearLastErrorStatusonIntializeCriticalSection|This fix is indicated when an application fails to start. The fix modifies the InitializeCriticalSection function call so that it checks the NTSTATUS error code, and then sets the last error to ERROR_SUCCESS.|
+|CopyHKCUSettingsFromOtherUsers|This problem occurs when an application's installer must run in elevated mode and depends on the HKCU settings that are provided for other users. The fix scans the existing user profiles and tries to copy the specified keys into the HKEY_CURRENT_USER registry area. You can control this fix further by entering the relevant registry keys as parameters that are separated by the ^ Symbol; for example: Software\MyCompany\Key1^Software\MyCompany\Key2. The fix corrects the brush style hatch value, which is passed to the CreateBrushIndirect() function and enables the information to be correctly interpreted.|
+|CorrectFilePaths|The problem is indicated when an application tries to write files to the hard disk and is denied access or receives a file not found or path not found error message. The fixmodifies the file path names to point to a new location on the hard disk. The fix corrects the file paths that are used by the uninstallation process of an application. The fixintercepts the ShellExecute(Ex) calls, and then inspects the HWND value. If the value is invalid, this fix enables the call to use the currently active HWND value. You can control this fix further by typing the following command at the command prompt: `DLL_Name;Flag_Type;Hexidecimal_Value` The fix intercepts the CreateService function calls and removes the deprecated dependency service from the lpDependencies parameter. You can control this fix further by typing the following command at the command prompt: `Deprecated_Service\App_Service/Deprecated_Service2 \App_Service2` The fix modifies the DXDIAGN GetProp function call to return the correct DirectX version. You can control this fix further by typing the following command at the command prompt: For example, 9.0.c.|
+|DetectorDWM8And16Bit|This fix offers mitigation for applications that work in 8/16-bit display color mode because these legacy color modes are not supported in Windows 8 .|
+|Disable8And16BitD3D|This fix improves performance of 8/16-bit color applications that render using D3D and do not mix direct draw.|
+|Disable8And16BitModes|This fix disables 8/16-bit color mitigation and enumeration of 8/16-bit color modes.|
+|DisableDWM|The problem occurs when some objects are not drawn or object artifacts remain on the screen in an application. The fix temporarily disables the Windows Aero menu theme functionality for unsupported applications. The fix disables the fade animations functionality for unsupported applications.|
+|DisableThemeMenus|The problem is indicated by an application that behaves unpredictably when it tries to detect and use the correct Windows settings. The fix temporarily disables the Windows Aero menu theme functionality for unsupported applications.|
+|DisableWindowsDefender|The fix disables Windows Defender for security applications that do not work with Windows Defender.|
+|DWM8And16BitMitigation|The fix offers mitigation for applications that work in 8/16-bit display color mode because these legacy color modes are not supported in Windows 8.|
+|DXGICompat|The fix allows application-specific compatibility instructions to be passed to the DirectX engine.|
+|DXMaximizedWindowedMode|Applications that use DX8/9 are run in a maximized windowed mode. This is required for applications that use GDI/DirectDraw in addition to Direct3D.|
+|ElevateCreateProcess|The problem is indicated when installations, de-installations, or updates fail because the host process calls the CreateProcess function and it returns an ERROR_ELEVATION_REQUIRED error message. The fixhandles the error code and attempts to recall the CreateProcess function together with requested elevation. If the fixed application already has a UAC manifest, the error code will be returned unchanged. The fix exchanges the PathIsUNC function to return a value of True for UNC paths in Windows.|
+|EmulateGetDiskFreeSpace|The problem is indicated when an application fails to install or to run, and it generates an error message that there is not enough free disk space to install or use the application, even though there is enough free disk space to meet the application requirements. The fix determines the amount of free space, so that if the amount of free space is larger than 2 GB, the compatibility fix returns a value of 2 GB, but if the amount of free space is smaller than 2 GB, the compatibility fix returns the actual-free space amount. The fix forces applications that use the CompareStringW/LCMapString sorting table to use an older version of the table. The fix enables the computer to restart and finish the installation process by verifying and enabling that the SeShutdownPrivilege service privilege exists. The fix counteracts the application's tries to obtain the shell desktop folder by invoking the AddRef() method on the Desktop folder, which is returned by the SHGetDesktopFolder function.|
+|FailObsoleteShellAPIs|The problem occurs when an application fails because it generated deprecated API calls. The fix either fully implements the obsolete functions or implements the obsolete functions with stubs that fail. This fix fails calls to RemoveDirectory() when called with a path matching the one specified in the shim command line. Only a single path is supported. The path can contain environment variables, but must be an exact path – no partial paths are supported. The fixcan resolves an issue where an application expects RemoveDirectory() to delete a folder immediately even though a handle is open to it.|
+|FakeLunaTheme|The problem occurs when a theme application does not properly display: the colors are washed out or the user interface is not detailed. The fix intercepts the GetCurrentThemeName API and returns the value for the Windows XP default theme (Luna). The fixenables the WriteFile function to call to the FlushFileBuffers APIs, which flush the file cache onto the hard disk.|
+|FontMigration|The fix replaces an application-requested font with a better font selection, to avoid text truncation.|
+|ForceAdminAccess|The problem occurs when an application fails to function during an explicit administrator check. The fix allows the user to temporarily imitate being a part of the Administrators group by returning a value of True during the administrator check. The fix exchanges GetDriveType() so that only the root information appears for the file path. This is required when an application passes an incomplete or badly formed file path when it tries to retrieve the drive type on which the file path exists.|
+|GlobalMemoryStatusLie|The problem is indicated by a Computer memory full error message that displays when you start an application. The fix modifies the memory status structure, so that it reports a swap file that is 400 MB, regardless of the true swap file size.|
+|HandleBadPtr|The problem is indicated by an access violation error message that displays because an API is performing pointer validation before it uses a parameter. The fix supports using lpBuffer validation from the InternetSetOptionA and InternetSetOptionW functions to perform the more parameter validation.|
+|HandleMarkedContentNotIndexed|The problem is indicated by an application that fails when it changes an attribute on a file or directory. The fix intercepts any API calls that return file attributes and directories that are invoked from the %TEMP% directory, and resets the FILE_ATTRIBUTE_NOT_CONTENT_INDEXED attribute to its original state.|
+|HeapClearAllocation|The problem is indicated when the allocation process shuts down unexpectedly. The fix uses zeros to clear out the heap allocation for an application.|
+|IgnoreAltTab|The problem occurs when an application fails to function when special key combinations are used. The fix intercepts the RegisterRawInputDevices API and prevents the delivery of the WM_INPUT messages. This delivery failure forces the included hooks to be ignored and forces DInput to use Windows-specific hooks. The fix links the FindNextFileW, FindNextFileA, FindFirstFileExW, FindFirstFileExA, FindFirstFileW, and FindFirstFileA APIs to prevent them from returning directory junctions. The fix enables the application to ignore specified exceptions. By default, this fix ignores privileged-mode exceptions; however, it can be configured to ignore any exception. You can control this fix further by typing the following command at the command prompt: `Exception1;Exception2` **Important:** You should use this compatibility fix only if you are certain that it is acceptable to ignore the exception. You might experience more compatibility issues if you choose to incorrectly ignore an exception. Before floating point SSE2 support in the C runtime library, the rounding control request was being ignored which would use round to nearest option by default. This shim ignores the rounding control request to support applications relying on old behavior.|
+|IgnoreFontQuality|The problem occurs when application text appears to be distorted. The fix enables color-keyed fonts to properly work with anti-aliasing.|
+|IgnoreMessageBox|The problem is indicated by a message box that displays with debugging or extraneous content when the application runs on an unexpected operating system. The fix intercepts the MessageBox* APIs and inspects them for specific message text. If matching text is found, the application continues without showing the message box. The fix ignores the registered MSOXMLMF.DLL object, which Microsoft® Office 2007 loads into the operating system anytime that you load an XML file, and then it fails the CoGetClassObject for its CLSID. This compatibility fix will just ignore the registered MSOXMLMF and fail the CoGetClassObject for its CLSID.|
+|IgnoreSetROP2|The fix ignores read-modify-write operations on the desktop to avoid performance issues.|
+|InstallComponent|The fix prompts the user to install.Net 3.5 or .NET 2.0 because .NET is not included with Windows 8.|
+|LoadLibraryRedirect|The fix forces an application to load system versions of libraries instead of loading redistributable versions that shipped with the application.|
+|LocalMappedObject|The problem occurs when an application unsuccessfully tries to create an object in the Global namespace. The fix intercepts the function call to create the object and replaces the word Global with Local. The fix locates any RunDLL.exe-based uninstallers and forces them to run with different credentials during the application installation. After it applies this fix, the installer will create a shortcut that specifies a matching string to run during the application installation, thereby enabling the uninstallation to occur later. The fix forces the CopyFile APIs to run instead of the MoveFile APIs. CopyFile APIs avoid moving the security descriptor, which enables the application files to get the default descriptor of the destination folder and prevents the security access issue.|
+|OpenDirectoryAcl|The problem is indicated by an error message that states that you do not have the appropriate permissions to access the application. The fix reduces the security privilege levels on a specified set of files and folders. The fix handles the failure case by passing a fake process performance data registry key, so that the application perceives that it is the only instance running. The fix sets the _PROCESS_HISTORY environment variable so that child processes can look in the parent directory for matching information while searching for application fixes.|
+|ProtectedAdminCheck|The problem occurs when an application fails to run because of incorrect Protected Administrator permissions. The fix addresses the issues that occur when applications use non-standard Administrator checks, thereby generating false positives for user accounts that are being run as Protected Administrators. In this case, the associated SID exists, but it is set as deny-only.|
+|RedirectCRTTempFile|The fix intercepts failing CRT calls that try to create a temporary file at the root of the volume, thereby redirecting the calls to a temporary file in the user's temporary directory.|
+|RedirectHKCUKeys|The problem occurs when an application cannot be accessed because of User Account Control (UAC) restrictions. The fix duplicates any newly created HKCU keys to other users' HKCU accounts. This fix is generic for UAC restrictions, whereby the HKCU keys are required, but are unavailable to an application at runtime.|
+|RedirectMP3Codec|This problem occurs when you cannot play MP3 files. The fix intercepts the CoCreateInstance call for the missing filter and then redirects it to a supported version.|
+|RedirectShortcut|The problem occurs when an application cannot be accessed by its shortcut, or application shortcuts are not removed during the application uninstallation process. The fix redirects all of the shortcuts created during the application setup to appear according to a specified path. Start Menu shortcuts: Appear in the \ProgramData\Microsoft\Windows\Start Menu directory for all users. This issue occurs because of UAC restrictions: specifically, when an application setup runs by using elevated privileges and stores the shortcuts according to the elevated user's context. In this situation, a restricted user cannot access the shortcuts. You cannot apply this fix to an .exe file that includes a manifest and provides a run level.|
+|RelaunchElevated|The problem occurs when installers, uninstallers, or updaters fail when they are started from a host application. The fix enables a child .exe file to run with elevated privileges when it is difficult to determine the parent process with either the ElevateCreateProcess fix or by marking the .exe files to RunAsAdmin. The fix retries the call and requests a more restricted set of rights that include the following: The fix retries the OpenService() API call and verifies that the user has Administrator rights, is not a Protected Administrator, and by using read-only access. Applications can test for the existence of a service by calling the OpenService() API but some applications ask for all access when making this check. This fix retries the call but only asking for read-only access. The user needs to be an administrator for this to work The fix enables the application to run by using elevated privileges. The fix is the equivalent of specifying requireAdministrator in an application manifest. The fix enables the application to run by using the highest available permissions. This is the equivalent of specifying highestAvailable in an application manifest. The fix enables the application to run by using the privileges that are associated with the creation process, without requiring elevation. This is the equivalent of specifying asInvoker in an application manifest. At the command prompt, you can supply a list of objects to modify, separating the values by a double backslash (). Or, you can choose not to include any parameters, so that all of the objects are modified. **Important:** Users cannot log in as Session 0 (Global Session) in Windows Vista and later. Therefore, applications that require access to Session 0 automatically fail. You can control this fix further by typing the following command at the command prompt:`Client;Protocol;App` The fixdisables the Wow64 file system that is used by the 64-bit editions of Windows, to prevent 32-bit applications from accessing 64-bit file systems during the application setup.|
+|SharePointDesigner2007|The fix resolves an application bug that severely slows the application when it runs in DWM.|
+|ShimViaEAT|The problem occurs when an application fails, even after applying acompatibility fix that is known to fix an issue. Applications that use unicows.dll or copy protection often present this issue. The fixapplies the specified compatibility fixes by modifying the export table and by nullifying the use of module inclusion and exclusion. The fixintercepts the ShowWindow API call to address the issues that can occur when a web application determines that it is in a child window. This fix calls the real ShowWindow API on the top-level parent window.|
+|SierraWirelessHideCDROM|The fix repairs the Sierra Wireless Driver installation, thereby preventing bugcheck.|
+|Sonique2|The application uses an invalid window style, which breaks in DWM. This fix replaces the window style with a valid value.|
+|SpecificInstaller|The problem occurs when an application installation file fails to be picked up by the GenericInstaller function. The fixflags the application as being an installer file (for example, setup.exe), and then prompts for elevation. The fixflags the application to exclude it from detection by the GenericInstaller function. The fixenables customized Windows messages to pass through to the current process from a lower Desktop integrity level. This fix is the equivalent of calling the RegisterWindowMessage function, followed by the ChangeWindowMessageFilter function in the code. You can control this fix further by typing the following command at the command prompt: `MessageString1 MessageString2` The fixenables standard Windows messages to pass through to the current process from a lower Desktop integrity level. This fix is the equivalent of calling the ChangeWindowMessageFilter function in the code. You can control this fix further by typing the following command at the command prompt: `1055 1056 1069` Where 1055 reflects the first message ID, 1056 reflects the second message ID, and 1069 reflects the third message ID that can pass. The fixenables the registry functions to allow for virtualization, redirection, expansion values, version spoofing, the simulation of performance data counters, and so on. For more detailed information about this application fix, see [Using the VirtualRegistry Fix](/previous-versions/windows/it-pro/windows-7/cc749368(v=ws.10)).|
+|VirtualizeDeleteFile|The problem occurs when several error messages display and the application cannot delete files. The fixmakes the application's DeleteFile function call a virtual call in an effort to remedy the UAC and file virtualization issues that were introduced with Windows Vista. This fix also links other file APIs (for example, GetFileAttributes) to ensure that the virtualization of the file is deleted. The fixredirects the HKCR write calls (HKLM) to the HKCU hive for a per-user COM registration. This operates much like the VirtualRegistry fix when you use the VirtualizeHKCR parameter; however, VirtualizeHKCRLite provides better performance. HKCR is a virtual merge of the HKCU\Software\Classes and HKLM\Software\Classes directories. The use of HKCU is preferred if an application is not elevated and is ignored if the application is elevated. You typically will use this compatibility fix in conjunction with the VirtualizeRegisterTypeLib fix. The fixenables the application to ignore the format error and continue to function properly.|
+|WerDisableReportException|The fix turns off the silent reporting of exceptions to the Windows Error Reporting tool, including those that are reported by Object Linking and Embedding-Database (OLE DB). The fix intercepts the RtlReportException API and returns a STATUS_NOT_SUPPORTED error message.|
+|Win7RTM/Win8RTM|The layer provides the application with Windows 7/Windows 8 compatibility mode.|
+|WinxxRTMVersionLie|The problem occurs when an application fails because it does not find the correct version number for the required Windows operating system. All version lie compatibility fixes address the issue whereby an application fails to function because it is checking for, but not finding, a specific version of the operating system. The version lie fix returns the appropriate operating system version information. For example, the VistaRTMVersionLie returns the Windows Vista version information to the application, regardless of the actual operating system version that is running on the computer.|
+|Wing32SystoSys32|The problem is indicated by an error message that states that the WinG library was not properly installed. The fixdetects whether the WinG32 library exists in the correct directory. If the library is located in the wrong location, this fix copies the information (typically during the runtime of the application) into the %WINDIR% \system32 directory. **Important:** The application must have Administrator privileges for this fix to work.|
+|WinSrv08R2RTM||
+|WinXPSP2VersionLie|The problem occurs when an application experiences issues because of a VB runtime DLL. The fixforces the application to follow these steps: The fixskips the processes of registering and unregistering WRP-protected COM components when calling the DLLRegisterServer and DLLUnregisterServer functions. You can control this fix further by typing the following command at the command prompt: `Component1.dll;Component2.dll` The fixemulates the successful authentication and modification of file and registry APIs, so that the application can continue. The fixverifies whether the registry key is WRP-protected. If the key is protected, this fix emulates the deletion process.|
+|XPAfxIsValidAddress|The fix emulates the behavior of Windows XP for MFC42!AfxIsValidAddress.|
## Compatibility Modes
-
The following table lists the known compatibility modes.
- WinSrv03 Emulates the Windows Server 2003 operating system. Win2k3RTMVersionLie VirtualRegistry ElevateCreateProcess EmulateSorting FailObsoleteShellAPIs LoadLibraryCWD HandleBadPtr GlobalMemoryStatus2GB RedirectMP3Codec EnableLegacyExceptionHandlinginOLE NoGhost HardwareAudioMixer WinSrv03Sp1 Emulates the Windows Server 2003 with Service Pack 1 (SP1) operating system. Win2K3SP1VersionLie VirtualRegistry ElevateCreateProcess EmulateSorting FailObsoleteShellAPIs LoadLibraryCWD HandleBadPtr EnableLegacyExceptionHandlinginOLE RedirectMP3Codec HardwareAudioMixer Vendor name Product description HWID Windows Update availability Broadcom 802.11abgn Wireless SDIO adapter sd\vid_02d0&pid_4330&fn_1 Contact the system OEM or Broadcom for driver availability. Broadcom 802.11n Network Adapter pci\ven_14e4&dev_4331&subsys_00d6106b&rev_02 Contact the system OEM or Broadcom for driver availability. Broadcom 802.11n Network Adapter pci\ven_14e4&dev_4331&subsys_00f5106b&rev_02 Contact the system OEM or Broadcom for driver availability. Broadcom 802.11n Network Adapter pci\ven_14e4&dev_4331&subsys_00ef106b&rev_02 Contact the system OEM or Broadcom for driver availability. Broadcom 802.11n Network Adapter pci\ven_14e4&dev_4331&subsys_00f4106b&rev_02 Contact the system OEM or Broadcom for driver availability. Broadcom 802.11n Network Adapter pci\ven_14e4&dev_4331&subsys_010e106b&rev_02 Contact the system OEM or Broadcom for driver availability. Broadcom 802.11n Network Adapter pci\ven_14e4&dev_4331&subsys_00e4106b&rev_02 Contact the system OEM or Broadcom for driver availability. Broadcom 802.11n Network Adapter pci\ven_14e4&dev_4331&subsys_433114e4&rev_02 Contact the system OEM or Broadcom for driver availability. Broadcom 802.11n Network Adapter pci\ven_14e4&dev_4331&subsys_010f106b&rev_02 Contact the system OEM or Broadcom for driver availability. Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet pci\ven_11ab&dev_4320&subsys_811a1043 Marvell Libertas 802.11b/g Wireless pci\ven_11ab&dev_1faa&subsys_6b001385&rev_03 Qualcomm Atheros AR6004 Wireless LAN Adapter sd\vid_0271&pid_0401 64-bit driver not available Qualcomm Atheros AR5BWB222 Wireless Network Adapter pci\ven_168c&dev_0034&subsys_20031a56 64-bit driver not available Qualcomm Atheros AR5BWB222 Wireless Network Adapter pci\ven_168c&dev_0034&subsys_020a1028&rev_01 Contact the system OEM or Qualcom for driver availability. Qualcomm Atheros AR5005G Wireless Network Adapter pci\ven_168c&dev_001a&subsys_04181468&rev_01 Ralink Wireless-G PCI Adapter pci\ven_1814&dev_0301&subsys_00551737&rev_00 Ralink Turbo Wireless LAN Card pci\ven_1814&dev_0301&subsys_25611814&rev_00 Ralink Wireless LAN Card V1 pci\ven_1814&dev_0302&subsys_3a711186&rev_00 Ralink D-Link AirPlus G DWL-G510 Wireless PCI Adapter(rev.C) pci\ven_1814&dev_0302&subsys_3c091186&rev_00 [64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619091)|
+|Ralink|Wireless-G PCI Adapter|pci\ven_1814&dev_0301&subsys_00551737&rev_00|[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619092) [64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619093)|
+|Ralink|Turbo Wireless LAN Card|pci\ven_1814&dev_0301&subsys_25611814&rev_00|[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619094) [64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619095)|
+|Ralink|Wireless LAN Card V1|pci\ven_1814&dev_0302&subsys_3a711186&rev_00|[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619097) [64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619098)|
+|Ralink|D-Link AirPlus G DWL-G510 Wireless PCI Adapter(rev.C)|pci\ven_1814&dev_0302&subsys_3c091186&rev_00|[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619099) [64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619100)|
IT administrators that want to target Windows To Go images for specific systems should test their images to ensure that the necessary system drivers are in the image, especially for critical functionality like Wi-Fi that is not supported by class drivers. Some consumer devices require OEM-specific driver packages, which may not be available on Windows Update. For more information on how to add a driver to a Windows Image, please refer to the [Basic Windows Deployment Step-by-Step Guide](/previous-versions/windows/it-pro/windows-8.1-and-8/hh825212(v=win.10)).
@@ -283,14 +165,13 @@ Windows To Go Startup Options is a setting available on Windows 10-based PCs tha
1. On the Start screen, type, type **Windows To Go Startup Options**, click **Settings** and, then press Enter.
- 
+ 
2. Select **Yes** to enable the startup options.
> [!TIP]
> If your computer is part of a domain, the Group Policy setting can be used to enable the startup options instead of the dialog.
-
3. Click **Save Changes**. If the User Account Control dialog box is displayed, confirm that the action it displays is what you want, and then click **Yes**.
### Change firmware settings
diff --git a/windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md b/windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md
index ea3a21ed29..c8cdbe2b03 100644
--- a/windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md
+++ b/windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md
@@ -37,33 +37,11 @@ On the user interface for the Standard User Analyzer (SUA) tool, you can apply f
3. On the **Mitigation** menu, click the command that corresponds to the action that you want to take. The following table describes the commands.
- Apply Mitigations Opens the Mitigate AppCompat Issues dialog box, in which you can select the fixes that you intend to apply to the application. Undo Mitigations Removes the application fixes that you just applied. This option is available only after you apply an application fix and before you close the SUA tool. Alternatively, you can manually remove application fixes by using Programs and Features in Control Panel. Export Mitigations as Windows Installer file Exports your application fixes as a Windows® Installer (.msi) file, which can then be deployed to other computers that are running the application. This option is available only after you apply an application fix and before you close the SUA tool. Alternatively, you can manually remove application fixes by using **Programs and Features** in Control Panel.|
+ |**Export Mitigations as Windows Installer file**|Exports your application fixes as a Windows® Installer (.msi) file, which can then be deployed to other computers that are running the application.|
diff --git a/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md b/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md
index 3aac6db8f1..54b272cb6c 100644
--- a/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md
+++ b/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md
@@ -31,37 +31,14 @@ This section provides information about managing your application-compatibility
## In this section
-
- As the Windows operating system evolves to support new technology and functionality, the implementations of some functions may change. This can cause problems for applications that relied upon the original implementation. You can avoid compatibility issues by using the Microsoft Windows Application Compatibility (Compatibility Fix) infrastructure to create a specific application fix for a particular version of an application. Compatibility Fix Database Management Strategies and Deployment After you determine that you will use compatibility fixes in your application-compatibility mitigation strategy, you must define a strategy to manage your custom compatibility-fix database. Typically, you can use one of two approaches: This topic provides details about testing your application-mitigation packages, including recommendations about how to report your information and how to resolve any outstanding issues. Error Messages When this command is selected, the user interface shows error messages that the SUA tool has generated. Error messages are highlighted in pink. This command is selected by default. Warning Messages When this command is selected, the user interface shows warning messages that the SUA tool has generated. Warning messages are highlighted in yellow. Information Messages When this command is selected, the user interface shows informational messages that the SUA tool has generated. Informational messages are highlighted in green. Detailed Information When this command is selected, the user interface shows information that the SUA tool has generated, such as debug, stack trace, stop code, and severity information. This command is selected by default.|
+|**Warning Messages**|When this command is selected, the user interface shows warning messages that the SUA tool has generated. Warning messages are highlighted in yellow.|
+|**Information Messages**|When this command is selected, the user interface shows informational messages that the SUA tool has generated. Informational messages are highlighted in green.|
+|**Detailed Information**|When this command is selected, the user interface shows information that the SUA tool has generated, such as debug, stack trace, stop code, and severity information.|
diff --git a/windows/deployment/planning/sua-users-guide.md b/windows/deployment/planning/sua-users-guide.md
index 2d34aa8326..d3fad3aced 100644
--- a/windows/deployment/planning/sua-users-guide.md
+++ b/windows/deployment/planning/sua-users-guide.md
@@ -38,33 +38,9 @@ You can use SUA in either of the following ways:
## In this section
-
- The Standard User Analyzer (SUA) Wizard works much like the SUA tool to evaluate User Account Control (UAC) issues. However, the SUA Wizard does not offer detailed analysis, and it cannot disable virtualization or elevate your permissions. By using the Standard User Analyzer (SUA) tool, you can test your applications and monitor API calls to detect compatibility issues with the User Account Control (UAC) feature. App Info Provides the following information for the selected application: Debugging information Error, warning, and informational messages (if they are enabled) Options for running the application File Provides information about access to the file system. For example, this tab might show an attempt to write to a file that only administrators can typically access. Registry Provides information about access to the system registry. For example, this tab might show an attempt to write to a registry key that only administrators can typically access. INI Provides information about WriteProfile API issues. For example, in the Calculator tool (Calc.exe) in Windows® XP, when you change the view from Standard to Scientific, Calc.exe calls the WriteProfile API to write to the Windows\Win.ini file. The Win.ini file is writable only for administrators. Token Provides information about access-token checking. For example, this tab might show an explicit check for the Builtin\Administrators security identifier (SID) in the user's access token. This operation may not work for a standard user. Privilege Provides information about permissions. For example, this tab might show an attempt to explicitly enable permissions that do not work for a standard user. Name Space Provides information about creation of system objects. For example, this tab might show an attempt to create a new system object, such as an event or a memory map, in a restricted namespace. Applications that attempt this kind of operation do not function for a standard user. Other Objects Provides information related to applications accessing objects other than files and registry keys. Process Provides information about process elevation. For example, this tab might show the use of the CreateProcess API to open an executable (.exe) file that, in turn, requires process elevation that will not function for a standard user. For example, this tab might show an attempt to write to a file that only administrators can typically access.|
+|Registry|Provides information about access to the system registry. For example, this tab might show an attempt to write to a registry key that only administrators can typically access.|
+|INI|Provides information about WriteProfile API issues. For example, in the Calculator tool (Calc.exe) in Windows® XP, when you change the view from **Standard** to **Scientific**, Calc.exe calls the WriteProfile API to write to the Windows\Win.ini file. The Win.ini file is writable only for administrators.|
+|Token|Provides information about access-token checking. For example, this tab might show an explicit check for the Builtin\Administrators security identifier (SID) in the user's access token. This operation may not work for a standard user.|
+|Privilege|Provides information about permissions. For example, this tab might show an attempt to explicitly enable permissions that do not work for a standard user.|
+|Name Space|Provides information about creation of system objects. For example, this tab might show an attempt to create a new system object, such as an event or a memory map, in a restricted namespace. Applications that attempt this kind of operation do not function for a standard user.|
+|Other Objects|Provides information related to applications accessing objects other than files and registry keys.|
+|Process|Provides information about process elevation. For example, this tab might show the use of the CreateProcess API to open an executable (.exe) file that, in turn, requires process elevation that will not function for a standard user.|
diff --git a/windows/deployment/planning/using-the-compatibility-administrator-tool.md b/windows/deployment/planning/using-the-compatibility-administrator-tool.md
index cb84beaa58..8847407f48 100644
--- a/windows/deployment/planning/using-the-compatibility-administrator-tool.md
+++ b/windows/deployment/planning/using-the-compatibility-administrator-tool.md
@@ -32,63 +32,17 @@ This section provides information about using the Compatibility Administrator to
## In this section
- Available Data Types and Operators in Compatibility Administrator The Compatibility Administrator tool provides a way to query your custom-compatibility databases. Searching for Fixed Applications in Compatibility Administrator With the search functionality in Compatibility Administrator, you can locate specific executable (.exe) files with previously applied compatibility fixes, compatibility modes, or AppHelp messages. This is particularly useful if you are trying to identify applications with a specific compatibility fix or identifying which fixes are applied to a specific application. Searching for Installed Compatibility Fixes with the Query Tool in Compatibility Administrator You can access the Query tool from within Compatibility Administrator. The Query tool provides the same functionality as using the Search feature. Creating a Custom Compatibility Fix in Compatibility Administrator The Compatibility Administrator tool uses the term fix to describe the combination of compatibility information added to a customized database for a specific application. This combination can include single application fixes, groups of fixes that work together as a compatibility mode, and blocking and non-blocking AppHelp messages. Creating a Custom Compatibility Mode in Compatibility Administrator Windows® provides several compatibility modes, groups of compatibility fixes found to resolve many common application-compatibility issues. While working with Compatibility Administrator, you might decide to group some of your individual compatibility fixes into a custom-compatibility mode, which you can then deploy and use on any of your compatibility databases. The Compatibility Administrator tool enables you to create an AppHelp text message. This is a blocking or non-blocking message that appears when a user starts an application that you know has major functionality issues on the Windows® operating system. The Events screen enables you to record and to view your activities in the Compatibility Administrator tool, provided that the screen is open while you perform the activities. Enabling and Disabling Compatibility Fixes in Compatibility Administrator You can disable and enable individual compatibility fixes in your customized databases for testing and troubleshooting purposes. Installing and Uninstalling Custom Compatibility Databases in Compatibility Administrator The Compatibility Administrator tool enables the creation and the use of custom-compatibility and standard-compatibility databases. Both the custom databases and the standard databases store the known compatibility fixes, compatibility modes, and AppHelp messages. They also store the required application-matching information for installation on your local computers. -? Displays the Help for the Sdbinst.exe tool. For example, -p Allows SDBs installation with Patches For example, -q Performs a silent installation with no visible window, status, or warning information. Fatal errors appear only in Event Viewer (Eventvwr.exe). For example, -u filepath Performs an uninstallation of the specified database. For example, -g GUID Specifies the customized database to uninstall by a globally unique identifier (GUID). For example, -n "name" Specifies the customized database to uninstall by file name. For example, For example, For example, For example, For example, For example, For example, Boot process Capable of USB boot Firmware USB boot enabled. (PCs certified for use with Windows 7 or later can be configured to boot directly from USB, check with the hardware manufacturer if you are unsure of the ability of your PC to boot from USB) Processor architecture Must support the image on the Windows To Go drive External USB Hubs Not supported; connect the Windows To Go drive directly to the host machine Processor 1 Ghz or faster RAM 2 GB or greater Graphics DirectX 9 graphics device with WDDM 1.2 or greater driver USB port USB 2.0 port or greater Legacy BIOS 32-bit 32-bit only Legacy BIOS 64-bit 32-bit and 64-bit UEFI BIOS 32-bit 32-bit only UEFI BIOS 64-bit 64-bit only Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process.|
+|0xC7700112|Failure to complete writing data to the system drive, possibly due to write access failure on the hard disk.|This issue is resolved in the latest version of Upgrade Assistant. Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process.|
+|0x80190001|An unexpected error was encountered while attempting to download files required for upgrade.|To resolve this issue, download and run the media creation tool. See [Download windows 10](https://www.microsoft.com/software-download/windows10).|
+|0x80246007|The update was not downloaded successfully.|Attempt other methods of upgrading the operating system. Download and run the media creation tool. See [Download windows 10](https://www.microsoft.com/software-download/windows10). Attempt to upgrade using .ISO or USB. **Note:** Windows 10 Enterprise isn’t available in the media creation tool. For more information, go to the [Volume Licensing Service Center](https://www.microsoft.com/licensing/servicecenter/default.aspx).|
+|0x80244018|Your machine is connected through a proxy server.|Make sure Automatically Detect Settings is selected in internet options. (Control Panel > Internet Options > Connections > LAN Settings).|
+|0xC1900201|The system did not pass the minimum requirements to install the update.|Contact the hardware vendor to get the latest updates.|
+|0x80240017|The upgrade is unavailable for this edition of Windows.|Administrative policies enforced by your organization might be preventing the upgrade. Contact your IT administrator.|
+|0x80070020|The existing process cannot access the file because it is being used by another process.|Use the MSCONFIG tool to perform a clean boot on the machine and then try to perform the update again. For more information, see [How to perform a clean boot in Windows](https://support.microsoft.com/kb/929135).|
+|0x80070522|The user doesn’t have required privilege or credentials to upgrade.|Ensure that you have signed in as a local administrator or have local administrator privileges.|
+|0xC1900107|A cleanup operation from a previous installation attempt is still pending and a system reboot is required in order to continue the upgrade.|Restart the device and run setup again. If restarting the device does not resolve the issue, then use the Disk Cleanup utility and clean up the temporary files as well as the System files. For more information, see [Disk cleanup in Windows 10](https://support.microsoft.com/instantanswers/8fef4121-711b-4be1-996f-99e02c7301c2/disk-cleanup-in-windows-10).|
+|0xC1900209|The user has chosen to cancel because the system does not pass the compatibility scan to install the update. Setup.exe will report this error when it can upgrade the machine with user data but cannot migrate installed applications.|Incompatible software is blocking the upgrade process. Uninstall the application and try the upgrade again. See [Windows 10 Pre-Upgrade Validation using SETUP.EXE](/archive/blogs/mniehaus/windows-10-pre-upgrade-validation-using-setup-exe) for more information. You can also download the Windows Assessment and Deployment Kit (ADK) for Windows 10 and install Application Compatibility Tools.|
+|0x8007002|This error is specific to upgrades using System Center 2012 Configuration Manager R2 SP1 CU3 (5.00.8238.1403)|Analyze the SMSTS.log and verify that the upgrade is failing on "Apply Operating system" Phase: Error 80072efe DownloadFileWithRanges() failed. 80072efe. ApplyOperatingSystem (0x0760) The error 80072efe means that the connection with the server was terminated abnormally. To resolve this issue, try the OS Deployment test on a client in same VLAN as the Configuration Manager server. Check the network configuration for random client-server connection issues happening on the remote VLAN.|
+|0x80240FFF|Occurs when update synchronization fails. It can occur when you are using Windows Server Update Services on its own or when it is integrated with Microsoft Endpoint Configuration Manager. If you enable update synchronization before you install hotfix 3095113, WSUS doesn't recognize the Upgrades classification and instead treats the upgrade like a regular update.|You can prevent this by installing hotfix 3095113 before you enable update synchronization. However, if you have already run into this problem, do the following: For detailed information on how to run these steps check out How to delete upgrades in WSUS.|
+|0x8007007E|Occurs when update synchronization fails because you do not have hotfix 3095113 installed before you enable update synchronization. Specifically, the CopyToCache operation fails on clients that have already downloaded the upgrade because Windows Server Update Services has bad metadata related to the upgrade. It can occur when you are using standalone Windows Server Update Services or when WSUS is integrated with Microsoft Endpoint Configuration Manager.|Use the following steps to repair Windows Server Update Services. You must run these steps on each WSUS server that synched metadata before you installed the hotfix. Stop the Windows Update service. Delete all files and folders under c:\Windows\SoftwareDistribution\DataStore. Restart the Windows Update service.|
## Other error codes
- Alternatively, re-create installation media the [Media Creation Tool](https://www.microsoft.com/software-download/windows10).|
+|0x80070490 - 0x20007|An incompatible device driver is present.|[Verify device drivers](/windows-hardware/drivers/install/troubleshooting-device-and-driver-installations) on the computer, and [analyze log files](log-files.md#analyze-log-files) to determine the problem driver.|
+|0xC1900101 - 0x2000c|An unspecified error occurred in the SafeOS phase during WIM apply. This can be caused by an outdated driver or disk corruption.|Run checkdisk to repair the file system. For more information, see the [quick fixes](quick-fixes.md) section in this guide. Review logs for [compatibility information](/archive/blogs/askcore/using-the-windows-10-compatibility-reports-to-understand-upgrade-issues).|
+|0xC1900200 - 0x20008|The computer doesn’t meet the minimum requirements to download or upgrade to Windows 10. See [Windows 10 Specifications](https://www.microsoft.com/windows/windows-10-specifications) and verify the computer meets minimum requirements. Review logs for [Windows 10 Specifications](https://www.microsoft.com/windows/windows-10-specifications).||
+|0x80070004 - 0x3000D|This is a problem with data migration during the first boot phase. There are multiple possible causes.|[Analyze log files](log-files.md#analyze-log-files) to determine the issue.|
+|0xC1900101 - 0x4001E|Installation failed in the SECOND_BOOT phase with an error during PRE_OOBE operation.|This is a generic error that occurs during the OOBE phase of setup. See the [0xC1900101](#0xc1900101) section of this guide and review general troubleshooting procedures described in that section.|
+|0x80070005 - 0x4000D|The installation failed in the SECOND_BOOT phase with an error in during MIGRATE_DATA operation. This error indicates that access was denied while attempting to migrate data.|[Analyze log files](log-files.md#analyze-log-files) to determine the data point that is reporting access denied.|
+|0x80070004 - 0x50012|Windows Setup failed to open a file.|[Analyze log files](log-files.md#analyze-log-files) to determine the data point that is reporting access problems.|
+|0xC190020e Credential Guard This feature uses virtualization-based security to help protect security secrets (for example, NTLM password hashes, Kerberos Ticket Granting Tickets) so that only privileged system software can access them. This helps prevent Pass-the-Hash or Pass-the-Ticket attacks. Credential Guard has the following features: Hardware-level security. Credential Guard uses hardware platform security features (such as Secure Boot and virtualization) to help protect derived domain credentials and other secrets. Virtualization-based security. Windows services that access derived domain credentials and other secrets run in a virtualized, protected environment that is isolated. Improved protection against persistent threats. Credential Guard works with other technologies (e.g., Device Guard) to help provide further protection against attacks, no matter how persistent. Improved manageability. Credential Guard can be managed through Group Policy, Windows Management Instrumentation (WMI), or Windows PowerShell. For more information, see Protect derived domain credentials with Credential Guard. Credential Guard requires UEFI 2.3.1 or greater with Trusted Boot; Virtualization Extensions such as Intel VT-x, AMD-V, and SLAT must be enabled; x64 version of Windows; IOMMU, such as Intel VT-d, AMD-Vi; BIOS Lockdown; TPM 2.0 recommended for device health attestation (will use software if TPM 2.0 not present) Device Guard This feature is a combination of hardware and software security features that allows only trusted applications to run on a device. Even if an attacker manages to get control of the Windows kernel, he or she will be much less likely to run executable code. Device Guard can use virtualization-based security (VBS) in Windows 10 Enterprise edition to isolate the Code Integrity service from the Windows kernel itself. With VBS, even if malware gains access to the kernel, the effects can be severely limited, because the hypervisor can prevent the malware from executing code. Device Guard does the following: Helps protect against malware Helps protect the Windows system core from vulnerability and zero-day exploits Allows only trusted apps to run For more information, see Introduction to Device Guard. AppLocker management This feature helps IT pros determine which applications and files users can run on a device. The applications and files that can be managed include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers. For more information, see AppLocker. Application Virtualization (App-V) This feature makes applications available to end users without installing the applications directly on users’ devices. App-V transforms applications into centrally managed services that are never installed and don't conflict with other applications. This feature also helps ensure that applications are kept current with the latest security updates. For more information, see Getting Started with App-V for Windows 10. User Experience Virtualization (UE-V) With this feature, you can capture user-customized Windows and application settings and store them on a centrally managed network file share. When users log on, their personalized settings are applied to their work session, regardless of which device or virtual desktop infrastructure (VDI) sessions they log on to. UE-V provides the ability to do the following: Specify which application and Windows settings synchronize across user devices Deliver the settings anytime and anywhere users work throughout the enterprise Create custom templates for your third-party or line-of-business applications Recover settings after hardware replacement or upgrade, or after re-imaging a virtual machine to its initial state For more information, see User Experience Virtualization (UE-V) for Windows 10 overview. Managed User Experience This feature helps customize and lock down a Windows device’s user interface to restrict it to a specific task. For example, you can configure a device for a controlled scenario such as a kiosk or classroom device. The user experience would be automatically reset once a user signs off. You can also restrict access to services including Cortana or the Windows Store, and manage Start layout options, such as: Removing and preventing access to the Shut Down, Restart, Sleep, and Hibernate commands Removing Log Off (the User tile) from the Start menu Removing frequent programs from the Start menu Removing the All Programs list from the Start menu Preventing users from customizing their Start screen Forcing Start menu to be either full-screen size or menu size Preventing changes to Taskbar and Start menu settings Credential Guard has the following features: For more information, see [Protect derived domain credentials with Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard). *Credential Guard requires UEFI 2.3.1 or greater with Trusted Boot; Virtualization Extensions such as Intel VT-x, AMD-V, and SLAT must be enabled; x64 version of Windows; IOMMU, such as Intel VT-d, AMD-Vi; BIOS Lockdown; TPM 2.0 recommended for device health attestation (will use software if TPM 2.0 not present)*|
+|Device Guard|This feature is a combination of hardware and software security features that allows only trusted applications to run on a device. Even if an attacker manages to get control of the Windows kernel, he or she will be much less likely to run executable code. Device Guard can use virtualization-based security (VBS) in Windows 10 Enterprise edition to isolate the Code Integrity service from the Windows kernel itself. With VBS, even if malware gains access to the kernel, the effects can be severely limited, because the hypervisor can prevent the malware from executing code. Device Guard does the following: For more information, see [Introduction to Device Guard](/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control).|
+|AppLocker management|This feature helps IT pros determine which applications and files users can run on a device. The applications and files that can be managed include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers. For more information, see [AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview).|
+|Application Virtualization (App-V)|This feature makes applications available to end users without installing the applications directly on users’ devices. App-V transforms applications into centrally managed services that are never installed and don't conflict with other applications. This feature also helps ensure that applications are kept current with the latest security updates. For more information, see [Getting Started with App-V for Windows 10](/windows/application-management/app-v/appv-getting-started).|
+|User Experience Virtualization (UE-V)|With this feature, you can capture user-customized Windows and application settings and store them on a centrally managed network file share. When users log on, their personalized settings are applied to their work session, regardless of which device or virtual desktop infrastructure (VDI) sessions they log on to. UE-V provides the ability to do the following: For more information, see [User Experience Virtualization (UE-V) for Windows 10 overview](/windows/configuration/ue-v/uev-for-windows).|
+|Managed User Experience|This feature helps customize and lock down a Windows device’s user interface to restrict it to a specific task. For example, you can configure a device for a controlled scenario such as a kiosk or classroom device. The user experience would be automatically reset once a user signs off. You can also restrict access to services including Cortana or the Windows Store, and manage Start layout options, such as: Well-Known SID/RID S-1-5-<domain>-500 Type User Default container CN=Users, DC=<domain>, DC= Default members N/A Default member of Administrators, Domain Admins, Enterprise Administrators, Domain Users. Note that the Primary Group ID of all user accounts is Domain Users. Group Policy Creator Owners, and Schema Admins in Active Directory Domain Users group Protected by ADMINSDHOLDER? Yes Safe to move out of default container? Yes Safe to delegate management of this group to non-service administrators? No Well-Known SID/RID S-1-5-<domain>-501 Type User Default container CN=Users, DC=<domain>, DC= Default members None Default member of Guests, Domain Guests Protected by ADMINSDHOLDER? No Safe to move out of default container? Can be moved out, but we do not recommend it. Safe to delegate management of this group to non-Service admins? No Well-Known SID/RID S-1-5-<domain>-13 (Terminal Server User), S-1-5-<domain>-14 (Remote Interactive Logon) Type User Default container CN=Users, DC=<domain>, DC= Default members None Default member of Domain Guests Guests Protected by ADMINSDHOLDER? No Safe to move out of default container? Can be moved out, but we do not recommend it. Safe to delegate management of this group to non-Service admins? No Guests|
+|Protected by ADMINSDHOLDER?|No|
+|Safe to move out of default container?|Can be moved out, but we do not recommend it.|
+|Safe to delegate management of this group to non-Service admins?|No|
@@ -355,8 +238,8 @@ For all account types (users, computers, and services)
Because it is impossible to predict the specific errors that will occur for any given user in a production operating environment, you must assume all computers and users will be affected.
-**Important**
-Rebooting a computer is the only reliable way to recover functionality as this will cause both the computer account and user accounts to log back in again. Logging in again will request new TGTs that are valid with the new KRBTGT, correcting any KRBTGT related operational issues on that computer.
+> [!IMPORTANT]
+> Rebooting a computer is the only reliable way to recover functionality as this will cause both the computer account and user accounts to log back in again. Logging in again will request new TGTs that are valid with the new KRBTGT, correcting any KRBTGT related operational issues on that computer.
For information about how to help mitigate the risks associated with a potentially compromised KRBTGT account, see [KRBTGT Account Password Reset Scripts now available for customers](https://blogs.microsoft.com/cybertrust/2015/02/11/krbtgt-account-password-reset-scripts-now-available-for-customers/).
@@ -370,54 +253,16 @@ After the credentials are cached on the RODC, the RODC can accept that user's si
For details about the KRBTGT account attributes, see the following table.
- Well-Known SID/RID S-1-5-<domain>-502 Type User Default container CN=Users, DC=<domain>, DC= Default members None Default member of Domain Users group. Note that the Primary Group ID of all user accounts is Domain Users. Protected by ADMINSDHOLDER? Yes Safe to move out of default container? Can be moved out, but we do not recommend it. Safe to delegate management of this group to non-Service admins? No User must change password at next logon Forces a password change the next time that the user logs signs in to the network. Use this option when you want to ensure that the user is the only person to know his or her password. User cannot change password Prevents the user from changing the password. Use this option when you want to maintain control over a user account, such as for a Guest or temporary account. Password never expires Prevents a user password from expiring. It is a best practice to enable this option with service accounts and to use strong passwords. Store passwords using reversible encryption Provides support for applications that use protocols requiring knowledge of the plaintext form of the user’s password for authentication purposes. This option is required when using Challenge Handshake Authentication Protocol (CHAP) in Internet Authentication Services (IAS), and when using digest authentication in Internet Information Services (IIS). Account is disabled Prevents the user from signing in with the selected account. As an administrator, you can use disabled accounts as templates for common user accounts. Smart card is required for interactive logon Requires that a user has a smart card to sign on to the network interactively. The user must also have a smart card reader attached to their computer and a valid personal identification number (PIN) for the smart card. When this attribute is applied on the account, the effect is as follows: The attribute only restricts initial authentication for interactive logon and Remote Desktop logon. When interactive or Remote Desktop logon requires a subsequent network logon, such as with a domain credential, an NT Hash provided by the domain controller is used to complete the smartcard authentication process Each time the attribute is enabled on an account, the account’s current password hash value is replaced with a 128-bit random number. This invalidates the use of any previously configured passwords for the account. The value does not change after that unless a new password is set or the attribute is disabled and re-enabled. Accounts with this attribute cannot be used to start services or run scheduled tasks. Account is trusted for delegation Lets a service running under this account perform operations on behalf of other user accounts on the network. A service running under a user account (also known as a service account) that is trusted for delegation can impersonate a client to gain access to resources, either on the computer where the service is running or on other computers. For example, in a forest that is set to the Windows Server 2003 functional level, this setting is found on the Delegation tab. It is available only for accounts that have been assigned service principal names (SPNs), which are set by using the setspn command from Windows Support Tools. This setting is security-sensitive and should be assigned cautiously. Account is sensitive and cannot be delegated Gives control over a user account, such as for a Guest account or a temporary account. This option can be used if this account cannot be assigned for delegation by another account. Use DES encryption types for this account Provides support for the Data Encryption Standard (DES). DES supports multiple levels of encryption, including Microsoft Point-to-Point Encryption (MPPE) Standard (40-bit and 56-bit), MPPE standard (56-bit), MPPE Strong (128-bit), Internet Protocol security (IPSec) DES (40-bit), IPSec 56-bit DES, and IPSec Triple DES (3DES). DES is not enabled by default in Windows Server operating systems starting with Windows Server 2008 R2, nor in Windows client operating systems starting with Windows 7. For these operating systems, computers will not use DES-CBC-MD5 or DES-CBC-CRC cipher suites by default. If your environment requires DES, then this setting might affect compatibility with client computers or services and applications in your environment. For more information, see Hunting down DES in order to securely deploy Kerberos. Do not require Kerberos preauthentication Provides support for alternate implementations of the Kerberos protocol. Because preauthentication provides additional security, use caution when enabling this option. Note that domain controllers running Windows 2000 or Windows Server 2003 can use other mechanisms to synchronize time. Windows Update Setting Configuration Allow Automatic Updates immediate installation Enabled Configure Automatic Updates Enabled Enable Windows Update Power Management to automatically wake up the system to install scheduled updates Enabled Specify intranet Microsoft Update service location Enabled http://<WSUSServername> http://<WSUSServername> Where <WSUSServername> is the DNS name or IP address of the Windows Server Update Services (WSUS) in the environment. Automatic Updates detection frequency 6 hours Re-prompt for restart with scheduled installations 1 minute Delay restart for scheduled installations 5 minutes Universal Accounts from any domain in the same forest Global groups from any domain in the same forest Other Universal groups from any domain in the same forest Can be converted to Domain Local scope if the group is not a member of any other Universal groups Can be converted to Global scope if the group does not contain any other Universal groups On any domain in the same forest or trusting forests Other Universal groups in the same forest Domain Local groups in the same forest or trusting forests Local groups on computers in the same forest or trusting forests Global Accounts from the same domain Other Global groups from the same domain Can be converted to Universal scope if the group is not a member of any other global group On any domain in the same forest, or trusting domains or forests Universal groups from any domain in the same forest Other Global groups from the same domain Domain Local groups from any domain in the same forest, or from any trusting domain Domain Local Accounts from any domain or any trusted domain Global groups from any domain or any trusted domain Universal groups from any domain in the same forest Other Domain Local groups from the same domain Accounts, Global groups, and Universal groups from other forests and from external domains Can be converted to Universal scope if the group does not contain any other Domain Local groups Within the same domain Other Domain Local groups from the same domain Local groups on computers in the same domain, excluding built-in groups that have well-known SIDs Global groups from any domain in the same forest Other Universal groups from any domain in the same forest|Can be converted to Domain Local scope if the group is not a member of any other Universal groups Can be converted to Global scope if the group does not contain any other Universal groups|On any domain in the same forest or trusting forests|Other Universal groups in the same forest Domain Local groups in the same forest or trusting forests Local groups on computers in the same forest or trusting forests|
+|Global|Accounts from the same domain Other Global groups from the same domain|Can be converted to Universal scope if the group is not a member of any other global group|On any domain in the same forest, or trusting domains or forests|Universal groups from any domain in the same forest Other Global groups from the same domain Domain Local groups from any domain in the same forest, or from any trusting domain|
+|Domain Local|Accounts from any domain or any trusted domain Global groups from any domain or any trusted domain Universal groups from any domain in the same forest Other Domain Local groups from the same domain Accounts, Global groups, and Universal groups from other forests and from external domains|Can be converted to Universal scope if the group does not contain any other Domain Local groups|Within the same domain|Other Domain Local groups from the same domain Local groups on computers in the same domain, excluding built-in groups that have well-known SIDs|
-
### Special identity groups
Special identities are generally referred to as groups. Special identity groups do not have specific memberships that can be modified, but they can represent different users at different times, depending on the circumstances. Some of these groups include Creator Owner, Batch, and Authenticated User.
@@ -172,385 +121,59 @@ The security descriptor is present on the **AdminSDHolder** object. This means t
The following tables provide descriptions of the default groups that are located in the **Builtin** and **Users** containers in each operating system.
- Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Well-Known SID/RID S-1-5-32-579 Type Builtin Local Default container CN=BuiltIn, DC=<domain>, DC= Default members None Default member of None Protected by ADMINSDHOLDER? No Safe to move out of default container? Cannot be moved Safe to delegate management of this group to non-Service admins? Default User Rights None Well-Known SID/RID S-1-5-32-548 Type Builtin Local Default container CN=BuiltIn, DC=<domain>, DC= Default members None Default member of None Protected by ADMINSDHOLDER? Yes Safe to move out of default container? Cannot be moved Safe to delegate management of this group to non-Service admins? No Default User Rights Allow log on locally: SeInteractiveLogonRight Well-Known SID/RID S-1-5-32-544 Type Builtin Local Default container CN=BuiltIn, DC=<domain>, DC= Default members Administrator, Domain Admins, Enterprise Admins Default member of None Protected by ADMINSDHOLDER? Yes Safe to move out of default container? Cannot be moved Safe to delegate management of this group to non-Service admins? No Default User Rights Adjust memory quotas for a process: SeIncreaseQuotaPrivilege Access this computer from the network: SeNetworkLogonRight Allow log on locally: SeInteractiveLogonRight Allow log on through Remote Desktop Services: SeRemoteInteractiveLogonRight Back up files and directories: SeBackupPrivilege Bypass traverse checking: SeChangeNotifyPrivilege Change the system time: SeSystemTimePrivilege Change the time zone: SeTimeZonePrivilege Create a pagefile: SeCreatePagefilePrivilege Create global objects: SeCreateGlobalPrivilege Create symbolic links: SeCreateSymbolicLinkPrivilege Debug programs: SeDebugPrivilege Enable computer and user accounts to be trusted for delegation: SeEnableDelegationPrivilege Force shutdown from a remote system: SeRemoteShutdownPrivilege Impersonate a client after authentication: SeImpersonatePrivilege Increase scheduling priority: SeIncreaseBasePriorityPrivilege Load and unload device drivers: SeLoadDriverPrivilege Log on as a batch job: SeBatchLogonRight Manage auditing and security log: SeSecurityPrivilege Modify firmware environment values: SeSystemEnvironmentPrivilege Perform volume maintenance tasks: SeManageVolumePrivilege Profile system performance: SeSystemProfilePrivilege Profile single process: SeProfileSingleProcessPrivilege Remove computer from docking station: SeUndockPrivilege Restore files and directories: SeRestorePrivilege Shut down the system: SeShutdownPrivilege Take ownership of files or other objects: SeTakeOwnershipPrivilege [Access this computer from the network](/windows/device-security/security-policy-settings/access-this-computer-from-the-network): SeNetworkLogonRight [Allow log on locally](/windows/device-security/security-policy-settings/allow-log-on-locally): SeInteractiveLogonRight [Allow log on through Remote Desktop Services](/windows/device-security/security-policy-settings/allow-log-on-through-remote-desktop-services): SeRemoteInteractiveLogonRight [Back up files and directories](/windows/device-security/security-policy-settings/back-up-files-and-directories): SeBackupPrivilege [Bypass traverse checking](/windows/device-security/security-policy-settings/bypass-traverse-checking): SeChangeNotifyPrivilege [Change the system time](/windows/device-security/security-policy-settings/change-the-system-time): SeSystemTimePrivilege [Change the time zone](/windows/device-security/security-policy-settings/change-the-time-zone): SeTimeZonePrivilege [Create a pagefile](/windows/device-security/security-policy-settings/create-a-pagefile): SeCreatePagefilePrivilege [Create global objects](/windows/device-security/security-policy-settings/create-global-objects): SeCreateGlobalPrivilege [Create symbolic links](/windows/device-security/security-policy-settings/create-symbolic-links): SeCreateSymbolicLinkPrivilege [Debug programs](/windows/device-security/security-policy-settings/debug-programs): SeDebugPrivilege [Enable computer and user accounts to be trusted for delegation](/windows/device-security/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation): SeEnableDelegationPrivilege [Force shutdown from a remote system](/windows/device-security/security-policy-settings/force-shutdown-from-a-remote-system): SeRemoteShutdownPrivilege [Impersonate a client after authentication](/windows/device-security/security-policy-settings/impersonate-a-client-after-authentication): SeImpersonatePrivilege [Increase scheduling priority](/windows/device-security/security-policy-settings/increase-scheduling-priority): SeIncreaseBasePriorityPrivilege [Load and unload device drivers](/windows/device-security/security-policy-settings/load-and-unload-device-drivers): SeLoadDriverPrivilege [Log on as a batch job](/windows/device-security/security-policy-settings/log-on-as-a-batch-job): SeBatchLogonRight [Manage auditing and security log](/windows/device-security/security-policy-settings/manage-auditing-and-security-log): SeSecurityPrivilege [Modify firmware environment values](/windows/device-security/security-policy-settings/modify-firmware-environment-values): SeSystemEnvironmentPrivilege [Perform volume maintenance tasks](/windows/device-security/security-policy-settings/perform-volume-maintenance-tasks): SeManageVolumePrivilege [Profile system performance](/windows/device-security/security-policy-settings/profile-system-performance): SeSystemProfilePrivilege [Profile single process](/windows/device-security/security-policy-settings/profile-single-process): SeProfileSingleProcessPrivilege [Remove computer from docking station](/windows/device-security/security-policy-settings/remove-computer-from-docking-station): SeUndockPrivilege [Restore files and directories](/windows/device-security/security-policy-settings/restore-files-and-directories): SeRestorePrivilege [Shut down the system](/windows/device-security/security-policy-settings/shut-down-the-system): SeShutdownPrivilege [Take ownership of files or other objects](/windows/device-security/security-policy-settings/take-ownership-of-files-or-other-objects): SeTakeOwnershipPrivilege|
### Allowed RODC Password Replication Group
@@ -788,58 +263,17 @@ The Allowed RODC Password Replication group applies to versions of the Windows S
This security group has not changed since Windows Server 2008.
- Well-Known SID/RID S-1-5-21-<domain>-571 Type Domain local Default container CN=Users DC=<domain>, DC= Default members None Default member of None Protected by ADMINSDHOLDER? No Safe to move out of default container? Cannot be moved Safe to delegate management of this group to non-Service admins? Default User Rights None Well-Known SID/RID S-1-5-32-551 Type Builtin Local Default container CN=BuiltIn, DC=<domain>, DC= Default members None Default member of None Protected by ADMINSDHOLDER? Yes Safe to move out of default container? Cannot be moved Safe to delegate management of this group to non-Service admins? No Default User Rights Allow log on locally: SeInteractiveLogonRight Back up files and directories: SeBackupPrivilege Log on as a batch job: SeBatchLogonRight Restore files and directories: SeRestorePrivilege Shut down the system: SeShutdownPrivilege [Back up files and directories](/windows/device-security/security-policy-settings/back-up-files-and-directories): SeBackupPrivilege [Log on as a batch job](/windows/device-security/security-policy-settings/log-on-as-a-batch-job): SeBatchLogonRight [Restore files and directories](/windows/device-security/security-policy-settings/restore-files-and-directories): SeRestorePrivilege [Shut down the system](/windows/device-security/security-policy-settings/shut-down-the-system): SeShutdownPrivilege|
@@ -914,58 +305,18 @@ The Certificate Service DCOM Access group applies to versions of the Windows Ser
This security group has not changed since Windows Server 2008.
- Well-Known SID/RID S-1-5-32-<domain>-574 Type Domain Local Default container CN=Builtin, DC=<domain>, DC= Default members None Default member of None Protected by ADMINSDHOLDER? No Safe to move out of default container? Cannot be moved Safe to delegate management of this group to non-Service admins? Default User Rights None Well-Known SID/RID S-1-5-21-<domain>-517 Type Domain Local Default container CN=Users, DC=<domain>, DC= Default members None Default member of Protected by ADMINSDHOLDER? No Safe to move out of default container? Cannot be moved Safe to delegate management of this group to non-Service admins? No Default User Rights None Well-Known SID/RID S-1-5-21-<domain>-522 Type Global Default container CN=Users, DC=<domain>, DC= Default members None Default member of None Protected by ADMINSDHOLDER? No Safe to move out of default container? Cannot be moved Safe to delegate management of this group to non-Service admins? Default User Rights None Well-Known SID/RID S-1-5-32-569 Type Builtin Local Default container CN=Builtin, DC=<domain>, DC= Default members None Default member of None Protected by ADMINSDHOLDER? No Safe to move out of default container? Cannot be moved Safe to delegate management of this group to non-Service admins? Default User Rights None Well-Known SID/RID S-1-5-21-<domain>-572 Type Domain local Default container CN=Users, DC=<domain>, DC= Default members Group Policy Creator Owners krbtgt Default member of None Protected by ADMINSDHOLDER? No Safe to move out of default container? Safe to delegate management of this group to non-Service admins? Default User Rights None [Domain Admins](#bkmk-domainadmins) [Domain Controllers](#bkmk-domaincontrollers) [Enterprise Admins](#bkmk-entadmins) Group Policy Creator Owners [Read-only Domain Controllers](#bkmk-rodc) [Schema Admins](#bkmk-schemaadmins)|
+|Default member of|None|
+|Protected by ADMINSDHOLDER?|No|
+|Safe to move out of default container?||
+|Safe to delegate management of this group to non-Service admins?||
+|Default User Rights|None|
+
### Device Owners
This group is not currently used in Windows.
@@ -1225,62 +410,17 @@ Microsoft does not recommend changing the default configuration where this secur
The Device Owners group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable).
- Well-Known SID/RID S-1-5-32-583 Type Builtin Local Default container CN=BuiltIn, DC=<domain>, DC= Default members None Default member of None Protected by ADMINSDHOLDER? No Safe to move out of default container? Can be moved out but it is not recommended Safe to delegate management of this group to non-Service admins? No Default User Rights Allow log on locally: SeInteractiveLogonRight Access this computer from the network: SeNetworkLogonRight Bypass traverse checking: SeChangeNotifyPrivilege Change the time zone: SeTimeZonePrivilege [Access this computer from the network](/windows/device-security/security-policy-settings/access-this-computer-from-the-network): SeNetworkLogonRight [Bypass traverse checking](/windows/device-security/security-policy-settings/bypass-traverse-checking): SeChangeNotifyPrivilege [Change the time zone](/windows/device-security/security-policy-settings/change-the-time-zone): SeTimeZonePrivilege|
### Distributed COM Users
@@ -1290,58 +430,17 @@ The Distributed COM Users group applies to versions of the Windows Server operat
This security group has not changed since Windows Server 2008.
- Well-Known SID/RID S-1-5-32-562 Type Builtin Local Default container CN=Builtin, DC=<domain>, DC= Default members None Default member of None Protected by ADMINSDHOLDER? No Safe to move out of default container? Cannot be moved Safe to delegate management of this group to non-Service admins? Default User Rights None Well-Known SID/RID S-1-5-21-<domain>-<variable RID> Type Global Default container CN=Users, DC=<domain>, DC= Default members None Default member of None Protected by ADMINSDHOLDER? No Safe to move out of default container? Yes Safe to delegate management of this group to non-Service admins? Default User Rights None Well-Known SID/RID S-1-5-21-<domain>-<variable RID> Type Builtin Local Default container CN=Users, DC=<domain>, DC= Default members None Default member of None Protected by ADMINSDHOLDER? No Safe to move out of default container? Yes Safe to delegate management of this group to non-Service admins? Default User Rights None Well-Known SID/RID S-1-5-21-<domain>-512 Type Global Default container CN=Users, DC=<domain>, DC= Default members Administrator Default member of Protected by ADMINSDHOLDER? Yes Safe to move out of default container? Yes Safe to delegate management of this group to non-Service admins? No Default User Rights See Administrators [Denied RODC Password ReplicationGroup](#bkmk-deniedrodcpwdrepl)|
+|Protected by ADMINSDHOLDER?|Yes|
+|Safe to move out of default container?|Yes|
+|Safe to delegate management of this group to non-Service admins?|No|
+|Default User Rights|See [Administrators](#bkmk-admins) See [Denied RODC Password Replication Group](#bkmk-deniedrodcpwdrepl)|
@@ -1540,59 +516,18 @@ The Domain Computers group applies to versions of the Windows Server operating s
This security group has not changed since Windows Server 2008.
- Well-Known SID/RID S-1-5-21-<domain>-515 Type Global Default container CN=Users, DC=<domain>, DC= Default members All computers joined to the domain, excluding domain controllers Default member of None Protected by ADMINSDHOLDER? No Safe to move out of default container? Yes (but not required) Safe to delegate management of this group to non-Service admins? Yes Default User Rights None Well-Known SID/RID S-1-5-21-<domain>-516 Type Global Default container CN=Users, DC=<domain>, DC= Default members Computer accounts for all domain controllers of the domain Default member of Protected by ADMINSDHOLDER? Yes Safe to move out of default container? No Safe to delegate management of this group to non-Service admins? No Default User Rights None Well-Known SID/RID S-1-5-21-<domain>-514 Type Global Default container CN=Users, DC=<domain>, DC= Default members Guest Default member of Protected by ADMINSDHOLDER? Yes Safe to move out of default container? Can be moved out but it is not recommended Safe to delegate management of this group to non-Service admins? No Default User Rights See Guests Well-Known SID/RID S-1-5-21-<domain>-513 Type Global Default container CN=Users, DC=<domain>, DC= Default members Administrator krbtgt Default member of Protected by ADMINSDHOLDER? No Safe to move out of default container? Yes Safe to delegate management of this group to non-Service admins? No Default User Rights See Users Well-Known SID/RID S-1-5-21-<root domain>-519 Type Universal (if Domain is in Native-Mode) else Global Default container CN=Users, DC=<domain>, DC= Default members Administrator Default member of Protected by ADMINSDHOLDER? Yes Safe to move out of default container? Yes Safe to delegate management of this group to non-Service admins? No Default User Rights See Administrators See [Denied RODC Password Replication Group](#bkmk-deniedrodcpwdrepl)|
### Enterprise Key Admins
@@ -1873,58 +645,17 @@ The Enterprise Read-Only Domain Controllers group applies to versions of the Win
This security group has not changed since Windows Server 2008.
- Well-Known SID/RID S-1-5-21-<root domain>-498 Type Universal Default container CN=Users, DC=<domain>, DC= Default members None Default member of None Protected by ADMINSDHOLDER? Yes Safe to move out of default container? Safe to delegate management of this group to non-Service admins? Default User Rights None Well-Known SID/RID S-1-5-32-573 Type Domain Local Default container CN=Users, DC=<domain>, DC= Default members None Default member of None Protected by ADMINSDHOLDER? No Safe to move out of default container? Cannot be moved Safe to delegate management of this group to non-Service admins? Default User Rights None Well-Known SID/RID S-1-5-21-<domain>-520 Type Global Default container CN=Users, DC=<domain>, DC= Default members Administrator Default member of Protected by ADMINSDHOLDER? No Safe to move out of default container? No Safe to delegate management of this group to non-Service admins? No Default User Rights Well-Known SID/RID S-1-5-32-546 Type Builtin Local Default container CN=BuiltIn, DC=<domain>, DC= Default members Guest Default member of None Protected by ADMINSDHOLDER? No Safe to move out of default container? Cannot be moved Safe to delegate management of this group to non-Service admins? No Default User Rights None Well-Known SID/RID S-1-5-32-578 Type Builtin Local Default container CN=BuiltIn, DC=<domain>, DC= Default members None Default member of None Protected by ADMINSDHOLDER? No Safe to move out of default container? Cannot be moved Safe to delegate management of this group to non-Service admins? Default User Rights None Well-Known SID/RID S-1-5-32-568 Type Builtin Local Default container CN=BuiltIn, DC=<domain>, DC= Default members IUSR Default member of None Protected by ADMINSDHOLDER? No Safe to move out of default container? Safe to delegate management of this group to non-Service admins? Default User Rights None Well-Known SID/RID S-1-5-32-557 Type Builtin Local Default container CN=Builtin, DC=<domain>, DC= Default members None Default member of None Protected by ADMINSDHOLDER? No Safe to move out of default container? Cannot be moved Safe to delegate management of this group to non-Service admins? No Default User Rights None Well-Known SID/RID S-1-5-32-556 Type Builtin Local Default container CN=Builtin, DC=<domain>, DC= Default members None Default member of None Protected by ADMINSDHOLDER? No Safe to move out of default container? Cannot be moved Safe to delegate management of this group to non-Service admins? Yes Default User Rights None Well-Known SID/RID S-1-5-32-559 Type Builtin Local Default container CN=Builtin, DC=<domain>, DC= Default members None Default member of None Protected by ADMINSDHOLDER? No Safe to move out of default container? Cannot be moved Safe to delegate management of this group to non-Service admins? Yes Default User Rights Log on as a batch job: SeBatchLogonRight Well-Known SID/RID S-1-5-32-558 Type Builtin Local Default container CN=Builtin, DC=<domain>, DC= Default members None Default member of None Protected by ADMINSDHOLDER? No Safe to move out of default container? Cannot be moved Safe to delegate management of this group to non-Service admins? Yes Default User Rights None Well-Known SID/RID S-1-5-32-554 Type Builtin Local Default container CN=Builtin, DC=<domain>, DC= Default members If you choose the Pre–Windows 2000 Compatible Permissions mode, Everyone and Anonymous are members, and if you choose the Windows 2000-only permissions mode, Authenticated Users are members. Default member of None Protected by ADMINSDHOLDER? No Safe to move out of default container? Cannot be moved Safe to delegate management of this group to non-Service admins? No Default User Rights Access this computer from the network: SeNetworkLogonRight Bypass traverse checking: SeChangeNotifyPrivilege [Bypass traverse checking](/windows/device-security/security-policy-settings/bypass-traverse-checking): SeChangeNotifyPrivilege|
@@ -2665,60 +990,17 @@ The Print Operators group applies to versions of the Windows Server operating sy
This security group has not changed since Windows Server 2008. However, in Windows Server 2008 R2, functionality was added to manage print administration. For more information, see [Assign Delegated Print Administrator and Printer Permission Settings in Windows Server 2012](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj190062(v=ws.11)).
- Well-Known SID/RID S-1-5-32-550 Type Builtin Local Default container CN=Builtin, DC=<domain>, DC= Default members None Default member of None Protected by ADMINSDHOLDER? Yes Safe to move out of default container? Cannot be moved Safe to delegate management of this group to non-Service admins? No Default User Rights Allow log on locally: SeInteractiveLogonRight Load and unload device drivers: SeLoadDriverPrivilege Shut down the system: SeShutdownPrivilege [Load and unload device drivers](/windows/device-security/security-policy-settings/load-and-unload-device-drivers): SeLoadDriverPrivilege [Shut down the system](/windows/device-security/security-policy-settings/shut-down-the-system): SeShutdownPrivilege|
### Protected Users
@@ -2744,58 +1026,17 @@ This group was introduced in Windows Server 2012 R2. For more information about
The following table specifies the properties of the Protected Users group.
- Well-known SID/RID S-1-5-21-<domain>-525 Type Global Default container CN=Users, DC=<domain>, DC= Default members None Default member of None Protected by ADMINSDHOLDER? No Safe to move out of default container? Yes Safe to delegate management of this group to non-service admins? No Default user rights None Well-Known SID/RID S-1-5-21-<domain>-553 Type Builtin Local Default container CN=Users, DC=<domain>, DC= Default members None Default member of None Protected by ADMINSDHOLDER? No Safe to move out of default container? Yes Safe to delegate management of this group to non-Service admins? Yes Default User Rights None Well-Known SID/RID S-1-5-32-576 Type Builtin Local Default container CN=Builtin, DC=<domain>, DC= Default members None Default member of None Protected by ADMINSDHOLDER? No Safe to move out of default container? Cannot be moved Safe to delegate management of this group to non-Service admins? Default User Rights None Well-Known SID/RID S-1-5-32-577 Type Builtin Local Default container CN=Builtin, DC=<domain>, DC= Default members None Default member of None Protected by ADMINSDHOLDER? No Safe to move out of default container? Cannot be moved Safe to delegate management of this group to non-Service admins? Default User Rights None Well-Known SID/RID S-1-5-32-575 Type Builtin Local Default container CN=Builtin, DC=<domain>, DC= Default members None Default member of None Protected by ADMINSDHOLDER? No Safe to move out of default container? Cannot be moved Safe to delegate management of this group to non-Service admins? Default User Rights None Well-Known SID/RID S-1-5-21-<domain>-521 Type Global Default container CN=Users, DC=<domain>, DC= Default members None Default member of Protected by ADMINSDHOLDER? Yes Safe to move out of default container? Yes Safe to delegate management of this group to non-Service admins? Default User Rights Well-Known SID/RID S-1-5-32-555 Type Builtin Local Default container CN=Builtin, DC=<domain>, DC= Default members None Default member of None Protected by ADMINSDHOLDER? No Safe to move out of default container? Cannot be moved Safe to delegate management of this group to non-Service admins? Yes Default User Rights None Well-Known SID/RID S-1-5-32-580 Type Builtin Local Default container CN=Builtin, DC=<domain>, DC= Default members None Default member of None Protected by ADMINSDHOLDER? No Safe to move out of default container? Cannot be moved Safe to delegate management of this group to non-Service admins? Default User Rights None Well-Known SID/RID S-1-5-32-552 Type Builtin Local Default container CN=Builtin, DC=<domain>, DC= Default members None Default member of None Protected by ADMINSDHOLDER? Yes Safe to move out of default container? Cannot be moved Safe to delegate management of this group to non-Service admins? Default User Rights None Well-Known SID/RID S-1-5-21-<root domain>-518 Type Universal (if Domain is in Native-Mode) else Global Default container CN=Users, DC=<domain>, DC= Default members Administrator Default member of Protected by ADMINSDHOLDER? Yes Safe to move out of default container? Yes Safe to delegate management of this group to non-Service admins? No Default User Rights Well-Known SID/RID S-1-5-32-549 Type Builtin Local Default container CN=Builtin, DC=<domain>, DC= Default members None Default member of None Protected by ADMINSDHOLDER? Yes Safe to move out of default container? Cannot be moved Safe to delegate management of this group to non-Service admins? No Default User Rights Allow log on locally: SeInteractiveLogonRight Back up files and directories: SeBackupPrivilege Change the system time: SeSystemTimePrivilege Change the time zone: SeTimeZonePrivilege Force shutdown from a remote system: SeRemoteShutdownPrivilege Restore files and directories: Restore files and directories SeRestorePrivilege Shut down the system: SeShutdownPrivilege [Back up files and directories](/windows/device-security/security-policy-settings/back-up-files-and-directories): SeBackupPrivilege [Change the system time](/windows/device-security/security-policy-settings/change-the-system-time): SeSystemTimePrivilege [Change the time zone](/windows/device-security/security-policy-settings/change-the-time-zone): SeTimeZonePrivilege [Force shutdown from a remote system](/windows/device-security/security-policy-settings/force-shutdown-from-a-remote-system): SeRemoteShutdownPrivilege [Restore files and directories](/windows/device-security/security-policy-settings/restore-files-and-directories): Restore files and directories SeRestorePrivilege [Shut down the system](/windows/device-security/security-policy-settings/shut-down-the-system): SeShutdownPrivilege|
### Storage Replica Administrators
@@ -3493,58 +1324,17 @@ The Terminal Server License Servers group applies to versions of the Windows Ser
This security group only applies to Windows Server 2003 and Windows Server 2008 because Terminal Services was replaced by Remote Desktop Services in Windows Server 2008 R2.
- Well-Known SID/RID S-1-5-32-561 Type Builtin Local Default container CN=Builtin, DC=<domain>, DC= Default members None Default member of None Safe to move out of default container? Cannot be moved Protected by ADMINSDHOLDER? No Safe to delegate management of this group to non-Service admins? Yes Default User Rights None Well-Known SID/RID S-1-5-32-545 Type Builtin Local Default container CN=Builtin, DC=<domain>, DC= Default members Authenticated Users INTERACTIVE Default member of None Protected by ADMINSDHOLDER? No Safe to move out of default container? Cannot be moved Safe to delegate management of this group to non-Service admins? No Default User Rights None [Domain Users](#bkmk-domainusers) INTERACTIVE|
+|Default member of|None|
+|Protected by ADMINSDHOLDER?|No|
+|Safe to move out of default container?|Cannot be moved|
+|Safe to delegate management of this group to non-Service admins?|No|
+|Default User Rights|None|
### Windows Authorization Access Group
@@ -3627,59 +1374,18 @@ The Windows Authorization Access group applies to versions of the Windows Server
This security group has not changed since Windows Server 2008.
- Well-Known SID/RID S-1-5-32-560 Type Builtin Local Default container CN=Builtin, DC=<domain>, DC= Default members Enterprise Domain Controllers Default member of None Protected by ADMINSDHOLDER? No Safe to move out of default container? Cannot be moved Safe to delegate management of this group to non-Service admins? Yes Default user rights None Well-Known SID/RID S-1-5-21-<domain>-<variable RID> Type Domain local Default container CN=Users, DC=<domain>, DC= Default members None Default member of None Protected by ADMINSDHOLDER? No Safe to move out of default container? Yes Safe to delegate management of this group to non-Service admins? Default User Rights None FIPS approved algorithms: AES (Cert. #4624); CKG (vendor affirmed); CVL (Certs. #1278 and #1281); DRBG (Cert. #1555); DSA (Cert. #1223); ECDSA (Cert. #1133); HMAC (Cert. #3061); KAS (Cert. #127); KBKDF (Cert. #140); KTS (AES Cert. #4626; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2521 and #2522); SHS (Cert. #3790); Triple-DES (Cert. #2459) Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #1133); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #2521); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #1281); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #1278) FIPS approved algorithms: AES (Certs. #4624 and #4626); CKG (vendor affirmed); CVL (Certs. #1278 and #1281); DRBG (Cert. #1555); DSA (Cert. #1223); ECDSA (Cert. #1133); HMAC (Cert. #3061); KAS (Cert. #127); KBKDF (Cert. #140); KTS (AES Cert. #4626; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2521 and #2523); SHS (Cert. #3790); Triple-DES (Cert. #2459) Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert.#1133); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert.#2521); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert.#1281) FIPS approved algorithms: AES (Certs. #4624 and #4625); CKG (vendor affirmed); HMAC (Cert. #3061); PBKDF (vendor affirmed); RSA (Cert. #2523); SHS (Cert. #3790) Other algorithms: PBKDF (vendor affirmed); VMK KDF (vendor affirmed) FIPS approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2523); SHS (Cert. #3790) FIPS approved algorithms: AES (Cert. #4624); RSA (Certs. #2522 and #2523); SHS (Cert. #3790) Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v1.5 - RSASP1 Signature Primitive (Cert. #1282) FIPS approved algorithms: AES (Cert. #4624); RSA (Certs. #2522 and #2523); SHS (Cert. #3790) Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v1.5 - RSASP1 Signature Primitive (Cert. #1282) [#1278](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1278) and [#1281](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1281)); DRBG (Cert. [#1555](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1555)); DSA (Cert. [#1223](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1223)); ECDSA (Cert. [#1133](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1133)); HMAC (Cert. [#3061](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3061)); KAS (Cert. [#127](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#127)); KBKDF (Cert. [#140](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#140)); KTS (AES Cert. [#4626](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4626); key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. [#2521](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2521) and [#2522](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2522)); SHS (Cert. [#3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790)); Triple-DES (Cert. [#2459](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2459) Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt) Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. [#1133](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1133)); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#2521](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#2521)); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. [#1281](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1281)); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. [#1278](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1278))|
+|Kernel Mode Cryptographic Primitives Library (cng.sys)|[10.0.15063](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3094.pdf)|[#3094](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3094)|[#3094](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3094) FIPS approved algorithms: AES (Certs. [#4624](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4624) and [#4626](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4626)); CKG (vendor affirmed); CVL (Certs. [#1278](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1278) and [#1281](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1281)); DRBG (Cert. [#1555](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1555)); DSA (Cert. [#1223](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1223)); ECDSA (Cert. [#1133](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1133)); HMAC (Cert. [#3061](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3061)); KAS (Cert. [#127](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#127)); KBKDF (Cert. [#140](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#140)); KTS (AES Cert. [#4626](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4626); key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. [#2521](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2521) and [#2523](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2523)); SHS (Cert. [#3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790)); Triple-DES (Cert. [#2459](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2459) Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt) [Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert.](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3094 [#1133](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1133)[); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert.](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3094)[#2521](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#2521)[); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert.](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3094 [#1281](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1281)[)](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3094)|
+|Boot Manager|[10.0.15063](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3089.pdf)|[#3089](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3089)|FIPS approved algorithms: AES (Certs. [#4624](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4624) and [#4625](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4625)); CKG (vendor affirmed); HMAC (Cert. [#3061](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3061)); PBKDF (vendor affirmed); RSA (Cert. [#2523](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2523)); SHS (Cert. [#3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790) Other algorithms: PBKDF (vendor affirmed); VMK KDF (vendor affirmed)|
+|Windows OS Loader|[10.0.15063](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3090.pdf)|[#3090](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3090)|FIPS approved algorithms: AES (Certs. [#4624](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4624) and [#4625](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4625)); RSA (Cert. [#2523](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2523)); SHS (Cert. [#3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790) [Other algorithms: NDRNG](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3090)|
+|Windows Resume [1]|[10.0.15063](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3091.pdf)|[#3091](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3091)|FIPS approved algorithms: AES (Certs. [#4624](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4624) and [#4625](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4625)); RSA (Cert. [#2523](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2523)); SHS (Cert. [#3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790))|
+|BitLocker® Dump Filter [2]|[10.0.15063](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3092.pdf)|[#3092](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3092)|FIPS approved algorithms: AES (Certs. [#4624](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4624) and [#4625](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4625)); RSA (Cert. [#2522](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2522)); SHS (Cert. [#3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790))|
+|Code Integrity (ci.dll)|[10.0.15063](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3093.pdf)|[#3093](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3093)|FIPS approved algorithms: AES (Cert. [#4624](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4624)); RSA (Certs. [#2522](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2522) and [#2523](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2523)); SHS (Cert. [#3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790) Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v1.5 - RSASP1 Signature Primitive (Cert. [#1282](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1282))|
+|Secure Kernel Code Integrity (skci.dll)[3]|[10.0.15063](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3096.pdf)|[#3096](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3096)|FIPS approved algorithms: AES (Cert. [#4624](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4624)); RSA (Certs. [#2522](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2522) and [#2523](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2523)); SHS (Cert. [#3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790) Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v1.5 - RSASP1 Signature Primitive (Cert. [#1282](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1282))|
\[1\] Applies only to Home, Pro, Enterprise, Education, and S.
@@ -391,88 +166,16 @@ Validated Editions: Home, Pro, Enterprise, Education, S, Surface Hub, Mobile
Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile
- FIPS approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193, and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227) Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #922); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #887); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #886) FIPS approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193, and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227) Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #922); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #887) FIPS approved algorithms: AES (Certs. #4061 and #4064); HMAC (Cert. #2651); PBKDF (vendor affirmed); RSA (Cert. #2193); SHS (Cert. #3347) Other algorithms: MD5; PBKDF (non-compliant); VMK KDF FIPS approved algorithms: RSA (Cert. #2193); SHS (Cert. #3347) Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888) FIPS approved algorithms: RSA (Certs. #2193); SHS (Certs. #3347) Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888) Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt) Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. [#922](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#922)); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#888](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#888)); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. [#887](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#887)); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. [#886](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#886))|
+|Kernel Mode Cryptographic Primitives Library (cng.sys)|[10.0.14393](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2936.pdf)|[#2936](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2936)|FIPS approved algorithms: AES (Cert. [#4064](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4064)); DRBG (Cert. [#1217](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1217)); DSA (Cert. [#1098](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1098)); ECDSA (Cert. [#911](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#911)); HMAC (Cert. [#2651](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2651)); KAS (Cert. [#92](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#92)); KBKDF (Cert. [#101](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#101)); KTS (AES Cert. [#4062](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4062); key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. [#2192](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2192), [#2193, and #2195](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2193)); SHS (Cert. [#3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347)); Triple-DES (Cert. [#2227](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2227)) Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt) Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. [#922](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#922)); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#888](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#888)); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. [#887](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#887))|
+|Boot Manager|[10.0.14393](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2931.pdf)|[#2931](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2931)|FIPS approved algorithms: AES (Certs. [#4061](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4061) and [#4064](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4064)); HMAC (Cert. [#2651](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2651)); PBKDF (vendor affirmed); RSA (Cert. [#2193](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2193)); SHS (Cert. [#3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347)) Other algorithms: MD5; PBKDF (non-compliant); VMK KDF|
+|BitLocker® Windows OS Loader (winload)|[10.0.14393](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2932.pdf)|[#2932](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2932)|FIPS approved algorithms: AES (Certs. [#4061](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4061) and [#4064](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4064)); RSA (Cert. [#2193](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2193)); SHS (Cert. [#3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347)) Other algorithms: NDRNG; MD5|
+|BitLocker® Windows Resume (winresume)[1]|[10.0.14393](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2933.pdf)|[#2933](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2933)|FIPS approved algorithms: AES (Certs. [#4061](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4061) and [#4064](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4064)); RSA (Cert. [#2193](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2193)); SHS (Cert. [#3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347)) Other algorithms: MD5|
+|BitLocker® Dump Filter (dumpfve.sys)[2]|[10.0.14393](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2934.pdf)|[#2934](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2934)|FIPS approved algorithms: AES (Certs. [#4061](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4061) and [#4064](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4064))|
+|Code Integrity (ci.dll)|[10.0.14393](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2935.pdf)|[#2935](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2935)|FIPS approved algorithms: RSA (Cert. [#2193](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2193)); SHS (Cert. [#3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347)) Other algorithms: AES (non-compliant); MD5 Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#888](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#888))|
+|Secure Kernel Code Integrity (skci.dll)[3]|[10.0.14393](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2938.pdf)|[#2938](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2938)|FIPS approved algorithms: RSA (Certs. [#2193](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2193)); SHS (Certs. [#3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347)) Other algorithms: MD5 Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#888](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#888))|
\[1\] Applies only to Home, Pro, Enterprise, and Enterprise LTSB
@@ -484,89 +187,16 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile
Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, Surface Hub
- FIPS approved algorithms: AES (Certs. #3629); DRBG (Certs. #955); DSA (Certs. #1024); ECDSA (Certs. #760); HMAC (Certs. #2381); KAS (Certs. #72; key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. #72); KTS (AES Certs. #3653; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1887, #1888, and #1889); SHS (Certs. #3047); Triple-DES (Certs. #2024) Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #666); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #663); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #664) FIPS approved algorithms: AES (Certs. #3629); DRBG (Certs. #955); DSA (Certs. #1024); ECDSA (Certs. #760); HMAC (Certs. #2381); KAS (Certs. #72; key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. #72); KTS (AES Certs. #3653; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1887, #1888, and #1889); SHS (Certs. #3047); Triple-DES (Certs. #2024) Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #666); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #663) FIPS approved algorithms: RSA (Certs. #1871); SHS (Certs. #3048) Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665) FIPS approved algorithms: RSA (Certs. #1871); SHS (Certs. #3048) Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665) Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt) Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. [#666](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#666)); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#665](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#665)); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. [#663](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#663)); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. [#664](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#664))|
+|Kernel Mode Cryptographic Primitives Library (cng.sys)|[10.0.10586](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2605.pdf)|[#2605](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2605)|FIPS approved algorithms: AES (Certs. [#3629](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3629)); DRBG (Certs. [#955](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#955)); DSA (Certs. [#1024](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1024)); ECDSA (Certs. [#760](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#760)); HMAC (Certs. [#2381](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2381)); KAS (Certs. [#72](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#72); key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. [#72](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#72)); KTS (AES Certs. [#3653](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3653); key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. [#1887](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1887), [#1888, and #1889](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1888)); SHS (Certs. [#3047](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3047)); Triple-DES (Certs. [#2024](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2024)) Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt) Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. [#666](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#666)); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#665](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#665)); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. [#663](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#663))|
+|Boot Manager [4]|[10.0.10586](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2700.pdf)|[#2700](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2700)|FIPS approved algorithms: AES (Certs. [#3653](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3653)); HMAC (Cert. [#2381](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2381)); PBKDF (vendor affirmed); RSA (Cert. [#1871](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1871)); SHS (Certs. [#3047](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3047) and [#3048](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3048)) Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)|
+|BitLocker® Windows OS Loader (winload)[5]|[10.0.10586](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2701.pdf)|[#2701](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2701)|FIPS approved algorithms: AES (Certs. [#3629](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3629) and [#3653](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3653)); RSA (Cert. [#1871](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1871)); SHS (Cert. [#3048](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3048)) Other algorithms: MD5; NDRNG|
+|BitLocker® Windows Resume (winresume)[6]|[10.0.10586](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2702.pdf)|[#2702](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2702)|FIPS approved algorithms: AES (Certs. [#3653](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3653)); RSA (Cert. [#1871](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1871)); SHS (Cert. [#3048](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3048)) Other algorithms: MD5|
+|BitLocker® Dump Filter (dumpfve.sys)[7]|[10.0.10586](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2703.pdf)|[#2703](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2703)|FIPS approved algorithms: AES (Certs. [#3653](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3653))|
+|Code Integrity (ci.dll)|[10.0.10586](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2604.pdf)|[#2604](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2604)|FIPS approved algorithms: RSA (Certs. [#1871](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1871)); SHS (Certs. [#3048](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3048)) Other algorithms: AES (non-compliant); MD5 Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#665](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#665))|
+|Secure Kernel Code Integrity (skci.dll)[8]|[10.0.10586](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2607.pdf)|[#2607](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2607)|FIPS approved algorithms: RSA (Certs. [#1871](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1871)); SHS (Certs. [#3048](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3048)) Other algorithms: MD5 Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#665](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#665))|
\[4\] Applies only to Home, Pro, Enterprise, Mobile, and Surface Hub
@@ -582,88 +212,16 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, Surface Hub
Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, and Surface Hub
- FIPS approved algorithms: AES (Certs. #3497); DRBG (Certs. #868); DSA (Certs. #983); ECDSA (Certs. #706); HMAC (Certs. #2233); KAS (Certs. #64; key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. #66); KTS (AES Certs. #3507; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, and #1802); SHS (Certs. #2886); Triple-DES (Certs. #1969) Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #576); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #575) FIPS approved algorithms: AES (Certs. #3497); DRBG (Certs. #868); DSA (Certs. #983); ECDSA (Certs. #706); HMAC (Certs. #2233); KAS (Certs. #64; key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. #66); KTS (AES Certs. #3507; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, and #1802); SHS (Certs. #2886); Triple-DES (Certs. #1969) Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #576) FIPS approved algorithms: RSA (Certs. #1784); SHS (Certs. #2871) Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572) FIPS approved algorithms: RSA (Certs. #1784); SHS (Certs. #2871) Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572) Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt) Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#572](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#572)); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. [#576](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#576)); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. [#575](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#575))|
+|Kernel Mode Cryptographic Primitives Library (cng.sys)|[10.0.10240](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2605.pdf)|[#2605](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2605)|FIPS approved algorithms: AES (Certs. [#3497](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3497)); DRBG (Certs. [#868](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#868)); DSA (Certs. [#983](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#983)); ECDSA (Certs. [#706](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#706)); HMAC (Certs. [#2233](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2233)); KAS (Certs. [#64](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#64); key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. [#66](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#66)); KTS (AES Certs. [#3507](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3507); key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. [#1783](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1783), [#1798](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1798), and [#1802](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1802)); SHS (Certs. [#2886](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2886)); Triple-DES (Certs. [#1969](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1969)) Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt) Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#572](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#572)); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. [#576](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#576))|
+|Boot Manager[9]|[10.0.10240](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2600.pdf)|[#2600](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2600)|FIPS approved algorithms: AES (Cert. [#3497](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3497)); HMAC (Cert. [#2233](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2233)); KTS (AES Cert. [#3498](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3498)); PBKDF (vendor affirmed); RSA (Cert. [#1784](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1784)); SHS (Certs. [#2871](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2871) and [#2886](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2886)) Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)|
+|BitLocker® Windows OS Loader (winload)[10]|[10.0.10240](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2601.pdf)|[#2601](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2601)|FIPS approved algorithms: AES (Certs. [#3497](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3497) and [#3498](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3498)); RSA (Cert. [#1784](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1784)); SHS (Cert. [#2871](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2871)) Other algorithms: MD5; NDRNG|
+|BitLocker® Windows Resume (winresume)[11]|[10.0.10240](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2602.pdf)|[#2602](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2602)|FIPS approved algorithms: AES (Certs. [#3497](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3497) and [#3498](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3498)); RSA (Cert. [#1784](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1784)); SHS (Cert. [#2871](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2871)) Other algorithms: MD5|
+|BitLocker® Dump Filter (dumpfve.sys)[12]|[10.0.10240](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2603.pdf)|[#2603](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2603)|FIPS approved algorithms: AES (Certs. [#3497](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3497) and [#3498](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3498))|
+|Code Integrity (ci.dll)|[10.0.10240](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2604.pdf)|[#2604](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2604)|FIPS approved algorithms: RSA (Certs. [#1784](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1784)); SHS (Certs. [#2871](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2871)) Other algorithms: AES (non-compliant); MD5 Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#572](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#572))|
+|Secure Kernel Code Integrity (skci.dll)[13]|[10.0.10240](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2607.pdf)|[#2607](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2607)|FIPS approved algorithms: RSA (Certs. [#1784](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1784)); SHS (Certs. [#2871](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2871)) Other algorithms: MD5 Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#572](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#572))|
\[9\] Applies only to Home, Pro, Enterprise, and Enterprise LTSB
@@ -680,82 +238,15 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, and Surface
Validated Editions: RT, Pro, Enterprise, Phone, Embedded
- FIPS approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); DSA (Cert. #855); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493, and #1519); SHS (Cert. #2373); Triple-DES (Cert. #1692) Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #288); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #323) FIPS approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493, and #1519); SHS (Cert. # 2373); Triple-DES (Cert. #1692) Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #288); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289) FIPS approved algorithms: RSA (Cert. #1494); SHS (Cert. # 2373) Validated Component Implementations: PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289) Other algorithms: AES (Cert. [#2832](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2832), key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)#2832, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt) Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. [#288](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#288)); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#289](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#289)); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. [#323](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#323))|
+|Kernel Mode Cryptographic Primitives Library (cng.sys)|[6.3.9600 6.3.9600.17042](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2356.pdf)|[#2356](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2356)|FIPS approved algorithms: AES (Cert. [#2832](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2832)); DRBG (Certs. [#489](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#489)); ECDSA (Cert. [#505](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#505)); HMAC (Cert. [#1773](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1773)); KAS (Cert. [#47](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#47)); KBKDF (Cert. [#30](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#30)); PBKDF (vendor affirmed); RSA (Certs. [#1487](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1487), [#1493, and #1519](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1493)); SHS (Cert. [# 2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373)); Triple-DES (Cert. [#1692](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1692)) Other algorithms: AES (Cert. [#2832](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2832), key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt) Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. [#288](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#288)); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#289](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#289))|
+|Boot Manager|[6.3.9600 6.3.9600.17031](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2351.pdf)|[#2351](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2351)|FIPS approved algorithms: AES (Cert. [#2832](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2832)); HMAC (Cert. [#1773](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1773)); PBKDF (vendor affirmed); RSA (Cert. [#1494](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1494)); SHS (Certs. [# 2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373) and [#2396](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2396)) Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)|
+|BitLocker® Windows OS Loader (winload)|[6.3.9600 6.3.9600.17031](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2352.pdf)|[#2352](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2352)|FIPS approved algorithms: AES (Cert. [#2832](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2832)); RSA (Cert. [#1494](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1494)); SHS (Cert. [#2396](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2396)) Other algorithms: MD5; NDRNG|
+|BitLocker® Windows Resume (winresume)[14]|[6.3.9600 6.3.9600.17031](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2353.pdf)|[#2353](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2353)|FIPS approved algorithms: AES (Cert. [#2832](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2832)); RSA (Cert. [#1494](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1494)); SHS (Certs. [# 2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373) and [#2396](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2396)) Other algorithms: MD5|
+|BitLocker® Dump Filter (dumpfve.sys)|[6.3.9600 6.3.9600.17031](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2354.pdf)|[#2354](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2354)|FIPS approved algorithms: AES (Cert. [#2832](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2832)) Other algorithms: N/A|
+|Code Integrity (ci.dll)|[6.3.9600 6.3.9600.17031](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2355.pdf)|[#2355](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2355)|FIPS approved algorithms: RSA (Cert. [#1494](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1494)); SHS (Cert. [# 2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373)) Other algorithms: MD5 Validated Component Implementations: PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#289](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#289))|
\[14\] Applies only to Pro, Enterprise, and Embedded 8.
@@ -763,95 +254,17 @@ Validated Editions: RT, Pro, Enterprise, Phone, Embedded
Validated Editions: RT, Home, Pro, Enterprise, Phone
- Other algorithms: AES (Cert. [#2197](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2197), key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258); DSA (Cert.); ECDSA (Cert.); HMAC (Cert.); KAS (Cert); KBKDF (Cert.); PBKDF (vendor affirmed); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.)|
+|Kernel Mode Cryptographic Primitives Library (cng.sys)|[6.2.9200](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1891.pdf)|[#1891](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1891)|FIPS approved algorithms: AES (Certs. [#2197](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2197) and [#2216](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2216)); DRBG (Certs. [#258](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258) and [#259](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#259)); ECDSA (Cert. [#341](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#341)); HMAC (Cert. [#1345](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1345)); KAS (Cert. [#36](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#36)); KBKDF (Cert. [#3](http://csrc.nist.gov/groups/stm/cavp/documents/kbkdf800-108/kbkdfval.htm#3)); PBKDF (vendor affirmed); RNG (Cert. [#1110](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#1110)); RSA (Certs. [#1133](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1133) and [#1134](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1134)); SHS (Cert. [#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903)); Triple-DES (Cert. [#1387](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1387)) Other algorithms: AES (Cert. [#2197](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2197), key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258 and); ECDSA (Cert.); HMAC (Cert.); KAS (Cert.); KBKDF (Cert.); PBKDF (vendor affirmed); RNG (Cert.); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.) Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)|
+|Boot Manager|[6.2.9200](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1895.pdf)|[#1895](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/1401val2013.htm#1895)|FIPS approved algorithms: AES (Certs. [#2196](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2196) and [#2198](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2198)); HMAC (Cert. #[1347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1347)); RSA (Cert. [#1132](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1132)); SHS (Cert. [#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903)) Other algorithms: MD5|
+|BitLocker® Windows OS Loader (WINLOAD)|[6.2.9200](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1896.pdf)|[#1896](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/1401val2013.htm#1896)|FIPS approved algorithms: AES (Certs. [#2196](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2196) and [#2198](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2198)); RSA (Cert. [#1132](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1132)); SHS (Cert. [#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903)) Other algorithms: AES (Cert. [#2197](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2197); non-compliant); MD5; Non-Approved RNG|
+|BitLocker® Windows Resume (WINRESUME)[15]|[6.2.9200](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1898.pdf)|[#1898](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/1401val2013.htm#1898)|FIPS approved algorithms: AES (Certs. [#2196](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2196) and [#2198](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2198)); RSA (Cert. [#1132](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1132)); SHS (Cert. [#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903)) Other algorithms: MD5|
+|BitLocker® Dump Filter (DUMPFVE.SYS)|[6.2.9200](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1899.pdf)|[#1899](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/1401val2013.htm#1899)|FIPS approved algorithms: AES (Certs. [#2196](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2196) and [#2198](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2198)) Other algorithms: N/A|
+|Code Integrity (CI.DLL)|[6.2.9200](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1897.pdf)|[#1897](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/1401val2013.htm#1897)|FIPS approved algorithms: RSA (Cert. [#1132](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1132)); SHS (Cert. [#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903)) Other algorithms: MD5|
+|Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL)|[6.2.9200](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1893.pdf)|[#1893](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/1401val2013.htm#1893)|FIPS approved algorithms: DSA (Cert. [#686](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#686)); SHS (Cert. [#1902](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902)); Triple-DES (Cert. [#1386](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1386)); Triple-DES MAC (Triple-DES Cert. [#1386](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1386), vendor affirmed) Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. [#1386](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1386), key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#1902); Triple-DES (Cert.); Triple-DES MAC (Triple-DES Certificate, vendor affirmed) Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Certificate, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)|
+|Enhanced Cryptographic Provider (RSAENH.DLL)|[6.2.9200](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1894.pdf)|[#1894](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/1401val2013.htm#1894)|FIPS approved algorithms: AES (Cert. [#2196](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2196)); HMAC (Cert. #1346); RSA (Cert. [#1132](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1132)); SHS (Cert. [#1902](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902)); Triple-DES (Cert. [#1386](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1386)) Other algorithms: AES (Cert. [#2196](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2196), key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. [#1386](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1386), key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)|
\[15\] Applies only to Home and Pro
@@ -859,557 +272,110 @@ Validated Editions: RT, Home, Pro, Enterprise, Phone
Validated Editions: Windows 7, Windows 7 SP1
- [6.1.7601.17514](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1329.pdf)|[1329](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1329)|FIPS approved algorithms: AES (Certs. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168) and [#1178](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1178)); AES GCM (Cert. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168), vendor-affirmed); AES GMAC (Cert. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168), vendor-affirmed); DRBG (Certs. [#23](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#23) and [#24](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#24)); DSA (Cert. [#386](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#386)); ECDSA (Cert. [#141](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#141)); HMAC (Cert. [#677](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#677)); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 bits to 256 bits of encryption strength); RNG (Cert. [#649](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#649)); RSA (Certs. [#559](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#559) and [#560](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#560)); SHS (Cert. [#1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081)); Triple-DES (Cert. [#846](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#846)) Other algorithms: AES (Cert. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168), key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4#559 and); SHS (Cert.); Triple-DES (Cert.) Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4|
+|Kernel Mode Cryptographic Primitives Library (cng.sys)|[6.1.7600.16385](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1328.pdf) [6.1.7600.16915](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1328.pdf) [6.1.7600.21092](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1328.pdf) [6.1.7601.17514](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1328.pdf) [6.1.7601.17725](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1328.pdf) [6.1.7601.17919](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1328.pdf) [6.1.7601.21861](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1328.pdf) [6.1.7601.22076](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1328.pdf)|[1328](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1328)|FIPS approved algorithms: AES (Certs. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168) and [#1178](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1178)); AES GCM (Cert. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168), vendor-affirmed); AES GMAC (Cert. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168), vendor-affirmed); DRBG (Certs. [#23](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#23) and [#24](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#24)); ECDSA (Cert. [#141](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#141)); HMAC (Cert. [#677](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#677)); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 bits to 256 bits of encryption strength); RNG (Cert. [#649](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#649)); RSA (Certs. [#559](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#559) and [#560](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#560)); SHS (Cert. [#1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081)); Triple-DES (Cert. [#846](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#846)) Other algorithms: AES (Cert. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168), key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4|
+|Boot Manager|[6.1.7600.16385](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1319.pdf) [6.1.7601.17514](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1319.pdf)|[1319](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1319)|FIPS approved algorithms: AES (Certs. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168) and [#1177](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1177)); HMAC (Cert. [#675](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#675)); RSA (Cert. [#557](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#557)); SHS (Cert. [#1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081)) Other algorithms: MD5#1168 and); HMAC (Cert.); RSA (Cert.); SHS (Cert.) Other algorithms: MD5|
+|Winload OS Loader (winload.exe)|[6.1.7600.16385](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1326.pdf) [6.1.7600.16757](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1326.pdf) [6.1.7600.20897](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1326.pdf) [6.1.7600.20916](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1326.pdf) [6.1.7601.17514](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1326.pdf) [6.1.7601.17556](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1326.pdf) [6.1.7601.21655](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1326.pdf) [6.1.7601.21675](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1326.pdf)|[1326](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1326)|FIPS approved algorithms: AES (Certs. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168) and [#1177](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1177)); RSA (Cert. [#557](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#557)); SHS (Cert. [#1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081)) Other algorithms: MD5|
+|BitLocker™ Drive Encryption|[6.1.7600.16385](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1332.pdf) [6.1.7600.16429](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1332.pdf) [6.1.7600.16757](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1332.pdf) [6.1.7600.20536](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1332.pdf) [6.1.7600.20873](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1332.pdf) [6.1.7600.20897](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1332.pdf) [6.1.7600.20916](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1332.pdf) [6.1.7601.17514](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1332.pdf) [6.1.7601.17556](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1332.pdf) [6.1.7601.21634](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1332.pdf) [6.1.7601.21655](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1332.pdf) [6.1.7601.21675](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1332.pdf)|[1332](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1332)|FIPS approved algorithms: AES (Certs. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168) and [#1177](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1177)); HMAC (Cert. [#675](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#675)); SHS (Cert. [#1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081)) Other algorithms: Elephant Diffuser|
+|Code Integrity (CI.DLL)|[6.1.7600.16385](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1327.pdf) [6.1.7600.17122](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1327.pdf)v[6.1.7600.21320](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1327.pdf) [6.1.7601.17514](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1327.pdf) [6.1.7601.17950](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1327.pdf)v[6.1.7601.22108](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1327.pdf)|[1327](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1327)|FIPS approved algorithms: RSA (Cert. [#557](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#557)); SHS (Cert. [#1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081)) Other algorithms: MD5|
+|Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL)|[6.1.7600.16385](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1331.pdf) (no change in SP1)|[1331](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1331)|FIPS approved algorithms: DSA (Cert. [#385](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#385)); RNG (Cert. [#649](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#649)); SHS (Cert. [#1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081)); Triple-DES (Cert. [#846](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#846)); Triple-DES MAC (Triple-DES Cert. [#846](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#846), vendor affirmed) Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4|
+|Enhanced Cryptographic Provider (RSAENH.DLL)|[6.1.7600.16385](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1330.pdf) (no change in SP1)|[1330](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1330)|FIPS approved algorithms: AES (Cert. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168)); DRBG (Cert. [#23](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#23)); HMAC (Cert. [#673](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#673)); SHS (Cert. [#1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081)); RSA (Certs. [#557](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#557) and [#559](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#559)); Triple-DES (Cert. [#846](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#846)) Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)|
##### Windows Vista SP1
Validated Editions: Ultimate Edition
- FIPS approved algorithms: AES (Certs. #739 and #756); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656)#739 and); ECDSA (Cert.); HMAC (Cert.); RNG (Cert. and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.) Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) FIPS approved algorithms: AES (Certs. #739 and #756); DSA (Cert. #283); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90, vendor affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656) Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength) FIPS approved algorithms: AES (Cert. #739); HMAC (Cert. #407); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #354); SHS (Cert. #753); Triple-DES (Cert. #656) Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) FIPS approved algorithms: DSA (Cert. #281); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed) Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4 Other algorithms: MD5|
+|Code Integrity (ci.dll)|[6.0.6001.18000, 6.0.6001.18023, 6.0.6001.22120, and 6.0.6002.18005](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp980.pdf)|[980](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/980)|FIPS approved algorithms: RSA (Cert. [#354](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#354)); SHS (Cert. [#753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753)) Other algorithms: MD5|
+|Kernel Mode Security Support Provider Interface (ksecdd.sys)|[6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742, and 6.0.6002.22869](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1000.pdf)|[1000](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1000)|FIPS approved algorithms: AES (Certs. [#739](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#739) and [#756](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#756)); ECDSA (Cert. [#82](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#82)); HMAC (Cert. [#412](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#412)); RNG (Cert. [#435](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#435) and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs. [#353](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#353) and [#357](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#357)); SHS (Cert. [#753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753)); Triple-DES (Cert. [#656](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#656))#739 and); ECDSA (Cert.); HMAC (Cert.); RNG (Cert. and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.) Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)|
+|Cryptographic Primitives Library (bcrypt.dll)|[6.0.6001.22202, 6.0.6002.18005, and 6.0.6002.22872](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1002.pdf)|[1001](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1001)|FIPS approved algorithms: AES (Certs. [#739](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#739) and [#756](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#756)); DSA (Cert. [#283](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#283)); ECDSA (Cert. [#82](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#82)); HMAC (Cert. [#412](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#412)); RNG (Cert. [#435](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#435) and SP 800-90, vendor affirmed); RSA (Certs. [#353](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#353) and [#357](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#357)); SHS (Cert. [#753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753)); Triple-DES (Cert. [#656](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#656)) Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength)|
+|Enhanced Cryptographic Provider (RSAENH)|[6.0.6001.22202 and 6.0.6002.18005](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1002.pdf)|[1002](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1002)|FIPS approved algorithms: AES (Cert. [#739](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#739)); HMAC (Cert. [#407](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#407)); RNG (SP 800-90, vendor affirmed); RSA (Certs. [#353](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#353) and [#354](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#354)); SHS (Cert. [#753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753)); Triple-DES (Cert. [#656](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#656)) Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)|
+|Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)|[6.0.6001.18000 and 6.0.6002.18005](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1003.pdf)|[1003](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1003)|FIPS approved algorithms: DSA (Cert. [#281](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#281)); RNG (Cert. [#435](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#435)); SHS (Cert. [#753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753)); Triple-DES (Cert. [#656](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#656)); Triple-DES MAC (Triple-DES Cert. [#656](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#656), vendor affirmed) Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4|
##### Windows Vista
Validated Editions: Ultimate Edition
- FIPS approved algorithms: HMAC (Cert. #429); RNG (Cert. #449); SHS (Cert. #785); Triple-DES (Cert. #677); Triple-DES MAC (Triple-DES Cert. #677, vendor affirmed) Other algorithms: DES; MD5; HMAC MD5 FIPS approved algorithms: DSA (Cert. #292); RNG (Cert. #448); SHS (Cert. #784); Triple-DES (Cert. #676); Triple-DES MAC (Triple-DES Cert. #676, vendor affirmed) Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits); MD5; RC2; RC4 FIPS approved algorithms: AES (Cert. #781); HMAC (Cert. #428); RNG (Cert. #447); RSA (Cert. #371); SHS (Cert. #783); Triple-DES (Cert. #675); Triple-DES MAC (Triple-DES Cert. #675, vendor affirmed) Other algorithms: DES; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits) Other algorithms: DES; MD5; HMAC MD5|
+|Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)|[5.1.2600.5507](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp990.pdf)|[990](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/990)|FIPS approved algorithms: DSA (Cert. [#292](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#292)); RNG (Cert. [#448](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#448)); SHS (Cert. [#784](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#784)); Triple-DES (Cert. [#676](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#676)); Triple-DES MAC (Triple-DES Cert. [#676](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#676), vendor affirmed) Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits); MD5; RC2; RC4|
+|Enhanced Cryptographic Provider (RSAENH)|[5.1.2600.5507](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp989.pdf)|[989](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/989)|FIPS approved algorithms: AES (Cert. [#781](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#781)); HMAC (Cert. [#428](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#428)); RNG (Cert. [#447](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#447)); RSA (Cert. [#371](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#371)); SHS (Cert. [#783](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#783)); Triple-DES (Cert. [#675](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#675)); Triple-DES MAC (Triple-DES Cert. [#675](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#675), vendor affirmed) Other algorithms: DES; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits)|
##### Windows XP SP2
- FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #29) Other algorithms: DES (Cert. #66); RC2; RC4; MD5; DES40; Diffie-Hellman (key agreement) FIPS approved algorithms: Triple-DES (Cert. #81); AES (Cert. #33); SHA-1 (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #83, vendor affirmed) Other algorithms: DES (Cert. #156); RC2; RC4; MD5 Other algorithms: DES (Cert. [#66](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#66)); RC2; RC4; MD5; DES40; Diffie-Hellman (key agreement)|
+|Microsoft Enhanced Cryptographic Provider|[5.1.2600.2161](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp238.pdf)|[238](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/238)|FIPS approved algorithms: Triple-DES (Cert. [#81](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#81)); AES (Cert. [#33](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#33)); SHA-1 (Cert. [#83](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#83)); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. [#83](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#83), vendor affirmed) Other algorithms: DES (Cert. [#156](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#156)); RC2; RC4; MD5|
##### Windows XP SP1
- FIPS approved algorithms: Triple-DES (Cert. #81); AES (Cert. #33); SHA-1 (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #83, vendor affirmed) Other algorithms: DES (Cert. #156); RC2; RC4; MD5 Other algorithms: DES (Cert. [#156](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#156)); RC2; RC4; MD5|
##### Windows XP
- FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #35); HMAC-SHA-1 (Cert. #35, vendor affirmed) Other algorithms: DES (Cert. #89) Other algorithms: DES (Cert. [#89](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#89))|
##### Windows 2000 SP3
- FIPS approved algorithms: Triple-DES (Cert. #16); SHA-1 (Certs. #35) Other algorithms: DES (Certs. #89) (Base DSS: 5.0.2195.3665 [SP3]) FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed) Other algorithms: DES (Certs. #65, 66, 67 and 68); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5 Other algorithms: DES (Certs. [#89](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#89))|
+|Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider|[(Base DSS: 5.0.2195.3665 [SP3])](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp103.pdf) [(Base: 5.0.2195.3839 [SP3])](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp103.pdf) [(DSS/DH Enh: 5.0.2195.3665 [SP3])](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp103.pdf) [(Enh: 5.0.2195.3839 [SP3]](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp103.pdf)|[103](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/103)|FIPS approved algorithms: Triple-DES (Cert. [#16](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#16)); DSA/SHA-1 (Certs. [#28](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#28) and [#29](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#29)); RSA (vendor affirmed) Other algorithms: DES (Certs. [#65](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#65), [66](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#66), [67](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#67) and [68](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#68)); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5|
##### Windows 2000 SP2
- FIPS approved algorithms: Triple-DES (Cert. #16); SHA-1 (Certs. #35) Other algorithms: DES (Certs. #89) FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed) Other algorithms: DES (Certs. #65, 66, 67 and 68); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5 Other algorithms: DES (Certs. [#89](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#89))|
+|Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider|[(Base DSS:](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp103.pdf) [5.0.2195.2228 [SP2])](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp103.pdf) [(Base:](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp103.pdf) [5.0.2195.2228 [SP2])](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp103.pdf) [(DSS/DH Enh:](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp103.pdf) [5.0.2195.2228 [SP2])](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp103.pdf) [(Enh:](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp103.pdf) [5.0.2195.2228 [SP2])](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp103.pdf)|[103](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/103)|FIPS approved algorithms: Triple-DES (Cert. [#16](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#16)); DSA/SHA-1 (Certs. [#28](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#28) and [#29](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#29)); RSA (vendor affirmed) Other algorithms: DES (Certs. [#65](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#65), [66](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#66), [67](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#67) and [68](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#68)); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5|
##### Windows 2000 SP1
- (Base DSS: 5.0.2150.1391 [SP1]) FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed) Other algorithms: DES (Certs. #65, 66, 67 and 68); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5 [(Base: 5.0.2150.1391 [SP1])](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp103.pdf) [(DSS/DH Enh: 5.0.2150.1391 [SP1])](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp103.pdf) [(Enh: 5.0.2150.1391 [SP1])](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp103.pdf)|[103](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/103)|FIPS approved algorithms: Triple-DES (Cert. [#16](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#16)); DSA/SHA-1 (Certs. [#28](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#28) and [#29](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#29)); RSA (vendor affirmed) Other algorithms: DES (Certs. [#65](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#65), [66](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#66), [67](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#67) and [68](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#68)); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5|
##### Windows 2000
- FIPS approved algorithms: Triple-DES (vendor affirmed); DSA/SHA-1 (Certs. #28 and 29); RSA (vendor affirmed) Other algorithms: DES (Certs. #65, 66, 67 and 68); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement) Other algorithms: DES (Certs. [#65](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#65), [66](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#66), [67](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#67) and [68](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#68)); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)|
##### Windows 95 and Windows 98
- FIPS approved algorithms: Triple-DES (vendor affirmed); SHA-1 (Certs. #20 and 21); DSA/SHA-1 (Certs. #25 and 26); RSA (vendor- affirmed) Other algorithms: DES (Certs. #61, 62, 63 and 64); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement) Other algorithms: DES (Certs. [#61](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#61), [62](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#62), [63](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#63) and [64](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#64)); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)|
##### Windows NT 4.0
- Other algorithms: DES (Certs. [#61](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#61), [62](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#62), [63](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#63) and [64](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#64)); Triple-DES (allowed for US and Canadian Government use); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)|
## Modules used by Windows Server
@@ -1417,288 +383,60 @@ Validated Editions: Ultimate Edition
Validated Editions: Standard, Datacenter
- FIPS approved algorithms: AES (Certs. #4061 and #4064); HMAC (Cert. #2651); PBKDF (vendor affirmed); RSA (Cert. #2193); SHS (Cert. #3347) Other algorithms: MD5; PBKDF (non-compliant); VMK KDF Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)|
+|Kernel Mode Cryptographic Primitives Library (cng.sys)|[10.0.14393](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2936.pdf)|[2936](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2936)|FIPS approved algorithms: AES (Cert. [#4064](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4064)); DRBG (Cert. [#1217](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1217)); DSA (Cert. [#1098](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1098)); ECDSA (Cert. [#911](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#911)); HMAC (Cert. [#2651](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2651)); KAS (Cert. [#92](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#92)); KBKDF (Cert. [#101](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#101)); KTS (AES Cert. [#4062](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4062); key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. [#2192](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2192), [#2193, and #2195](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2193)); SHS (Cert. [#3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347)); Triple-DES (Cert. [#2227](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2227)) Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)|
+|Boot Manager|[10.0.14393](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2931.pdf)|[2931](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2931)|FIPS approved algorithms: AES (Certs. [#4061](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4061) and [#4064](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4064)); HMAC (Cert. [#2651](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2651)); PBKDF (vendor affirmed); RSA (Cert. [#2193](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2193)); SHS (Cert. [#3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347)) Other algorithms: MD5; PBKDF (non-compliant); VMK KDF|
+|BitLocker® Windows OS Loader (winload)|[10.0.14393](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2932.pdf)|[2932](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2932)|FIPS approved algorithms: AES (Certs. [#4061](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4061) and [#4064](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4064)); RSA (Cert. [#2193](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2193)); SHS (Cert. [#3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347)) Other algorithms: NDRNG; MD5|
+|BitLocker® Windows Resume (winresume)|[10.0.14393](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2933.pdf)|[2933](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2934)|FIPS approved algorithms: AES (Certs. [#4061](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4061) and [#4064](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4064)); RSA (Cert. [#2193](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2193)); SHS (Cert. [#3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347)) Other algorithms: MD5|
+|BitLocker® Dump Filter (dumpfve.sys)|[10.0.14393](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2934.pdf)|[2934](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2934)|FIPS approved algorithms: AES (Certs. [#4061](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4061) and [#4064](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4064))|
+|Code Integrity (ci.dll)|[10.0.14393](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2935.pdf)|[2935](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2935)|FIPS approved algorithms: RSA (Cert. [#2193](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2193)); SHS (Cert. [#3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347)) Other algorithms: AES (non-compliant); MD5|
+|Secure Kernel Code Integrity (skci.dll)|[10.0.14393](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2938.pdf)|[2938](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2938)|FIPS approved algorithms: RSA (Certs. [#2193](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2193)); SHS (Certs. [#3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347)) Other algorithms: MD5|
##### Windows Server 2012 R2
@@ -1706,73 +444,15 @@ Validated Editions: Server, Storage Server,
**StorSimple 8000 Series, Azure StorSimple Virtual Array Windows Server 2012 R2**
- Other algorithms: AES (Cert. [#2832](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2832), key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)|
+|Kernel Mode Cryptographic Primitives Library (cng.sys)|[6.3.9600 6.3.9600.17042](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2356.pdf)|[2356](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2356)|FIPS approved algorithms: AES (Cert. [#2832](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2832)); DRBG (Certs. [#489](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#489)); ECDSA (Cert. [#505](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#505)); HMAC (Cert. [#1773](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1773)); KAS (Cert. [#47](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#47)); KBKDF (Cert. [#30](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#30)); PBKDF (vendor affirmed); RSA (Certs. [#1487](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1487), [#1493, and #1519](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1493)); SHS (Cert. [# 2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373)); Triple-DES (Cert. [#1692](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1692)) Other algorithms: AES (Cert. [#2832](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2832), key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)|
+|Boot Manager|[6.3.9600 6.3.9600.17031](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2351.pdf)|[2351](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2351)|FIPS approved algorithms: AES (Cert. [#2832](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2832)); HMAC (Cert. [#1773](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1773)); PBKDF (vendor affirmed); RSA (Cert. [#1494](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1494)); SHS (Certs. [# 2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373) and [#2396](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2396)) Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)|
+|BitLocker® Windows OS Loader (winload)|[6.3.9600 6.3.9600.17031](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2352.pdf)|[2352](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2352)|FIPS approved algorithms: AES (Cert. [#2832](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2832)); RSA (Cert. [#1494](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1494)); SHS (Cert. [#2396](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2396)) Other algorithms: MD5; NDRNG|
+|BitLocker® Windows Resume (winresume)[16]|[6.3.9600 6.3.9600.17031](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2353.pdf)|[2353](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2353)|FIPS approved algorithms: AES (Cert. [#2832](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2832)); RSA (Cert. [#1494](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1494)); SHS (Certs. [# 2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373) and [#2396](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2396)) Other algorithms: MD5|
+|BitLocker® Dump Filter (dumpfve.sys)[17]|[6.3.9600 6.3.9600.17031](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2354.pdf)|[2354](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2354)|FIPS approved algorithms: AES (Cert. [#2832](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2832)) Other algorithms: N/A|
+|Code Integrity (ci.dll)|[6.3.9600 6.3.9600.17031](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2355.pdf)|[2355](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2355)|FIPS approved algorithms: RSA (Cert. [#1494](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1494)); SHS (Cert. [# 2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373)) Other algorithms: MD5|
\[16\] Doesn't apply to **Azure StorSimple Virtual Array Windows Server 2012 R2**
@@ -1782,470 +462,87 @@ Validated Editions: Server, Storage Server,
Validated Editions: Server, Storage Server
- Other algorithms: AES (Cert. [#2197](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2197), key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#687); ECDSA (Cert.); HMAC (Cert. #); KAS (Cert.); KBKDF (Cert.); PBKDF (vendor affirmed); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.) Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)|
+|Kernel Mode Cryptographic Primitives Library (cng.sys)|[6.2.9200](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1891.pdf)|[1891](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1891)|FIPS approved algorithms: AES (Certs. [#2197](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2197) and [#2216](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2216)); DRBG (Certs. [#258](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258) and [#259](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#259)); ECDSA (Cert. [#341](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#341)); HMAC (Cert. [#1345](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1345)); KAS (Cert. [#36](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#36)); KBKDF (Cert. [#3](http://csrc.nist.gov/groups/stm/cavp/documents/kbkdf800-108/kbkdfval.htm#3)); PBKDF (vendor affirmed); RNG (Cert. [#1110](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#1110)); RSA (Certs. [#1133](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1133) and [#1134](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1134)); SHS (Cert. [#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903)); Triple-DES (Cert. [#1387](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1387)) Other algorithms: AES (Cert. [#2197](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2197), key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#1110); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.) Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)|
+|Boot Manager|[6.2.9200](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1895.pdf)|[1895](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/1401val2013.htm#1895)|FIPS approved algorithms: AES (Certs. [#2196](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2196) and [#2198](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2198)); HMAC (Cert. #[1347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1347)); RSA (Cert. [#1132](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1132)); SHS (Cert. [#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903)) Other algorithms: MD5|
+|BitLocker® Windows OS Loader (WINLOAD)|[6.2.9200](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1896.pdf)|[1896](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/1401val2013.htm#1896)|FIPS approved algorithms: AES (Certs. [#2196](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2196) and [#2198](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2198)); RSA (Cert. [#1132](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1132)); SHS (Cert. [#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903)) Other algorithms: AES (Cert. [#2197](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2197); non-compliant); MD5; Non-Approved RNG|
+|BitLocker® Windows Resume (WINRESUME)|[6.2.9200](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1898.pdf)|[1898](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/1401val2013.htm#1898)|FIPS approved algorithms: AES (Certs. [#2196](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2196) and [#2198](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2198)); RSA (Cert. [#1132](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1132)); SHS (Cert. [#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903)) Other algorithms: MD5|
+|BitLocker® Dump Filter (DUMPFVE.SYS)|[6.2.9200](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1899.pdf)|[1899](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/1401val2013.htm#1899)|FIPS approved algorithms: AES (Certs. [#2196](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2196) and [#2198](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2198)) Other algorithms: N/A|
+|Code Integrity (CI.DLL)|[6.2.9200](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1897.pdf)|[1897](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/1401val2013.htm#1897)|FIPS approved algorithms: RSA (Cert. [#1132](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1132)); SHS (Cert. [#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903)) Other algorithms: MD5|
+|Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL)|[6.2.9200](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1893.pdf)|[1893](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/1401val2013.htm#1893)|FIPS approved algorithms: DSA (Cert. [#686](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#686)); SHS (Cert. [#1902](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902)); Triple-DES (Cert. [#1386](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1386)); Triple-DES MAC (Triple-DES Cert. [#1386](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1386), vendor affirmed) Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. [#1386](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1386), key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)|
+|Enhanced Cryptographic Provider (RSAENH.DLL)|[6.2.9200](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1894.pdf)|[1894](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/1401val2013.htm#1894)|FIPS approved algorithms: AES (Cert. [#2196](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2196)); HMAC (Cert. [#1346](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1346)); RSA (Cert. [#1132](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1132)); SHS (Cert. [#1902](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902)); Triple-DES (Cert. [#1386](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1386)) Other algorithms: AES (Cert. [#2196](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2196), key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. [#1386](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1386), key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)|
##### Windows Server 2008 R2
- Other algorithms: MD5|
+|Winload OS Loader (winload.exe)|[6.1.7600.16385, 6.1.7600.16757, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21655 and 6.1.7601.21675](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1333.pdf)|[1333](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1333)|FIPS approved algorithms: AES (Certs. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168) and [#1177](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1177)); RSA (Cert. [#568](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#568)); SHS (Cert. [#1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081)) Other algorithms: MD5|
+|Code Integrity (ci.dll)|[6.1.7600.16385, 6.1.7600.17122, 6.1.7600.21320, 6.1.7601.17514, 6.1.7601.17950 and 6.1.7601.22108](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1334.pdf)|[1334](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1334)|FIPS approved algorithms: RSA (Cert. [#568](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#568)); SHS (Cert. [#1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081)) Other algorithms: MD5|
+|Kernel Mode Cryptographic Primitives Library (cng.sys)|[6.1.7600.16385, 6.1.7600.16915, 6.1.7600.21092, 6.1.7601.17514, 6.1.7601.17919, 6.1.7601.17725, 6.1.7601.21861 and 6.1.7601.22076](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1335.pdf)|[1335](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1335)|FIPS approved algorithms: AES (Certs. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168) and [#1177](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1177)); AES GCM (Cert. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168), vendor-affirmed); AES GMAC (Cert. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168), vendor-affirmed); DRBG (Certs. [#23](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#23) and [#27](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#27)); ECDSA (Cert. [#142](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#142)); HMAC (Cert. [#686](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#686)); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 bits and 256 bits of encryption strength); RNG (Cert. [#649](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#649)); RSA (Certs. [#559](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#559) and [#567](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#567)); SHS (Cert. [#1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081)); Triple-DES (Cert. [#846](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#846)) Other algorithms: AES (Cert. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168), key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4|
+|Cryptographic Primitives Library (bcryptprimitives.dll)|[66.1.7600.16385 or 6.1.7601.17514](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1336.pdf)|[1336](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1336)|FIPS approved algorithms: AES (Certs. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168) and [#1177](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1177)); AES GCM (Cert. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168), vendor-affirmed); AES GMAC (Cert. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168), vendor-affirmed); DRBG (Certs. [#23](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#23) and [#27](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#27)); DSA (Cert. [#391](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#391)); ECDSA (Cert. [#142](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#142)); HMAC (Cert. [#686](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#686)); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 bits and 256 bits of encryption strength); RNG (Cert. [#649](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#649)); RSA (Certs. [#559](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#559) and [#567](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#567)); SHS (Cert. [#1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081)); Triple-DES (Cert. [#846](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#846)) Other algorithms: AES (Cert. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168), key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; HMAC MD5; MD2; MD4; MD5; RC2; RC4|
+|Enhanced Cryptographic Provider (RSAENH)|[6.1.7600.16385](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1337.pdf)|[1337](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1337)|FIPS approved algorithms: AES (Cert. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168)); DRBG (Cert. [#23](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#23)); HMAC (Cert. [#687](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#687)); SHS (Cert. [#1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081)); RSA (Certs. [#559](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#559) and [#568](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#568)); Triple-DES (Cert. [#846](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#846)) Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)|
+|Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)|[6.1.7600.16385](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1338.pdf)|[1338](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1338)|FIPS approved algorithms: DSA (Cert. [#390](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#390)); RNG (Cert. [#649](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#649)); SHS (Cert. [#1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081)); Triple-DES (Cert. [#846](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#846)); Triple-DES MAC (Triple-DES Cert. [#846](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#846), vendor affirmed) Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4|
+|BitLocker™ Drive Encryption|[6.1.7600.16385, 6.1.7600.16429, 6.1.7600.16757, 6.1.7600.20536, 6.1.7600.20873, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21634, 6.1.7601.21655 or 6.1.7601.21675](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1339.pdf)|[1339](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1339)|FIPS approved algorithms: AES (Certs. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168) and [#1177](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1177)); HMAC (Cert. [#675](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#675)); SHS (Cert. [#1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081)) Other algorithms: Elephant Diffuser|
##### Windows Server 2008
- Other algorithms: N/A|
+|Winload OS Loader (winload.exe)|[6.0.6001.18000, 6.0.6001.18606, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411, 6.0.6002.22497 and 6.0.6002.22596](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1005.pdf)|[1005](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1005)|FIPS approved algorithms: AES (Certs. [#739](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#739) and [#760](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#760)); RSA (Cert. [#355](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#355)); SHS (Cert. [#753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753)) Other algorithms: MD5|
+|Code Integrity (ci.dll)|[6.0.6001.18000 and 6.0.6002.18005](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1006.pdf)|[1006](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1006)|FIPS approved algorithms: RSA (Cert. [#355](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#355)); SHS (Cert. [#753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753)) Other algorithms: MD5|
+|Kernel Mode Security Support Provider Interface (ksecdd.sys)|[6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742 and 6.0.6002.22869](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1007.pdf)|[1007](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1007)|FIPS approved algorithms: AES (Certs. [#739](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#739) and [#757](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#757)); ECDSA (Cert. [#83](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#83)); HMAC (Cert. [#413](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#413)); RNG (Cert. [#435](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#435) and SP800-90 AES-CTR, vendor affirmed); RSA (Certs. [#353](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#353) and [#358](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#358)); SHS (Cert. [#753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753)); Triple-DES (Cert. [#656](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#656)) Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#83); HMAC (Cert.); RNG (Cert. and SP800-90 AES-CTR, vendor affirmed); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.) Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)|
+|Cryptographic Primitives Library (bcrypt.dll)|[6.0.6001.22202, 6.0.6002.18005 and 6.0.6002.22872](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1008.pdf)|[1008](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1008)|FIPS approved algorithms: AES (Certs. [#739](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#739) and [#757](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#757)); DSA (Cert. [#284](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#284)); ECDSA (Cert. [#83](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#83)); HMAC (Cert. [#413](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#413)); RNG (Cert. [#435](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#435) and SP800-90, vendor affirmed); RSA (Certs. [#353](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#353) and [#358](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#358)); SHS (Cert. [#753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753)); Triple-DES (Cert. [#656](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#656)) Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength)|
+|Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)|[6.0.6001.18000 and 6.0.6002.18005](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1009.pdf)|[1009](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1009)|FIPS approved algorithms: DSA (Cert. [#282](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#282)); RNG (Cert. [#435](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#435)); SHS (Cert. [#753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753)); Triple-DES (Cert. [#656](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#656)); Triple-DES MAC (Triple-DES Cert. [#656](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#656), vendor affirmed) Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4|
+|Enhanced Cryptographic Provider (RSAENH)|[6.0.6001.22202 and 6.0.6002.18005](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1010.pdf)|[1010](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1010)|FIPS approved algorithms: AES (Cert. [#739](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#739)); HMAC (Cert. [#408](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#408)); RNG (SP 800-90, vendor affirmed); RSA (Certs. [#353](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#353) and [#355](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#355)); SHS (Cert. [#753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753)); Triple-DES (Cert. [#656](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#656)) Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)|
##### Windows Server 2003 SP2
- FIPS approved algorithms: DSA (Cert. #221); RNG (Cert. #314); RSA (Cert. #245); SHS (Cert. #611); Triple-DES (Cert. #543) Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC4 FIPS approved algorithms: HMAC (Cert. #287); RNG (Cert. #313); SHS (Cert. #610); Triple-DES (Cert. #542) Other algorithms: DES; HMAC-MD5 FIPS approved algorithms: AES (Cert. #548); HMAC (Cert. #289); RNG (Cert. #316); RSA (Cert. #245); SHS (Cert. #613); Triple-DES (Cert. #544) Other algorithms: DES; RC2; RC4; MD2; MD4; MD5; RSA (key wrapping; key establishment methodology provides between 112 bits and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC4|
+|Kernel Mode Cryptographic Module (FIPS.SYS)|[5.2.3790.3959](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp869.pdf)|[869](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/869)|FIPS approved algorithms: HMAC (Cert. [#287](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#287)); RNG (Cert. [#313](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#313)); SHS (Cert. [#610](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#610)); Triple-DES (Cert. [#542](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#542)) Other algorithms: DES; HMAC-MD5|
+|Enhanced Cryptographic Provider (RSAENH)|[5.2.3790.3959](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp868.pdf)|[868](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/868)|FIPS approved algorithms: AES (Cert. [#548](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#548)); HMAC (Cert. [#289](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#289)); RNG (Cert. [#316](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#316)); RSA (Cert. [#245](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#245)); SHS (Cert. [#613](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#613)); Triple-DES (Cert. [#544](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#544)) Other algorithms: DES; RC2; RC4; MD2; MD4; MD5; RSA (key wrapping; key establishment methodology provides between 112 bits and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)|
##### Windows Server 2003 SP1
- FIPS approved algorithms: Triple-DES (Certs. #201[1] and #370[1]); SHS (Certs. #177[1] and #371[2]) Other algorithms: DES (Cert. #230[1]); HMAC-MD5; HMAC-SHA-1 (non-compliant) [1] x86 FIPS approved algorithms: Triple-DES (Cert. #192[1] and #365[2]); AES (Certs. #80[1] and #290[2]); SHS (Cert. #176[1] and #364[2]); HMAC (Cert. #176, vendor affirmed[1] and #99[2]); RSA (PKCS#1, vendor affirmed[1] and #81[2]) Other algorithms: DES (Cert. #226[1]); SHA-256[1]; SHA-384[1]; SHA-512[1]; RC2; RC4; MD2; MD4; MD5 [1] x86 FIPS approved algorithms: Triple-DES (Certs. #199[1] and #381[2]); SHA-1 (Certs. #181[1] and #385[2]); DSA (Certs. #95[1] and #146[2]); RSA (Cert. #81) Other algorithms: DES (Cert. #229[1]); Diffie-Hellman (key agreement); RC2; RC4; MD5; DES 40 [1] x86 Other algorithms: DES (Cert. [#230](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#230)[1]); HMAC-MD5; HMAC-SHA-1 (non-compliant) [1] x86 [2] SP1 x86, x64, IA64|
+|Enhanced Cryptographic Provider (RSAENH)|[5.2.3790.1830 [Service Pack 1])](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp382.pdf)|[382](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/382)|FIPS approved algorithms: Triple-DES (Cert. [#192](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#192)[1] and [#365](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#365)[2]); AES (Certs. [#80](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#80)[1] and [#290](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#290)[2]); SHS (Cert. [#176](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#176)[1] and [#364](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#364)[2]); HMAC (Cert. [#176](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#176), vendor affirmed[1] and [#99](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#99)[2]); RSA (PKCS#1, vendor affirmed[1] and [#81](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#81)[2]) Other algorithms: DES (Cert. [#226](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#226)[1]); SHA-256[1]; SHA-384[1]; SHA-512[1]; RC2; RC4; MD2; MD4; MD5 [1] x86 [2] SP1 x86, x64, IA64|
+|Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)|[5.2.3790.1830 [Service Pack 1]](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp381.pdf)|[381](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/381)|FIPS approved algorithms: Triple-DES (Certs. [#199](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#199)[1] and [#381](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#381)[2]); SHA-1 (Certs. [#181](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#181)[1] and [#385](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#385)[2]); DSA (Certs. [#95](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#95)[1] and [#146](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#146)[2]); RSA (Cert. [#81](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#81)) Other algorithms: DES (Cert. [#229](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#229)[1]); Diffie-Hellman (key agreement); RC2; RC4; MD5; DES 40 [1] x86 [2] SP1 x86, x64, IA64|
##### Windows Server 2003
- FIPS approved algorithms: Triple-DES (Certs. #201[1] and #370[1]); SHS (Certs. #177[1] and #371[2]) Other algorithms: DES (Cert. #230[1]); HMAC-MD5; HMAC-SHA-1 (non-compliant) [1] x86 FIPS approved algorithms: Triple-DES (Cert. #192[1] and #365[2]); AES (Certs. #80[1] and #290[2]); SHS (Cert. #176[1] and #364[2]); HMAC (Cert. #176, vendor affirmed[1] and #99[2]); RSA (PKCS#1, vendor affirmed[1] and #81[2]) Other algorithms: DES (Cert. #226[1]); SHA-256[1]; SHA-384[1]; SHA-512[1]; RC2; RC4; MD2; MD4; MD5 [1] x86 FIPS approved algorithms: Triple-DES (Certs. #199[1] and #381[2]); SHA-1 (Certs. #181[1] and #385[2]); DSA (Certs. #95[1] and #146[2]); RSA (Cert. #81) Other algorithms: DES (Cert. #229[1]); Diffie-Hellman (key agreement); RC2; RC4; MD5; DES 40 [1] x86 Other algorithms: DES (Cert. [#230](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#230)[1]); HMAC-MD5; HMAC-SHA-1 (non-compliant) [1] x86 [2] SP1 x86, x64, IA64|
+|Enhanced Cryptographic Provider (RSAENH)|[5.2.3790.0](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp382.pdf)|[382](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/382)|FIPS approved algorithms: Triple-DES (Cert. [#192](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#192)[1] and [#365](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#365)[2]); AES (Certs. [#80](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#80)[1] and [#290](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#290)[2]); SHS (Cert. [#176](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#176)[1] and [#364](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#364)[2]); HMAC (Cert. [#176](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#176), vendor affirmed[1] and [#99](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#99)[2]); RSA (PKCS#1, vendor affirmed[1] and [#81](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#81)[2]) Other algorithms: DES (Cert. [#226](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#226)[1]); SHA-256[1]; SHA-384[1]; SHA-512[1]; RC2; RC4; MD2; MD4; MD5 [1] x86 [2] SP1 x86, x64, IA64|
+|Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)|[5.2.3790.0](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp381.pdf)|[381](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/381)|FIPS approved algorithms: Triple-DES (Certs. [#199](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#199)[1] and [#381](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#381)[2]); SHA-1 (Certs. [#181](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#181)[1] and [#385](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#385)[2]); DSA (Certs. [#95](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#95)[1] and [#146](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#146)[2]); RSA (Cert. [#81](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#81)) Other algorithms: DES (Cert. [#229](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#229)[1]); Diffie-Hellman (key agreement); RC2; RC4; MD5; DES 40 [1] x86 [2] SP1 x86, x64, IA64|
#### Other Products
##### Windows Embedded Compact 7 and Windows Embedded Compact 8
- FIPS approved algorithms: AES (Certs.#4433and#4434); CKG (vendor affirmed); DRBG (Certs.#1432and#1433); HMAC (Certs.#2946and#2945); RSA (Certs.#2414and#2415); SHS (Certs.#3651and#3652); Triple-DES (Certs.#2383and#2384) Allowed algorithms: HMAC-MD5, MD5, NDRNG FIPS approved algorithms: AES (Certs.#4430and#4431); CKG (vendor affirmed); CVL (Certs.#1139and#1140); DRBG (Certs.#1429and#1430); DSA (Certs.#1187and#1188); ECDSA (Certs.#1072and#1073); HMAC (Certs.#2942and#2943); KAS (Certs.#114and#115); RSA (Certs.#2411and#2412); SHS (Certs.#3648and#3649); Triple-DES (Certs.#2381and#2382) Allowed algorithms: MD5, NDRNG, RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength Allowed algorithms: HMAC-MD5, MD5, NDRNG|
+|Cryptographic Primitives Library (bcrypt.dll)|[7.00.2872 [1] and 8.00.6246 [2]](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2956.pdf)|[2956](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2956)|FIPS approved algorithms: AES (Certs.[#4430](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4430)and[#4431](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4431)); CKG (vendor affirmed); CVL (Certs.[#1139](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1139)and[#1140](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1140)); DRBG (Certs.[#1429](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1429)and[#1430](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1430)); DSA (Certs.[#1187](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1187)and[#1188](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1188)); ECDSA (Certs.[#1072](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1072)and[#1073](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1073)); HMAC (Certs.[#2942](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2942)and[#2943](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2943)); KAS (Certs.[#114](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#114)and[#115](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#115)); RSA (Certs.[#2411](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2411)and[#2412](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2412)); SHS (Certs.[#3648](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648)and[#3649](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649)); Triple-DES (Certs.[#2381](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2381)and[#2382](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2382)) Allowed algorithms: MD5, NDRNG, RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength|
##### Windows CE 6.0 and Windows Embedded Compact 7
- FIPS approved algorithms: AES (Certs. #516 [1] and #2024 [2]); HMAC (Certs. #267 [1] and #1227 [2]); RNG (Certs. #292 [1] and #1060 [2]); RSA (Cert. #230 [1] and #1052 [2]); SHS (Certs. #589 [1] and #1774 [2]); Triple-DES (Certs. #526 [1] and #1308 [2]) Other algorithms: MD5; HMAC-MD5; RC2; RC4; DES Other algorithms: MD5; HMAC-MD5; RC2; RC4; DES|
##### Outlook Cryptographic Provider
- FIPS approved algorithms: Triple-DES (Cert. #18); SHA-1 (Certs. #32); RSA (vendor affirmed) Other algorithms: DES (Certs. #91); DES MAC; RC2; MD2; MD5 Other algorithms: DES (Certs. [#91](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#91)); DES MAC; RC2; MD2; MD5|
### Cryptographic Algorithms
@@ -2253,5089 +550,406 @@ The following tables are organized by cryptographic algorithms with their modes,
### Advanced Encryption Standard (AES)
- Microsoft Surface Hub Virtual TPM Implementations #4904 Version 10.0.15063.674 Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #4903 Version 10.0.16299 Microsoft Surface Hub SymCrypt Cryptographic Implementations #4902 Version 10.0.15063.674 Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #4901 Version 10.0.15254 Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #4897 Version 10.0.16299 AES-KW: Microsoft Surface Hub Cryptography Next Generation (CNG) Implementations #4900 Version 10.0.15063.674 AES-KW: Windows 10 Mobile (version 1709) Cryptography Next Generation (CNG) Implementations #4899 Version 10.0.15254 AES-KW: Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Cryptography Next Generation (CNG) Implementations #4898 Version 10.0.16299 AES-CCM: Microsoft Surface Hub BitLocker(R) Cryptographic Implementations #4896 Version 10.0.15063.674 AES-CCM: Windows 10 Mobile (version 1709) BitLocker(R) Cryptographic Implementations #4895 Version 10.0.15254 AES-CCM: Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); BitLocker(R) Cryptographic Implementations #4894 Version 10.0.16299 CBC (e/d; 128, 192, 256); CFB128 (e/d; 128, 192, 256); OFB (e/d; 128, 192, 256); CTR (int only; 128, 192, 256) Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #4627 Version 10.0.15063 KW (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 256, 192, 320, 2048) Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile Cryptography Next Generation (CNG) Implementations #4626 Version 10.0.15063 CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16) Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile BitLocker(R) Cryptographic Implementations #4625 Version 10.0.15063 ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); CFB8 (e/d; 128, 192, 256); CFB128 (e/d; 128, 192, 256); CTR (int only; 128, 192, 256) CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16) CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96) IV Generated: (External); PT Lengths Tested: (0, 1024, 8, 1016); Additional authenticated data lengths tested: (0, 1024, 8, 1016); 96 bit IV supported GMAC supported XTS((KS: XTS_128((e/d)(f)) KS: XTS_256((e/d)(f)) Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #4624 Version 10.0.15063 ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #4434 Version 7.00.2872 ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #4433 Version 8.00.6246 ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); CTR (int only; 128, 192, 256) Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #4431 Version 7.00.2872 ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); CTR (int only; 128, 192, 256) Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #4430 Version 8.00.6246 CBC (e/d; 128, 192, 256); CFB128 (e/d; 128, 192, 256); OFB (e/d; 128, 192, 256); CTR (int only; 128, 192, 256) Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #4074 Version 10.0.14393 ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); CFB8 (e/d; 128, 192, 256); CFB128 (e/d; 128, 192, 256); CTR (int only; 128, 192, 256) CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16) CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96) XTS((KS: XTS_128((e/d)(f)) KS: XTS_256((e/d)(f)) Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #4064 Version 10.0.14393 ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); CFB8 (e/d; 128, 192, 256); KW (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 192, 256, 320, 2048) Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #4062 Version 10.0.14393 CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16) Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update BitLocker® Cryptographic Implementations #4061 Version 10.0.14393 KW (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 256, 192, 320, 2048) Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations #3652 Version 10.0.10586 CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16) Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” BitLocker® Cryptographic Implementations #3653 Version 10.0.10586 ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); CFB8 (e/d; 128, 192, 256); ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); CFB8 (e/d; 128, 192, 256); CFB128 (e/d; 128, 192, 256); CTR (int only; 128, 192, 256) CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16) CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96) XTS((KS: XTS_128((e/d) (f)) KS: XTS_256((e/d) (f)) Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” SymCrypt Cryptographic Implementations #3629 Version 10.0.10586 KW (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 256, 192, 320, 2048) Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #3507 Version 10.0.10240 CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16) Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 BitLocker® Cryptographic Implementations #3498 Version 10.0.10240 ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); CFB8 (e/d; 128, 192, 256); CFB128 (e/d; 128, 192, 256); CTR (int only; 128, 192, 256) CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16) CMAC(Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96) XTS((KS: XTS_128((e/d)(f)) KS: XTS_256((e/d)(f)) ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); CFB8 (e/d; 128, 192, 256); ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); CFB8 (e/d; 128, 192, 256); Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations #2853 Version 6.3.9600 CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16) Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 BitLocker Cryptographic Implementations #2848 Version 6.3.9600 CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 0 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16) CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96) IV Generated: (Externally); PT Lengths Tested: (0, 128, 1024, 8, 1016); Additional authenticated data lengths tested: (0, 128, 1024, 8, 1016); IV Lengths Tested: (8, 1024); 96 bit IV supported; Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #2832 Version 6.3.9600 CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16) CMAC (Generation/Verification) (KS: 128; Block Size(s); Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 192; Block Size(s); Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 256; Block Size(s); Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) GCM(KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96) CCM (KS: 256) (Assoc. Data Len Range: 0 - 0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16) ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); CFB8 (e/d; 128, 192, 256); CFB128 (e/d; 128, 192, 256); CTR (int only; 128, 192, 256) ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); CFB8 (e/d; 128, 192, 256); Windows Server 2008 R2 and SP1 CNG algorithms #1187 Windows 7 Ultimate and SP1 CNG algorithms #1178 ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); CFB8 (e/d; 128, 192, 256); GCM GMAC Windows Server 2008 CNG algorithms #757 Windows Vista Ultimate SP1 CNG algorithms #756 CBC (e/d; 128, 256); CCM (KS: 128, 256) (Assoc. Data Len Range: 0 - 8) (Payload Length Range: 4 - 32 (Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16) Windows Vista Ultimate BitLocker Drive Encryption #715 Windows Vista Ultimate BitLocker Drive Encryption #424 ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); CFB8 (e/d; 128, 192, 256); Windows Vista Ultimate SP1 and Windows Server 2008 Symmetric Algorithm Implementation #739 Windows Vista Symmetric Algorithm Implementation #553 ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); CTR (int only; 128, 192, 256) ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #2024 Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #818 Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #781 Windows 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #548 Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #516 Windows CE and Windows Mobile 6, 6.1, and 6.5 Enhanced Cryptographic Provider (RSAENH) #507 Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #290 Windows CE 5.0 and 5.1 Enhanced Cryptographic Provider (RSAENH) #224 Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) #80 Windows XP, SP1, and SP2 Enhanced Cryptographic Provider (RSAENH) #33 AES-CBC: AES-CFB128: AES-CTR: Counter Source: Internal AES-OFB: Version 10.0.15063.674|
+| AES-CBC: AES-CFB128: AES-CTR: Counter Source: Internal AES-OFB: Version 10.0.16299|
+| AES-CBC: AES-CCM: AES-CFB128: AES-CFB8: AES-CMAC: AES-128: AES-192: AES-256: Verification: AES-128: AES-192: AES-256: AES-CTR: Counter Source: Internal AES-ECB: AES-GCM: AES-XTS: Version 10.0.15063.674|
+| AES-CBC: AES-CCM: AES-CFB128: AES-CFB8: AES-CMAC: AES-128: AES-192: AES-256: AES-128: AES-192: AES-256: AES-CTR: Counter Source: Internal AES-ECB: AES-GCM: AES-XTS: Version 10.0.15254|
+|AES-CBC: AES-CCM: AES-CFB128: AES-CFB8: AES-CMAC: AES-128: AES-192: AES-256: Verification: AES-128: AES-192: AES-256: AES-CTR: Counter Source: Internal AES-ECB: AES-GCM: AES-XTS: Version 10.0.16299|
+|AES-KW: AES [validation number 4902](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4902)|Microsoft Surface Hub Cryptography Next Generation (CNG) Implementations [#4900](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4900) Version 10.0.15063.674|
+|AES-KW: AES [validation number 4901](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4901)|Windows 10 Mobile (version 1709) Cryptography Next Generation (CNG) Implementations [#4899](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4899) Version 10.0.15254|
+|AES-KW: AES [validation number 4897](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4897)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Cryptography Next Generation (CNG) Implementations [#4898](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4898) Version 10.0.16299|
+|AES-CCM: AES [validation number 4902](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4902)|Microsoft Surface Hub BitLocker(R) Cryptographic Implementations [#4896](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4896) Version 10.0.15063.674|
+|AES-CCM: AES [validation number 4901](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4901)|Windows 10 Mobile (version 1709) BitLocker(R) Cryptographic Implementations [#4895](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4895) Version 10.0.15254|
+|AES-CCM: AES [validation number 4897](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4897)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); BitLocker(R) Cryptographic Implementations [#4894](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4894) Version 10.0.16299|
+|**CBC** (e/d; 128, 192, 256); **CFB128** (e/d; 128, 192, 256); **OFB** (e/d; 128, 192, 256); **CTR** (int only; 128, 192, 256)|Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations [#4627](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4627) Version 10.0.15063|
+|**KW** (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 256, 192, 320, 2048) AES [validation number 4624](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4624)|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile Cryptography Next Generation (CNG) Implementations [#4626](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4626) Version 10.0.15063|
+|**CCM** (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16) AES [validation number 4624](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4624)|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile BitLocker(R) Cryptographic Implementations [#4625](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4625) Version 10.0.15063|
+|**ECB** (e/d; 128, 192, 256); **CBC** (e/d; 128, 192, 256); **CFB8** (e/d; 128, 192, 256); **CFB128** (e/d; 128, 192, 256); **CTR** (int only; 128, 192, 256) **CCM** (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16) **CMAC** (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) **GCM** (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96) IV Generated: (External); PT Lengths Tested: (0, 1024, 8, 1016); Additional authenticated data lengths tested: (0, 1024, 8, 1016); 96 bit IV supported GMAC supported **XTS**((KS: XTS_128((e/d)(f)) KS: XTS_256((e/d)(f))|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#4624](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4624) Version 10.0.15063|
+|**ECB** (e/d; 128, 192, 256); **CBC** (e/d; 128, 192, 256);|Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) [#4434](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4434) Version 7.00.2872|
+|**ECB** (e/d; 128, 192, 256); **CBC** (e/d; 128, 192, 256);|Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) [#4433](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4433) Version 8.00.6246|
+|**ECB** (e/d; 128, 192, 256); **CBC** (e/d; 128, 192, 256); **CTR** (int only; 128, 192, 256)|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#4431](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4431) Version 7.00.2872|
+|**ECB** (e/d; 128, 192, 256); **CBC** (e/d; 128, 192, 256); **CTR** (int only; 128, 192, 256)|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#4430](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4430) Version 8.00.6246|
+|**CBC** (e/d; 128, 192, 256); **CFB128** (e/d; 128, 192, 256); **OFB** (e/d; 128, 192, 256); **CTR** (int only; 128, 192, 256)|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations [#4074](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4074) Version 10.0.14393|
+|**ECB** (e/d; 128, 192, 256); **CBC** (e/d; 128, 192, 256); **CFB8** (e/d; 128, 192, 256); **CFB128** (e/d; 128, 192, 256); **CTR** (int only; 128, 192, 256) **CCM** (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16) **CMAC (Generation/Verification)** (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) **GCM** (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96) **IV Generated:** (Externally); PT Lengths Tested: (0, 1024, 8, 1016); Additional authenticated data lengths tested: (0, 1024, 8, 1016); IV Lengths Tested: (0, 0); 96 bit IV supported GMAC supported **XTS((KS: XTS_128**((e/d)(f)) **KS: XTS_256**((e/d)(f))|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations [#4064](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4064) Version 10.0.14393|
+|**ECB** (e/d; 128, 192, 256); **CBC** (e/d; 128, 192, 256); **CFB8** (e/d; 128, 192, 256);|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations [#4063](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4063) Version 10.0.14393|
+|**KW** (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 192, 256, 320, 2048) AES [validation number 4064](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4064)|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations [#4062](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4062) Version 10.0.14393|
+|**CCM** (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16) AES [validation number 4064](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4064)|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update BitLocker® Cryptographic Implementations [#4061](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4061) Version 10.0.14393|
+|**KW** (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 256, 192, 320, 2048) AES [validation number 3629](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3629)|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations [#3652](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3652) Version 10.0.10586|
+|**CCM** (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16) AES [validation number 3629](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3629)|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” BitLocker® Cryptographic Implementations [#3653](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3653) Version 10.0.10586|
+|**ECB** (e/d; 128, 192, 256); **CBC** (e/d; 128, 192, 256); **CFB8** (e/d; 128, 192, 256);|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” RSA32 Algorithm Implementations [#3630](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3630) Version 10.0.10586|
+|**ECB** (e/d; 128, 192, 256); **CBC** (e/d; 128, 192, 256); **CFB8** (e/d; 128, 192, 256); **CFB128** (e/d; 128, 192, 256); **CTR** (int only; 128, 192, 256) **CCM** (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16) **CMAC (Generation/Verification)** (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) **GCM** (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)v**IV Generated:** (Externally); PT Lengths Tested: (0, 1024, 8, 1016); Additional authenticated data lengths tested: (0, 1024, 8, 1016); IV Lengths Tested: (0, 0); 96 bit IV supported GMAC supported **XTS((KS: XTS_128**((e/d) (f)) **KS: XTS_256**((e/d) (f))|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” SymCrypt Cryptographic Implementations [#3629](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3629) Version 10.0.10586|
+|**KW** (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 256, 192, 320, 2048) AES [validation number 3497](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3497)|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations [#3507](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3507) Version 10.0.10240|
+|**CCM** (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16) AES [validation number 3497](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3497)|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 BitLocker® Cryptographic Implementations [#3498](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3498) Version 10.0.10240|
+|**ECB** (e/d; 128, 192, 256); **CBC** (e/d; 128, 192, 256); **CFB8** (e/d; 128, 192, 256); **CFB128** (e/d; 128, 192, 256); **CTR** (int only; 128, 192, 256) **CCM** (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16) **CMAC(Generation/Verification)** (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) **GCM** (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96) **IV Generated:** (Externally); PT Lengths Tested: (0, 1024, 8, 1016); Additional authenticated data lengths tested: (0, 1024, 8, 1016); IV Lengths Tested: (0, 0); 96 bit IV supported GMAC supported **XTS((KS: XTS_128**((e/d)(f)) **KS: XTS_256**((e/d)(f))|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations [#3497](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3497) Version 10.0.10240|
+|**ECB** (e/d; 128, 192, 256); **CBC** (e/d; 128, 192, 256); **CFB8** (e/d; 128, 192, 256);|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations [#3476](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3476) Version 10.0.10240|
+|**ECB** (e/d; 128, 192, 256); **CBC** (e/d; 128, 192, 256); **CFB8** (e/d; 128, 192, 256);|Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations [#2853](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2853) Version 6.3.9600|
+|**CCM (KS: 256)** (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16) AES [validation number 2832](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2832)|Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 BitLocker Cryptographic Implementations [#2848](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2848) Version 6.3.9600|
+|**CCM (KS: 128, 192, 256)** (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 0 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16) **CMAC (Generation/Verification) (KS: 128**; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) **GCM (KS: AES_128**(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96) **(KS: AES_256**(e/d) Tag Length(s): 128 120 112 104 96) **IV Generated:** (Externally); PT Lengths Tested: (0, 128, 1024, 8, 1016); Additional authenticated data lengths tested: (0, 128, 1024, 8, 1016); IV Lengths Tested: (8, 1024); 96 bit IV supported; **OtherIVLen_Supported GMAC supported**|Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #[2832](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2832) Version 6.3.9600|
+|**CCM (KS: 128, 192, 256**) **(Assoc. Data Len Range**: 0-0, 2^16) **(Payload Length Range**: 0 - 32 (**Nonce Length(s)**: 7 8 9 10 11 12 13 **(Tag Length(s)**: 4 6 8 10 12 14 16) AES [validation number 2197](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2197) **CMAC** (Generation/Verification) **(KS: 128;** Block Size(s); **Msg Len(s)** Min: 0 Max: 2^16; **Tag Len(s)** Min: 16 Max: 16) **(KS: 192**; Block Size(s); **Msg Len(s)** Min: 0 Max: 2^16; **Tag Len(s)** Min: 16 Max: 16) **(KS: 256**; Block Size(s); **Msg Len(s)** Min: 0 Max: 2^16; **Tag Len(s)** Min: 16 Max: 16) AES [validation number 2197](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2197) **GCM(KS: AES_128**(e/d) Tag Length(s): 128 120 112 104 96) **(KS: AES_192**(e/d) Tag Length(s): 128 120 112 104 96) **(KS: AES_256**(e/d) Tag Length(s): 128 120 112 104 96) **IV Generated:** (Externally); **PT Lengths Tested:** (0, 128, 1024, 8, 1016); **Additional authenticated data lengths tested:** (0, 128, 1024, 8, 1016); **IV Lengths Tested:** (8, 1024); **96 bit IV supported GMAC supported**|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations [#2216](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2216)|
+|**CCM (KS: 256) (Assoc. Data Len Range: **0 - 0, 2^16**) (Payload Length Range:** 0 - 32 (**Nonce Length(s)**: 12 **(Tag Length(s)**: 16) AES [validation number 2196](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2196)|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 BitLocker® Cryptographic Implementations [#2198](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2198)|
+|**ECB** (e/d; 128, 192, 256); **CBC** (e/d; 128, 192, 256); **CFB8** (e/d; 128, 192, 256); **CFB128** (e/d; 128, 192, 256); **CTR** (int only; 128, 192, 256)|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) [#2197](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2197)|
+|**ECB** (e/d; 128, 192, 256); **CBC** (e/d; 128, 192, 256); **CFB8** (e/d; 128, 192, 256);|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) [#2196](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2196)|
+|**CCM (KS: 128, 192, 256) (Assoc. Data Len Range: **0 – 0, 2^16**) (Payload Length Range:** 0 - 32 **(Nonce Length(s):** 7 8 9 10 11 12 13 **(Tag Length(s): **4 6 8 10 12 14 16**)** AES [validation number 1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168)|Windows Server 2008 R2 and SP1 CNG algorithms [#1187](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1187) Windows 7 Ultimate and SP1 CNG algorithms [#1178](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1178)|
+|**CCM (KS: 128, 256) (Assoc. Data Len Range: **0 - 8**) (Payload Length Range:** 4 - 32 **(Nonce Length(s):** 7 8 12 13 **(Tag Length(s): **4 6 8 14 16**)** AES [validation number 1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168)|Windows 7 Ultimate and SP1 and Windows Server 2008 R2 and SP1 BitLocker Algorithm Implementations [#1177](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1177)|
+|**ECB** (e/d; 128, 192, 256); **CBC** (e/d; 128, 192, 256); **CFB8** (e/d; 128, 192, 256);|Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168)|
+|**GCM** **GMAC**|Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168), vendor-affirmed|
+|**CCM (KS: 128, 256) (Assoc. Data Len Range: **0 - 8**) (Payload Length Range:** 4 - 32 **(Nonce Length(s):** 7 8 12 13 **(Tag Length(s): **4 6 8 14 16**)**|Windows Vista Ultimate SP1 and Windows Server 2008 BitLocker Algorithm Implementations [#760](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#760)|
+|**CCM (KS: 128, 192, 256) (Assoc. Data Len Range: **0 - 0, 2^16**) (Payload Length Range:** 1 - 32 **(Nonce Length(s):** 7 8 9 10 11 12 13 **(Tag Length(s):** 4 6 8 10 12 14 16**)**|Windows Server 2008 CNG algorithms [#757](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#757) Windows Vista Ultimate SP1 CNG algorithms [#756](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#756)|
+|**CBC** (e/d; 128, 256); **CCM** (**KS: 128, 256**) (**Assoc. Data Len Range**: 0 - 8) (**Payload Length Range**: 4 - 32 (**Nonce Length(s)**: 7 8 12 13 (**Tag Length(s)**: 4 6 8 14 16)|Windows Vista Ultimate BitLocker Drive Encryption [#715](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#715) Windows Vista Ultimate BitLocker Drive Encryption [#424](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#424)|
+|**ECB** (e/d; 128, 192, 256); **CBC** (e/d; 128, 192, 256); **CFB8** (e/d; 128, 192, 256);|Windows Vista Ultimate SP1 and Windows Server 2008 Symmetric Algorithm Implementation [#739](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#739) Windows Vista Symmetric Algorithm Implementation [#553](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#553)|
+|**ECB** (e/d; 128, 192, 256); **CBC** (e/d; 128, 192, 256); **CTR** (int only; 128, 192, 256)|Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) [#2023](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2023)|
+|**ECB** (e/d; 128, 192, 256); **CBC** (e/d; 128, 192, 256);|Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) [#2024](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2024) Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) [#818](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#818) Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) [#781](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#781) Windows 2003 SP2 Enhanced Cryptographic Provider (RSAENH) [#548](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#548) Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) [#516](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#516) Windows CE and Windows Mobile 6, 6.1, and 6.5 Enhanced Cryptographic Provider (RSAENH) [#507](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#507) Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) [#290](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#290) Windows CE 5.0 and 5.1 Enhanced Cryptographic Provider (RSAENH) [#224](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#224) Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) [#80](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#80) Windows XP, SP1, and SP2 Enhanced Cryptographic Provider (RSAENH) [#33](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#33)|
### Deterministic Random Bit Generator (DRBG)
- Prerequisite: AES #4904 Microsoft Surface Hub Virtual TPM Implementations #1734 Version 10.0.15063.674 Prerequisite: AES #4903 Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #1733 Version 10.0.16299 Prerequisite: AES #4902 Microsoft Surface Hub SymCrypt Cryptographic Implementations #1732 Version 10.0.15063.674 Prerequisite: AES #4901 Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1731 Version 10.0.15254 Prerequisite: AES #4897 Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1730 Version 10.0.16299 Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #1556 Version 10.0.15063 Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1555 Version 10.0.15063 Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #1433 Version 7.00.2872 Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #1432 Version 8.00.6246 Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1430 Version 7.00.2872 Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1429 Version 8.00.6246 Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #1222 Version 10.0.14393 Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #1217 Version 10.0.14393 Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations #955 Version 10.0.10586 Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #868 Version 10.0.10240 Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #489 Version 6.3.9600 Counter: Prerequisite: AES [#4904](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4904)|Microsoft Surface Hub Virtual TPM Implementations [#1734](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1734) Version 10.0.15063.674|
+| Counter: Prerequisite: AES [#4903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4903)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations [#1733](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1733) Version 10.0.16299|
+| Counter: Prerequisite: AES [#4902](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4902)|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#1732](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1732) Version 10.0.15063.674|
+| Counter: Prerequisite: AES [#4901](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4901)|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#1731](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1731) Version 10.0.15254|
+| Counter: Prerequisite: AES [#4897](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4897)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations [#1730](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1730) Version 10.0.16299|
+|**CTR_DRBG:** [Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES [validation number 4627](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4627))]|Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations [#1556](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1556) Version 10.0.15063|
+|**CTR_DRBG:**[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256 (AES [validation number 4624](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4624))]|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#1555](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1555) Version 10.0.15063|
+|**CTR_DRBG**:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES [validation number 4434](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4434))]|Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) [#1433](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1433) Version 7.00.2872|
+|**CTR_DRBG**:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES [validation number 4433](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4433))]|Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) [#1432](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1432) Version 8.00.6246|
+|**CTR_DRBG**:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES [validation number 4431](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4431))]|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#1430](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1430) Version 7.00.2872|
+|**CTR_DRBG**:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES [validation number 4430](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4430))]|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#1429](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1429) Version 8.00.6246|
+|**CTR_DRBG:**[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES [validation number 4074](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4074))]|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations [#1222](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1222) Version 10.0.14393|
+|**CTR_DRBG:**[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES [validation number 4064](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4064))]|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations [#1217](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1217) Version 10.0.14393|
+|**CTR_DRBG:**[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES [validation number 3629](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3629))]|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations [#955](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#955) Version 10.0.10586|
+|**CTR_DRBG:**[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES [validation number 3497](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3497))]|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations [#868](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#868) Version 10.0.10240|
+|**CTR_DRBG:**[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES [validation number 2832](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2832))]|Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations [#489](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#489) Version 6.3.9600|
+|**CTR_DRBG**:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES [validation number 2197](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2197))]|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) [#258](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258)|
+|**CTR_DRBG**:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES [validation number 2023](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2023))]|Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) [#193](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#193)|
+|**CTR_DRBG**:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES [validation number 1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168))]|Windows 7 Ultimate and SP1 and Windows Server 2008 R2 and SP1 RNG Library [#23](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#23)|
+|**DRBG** (SP 800–90)|Windows Vista Ultimate SP1, vendor-affirmed|
#### Digital Signature Algorithm (DSA)
- Microsoft Surface Hub SymCrypt Cryptographic Implementations #1303 Version 10.0.15063.674 Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1302 Version 10.0.15254 Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1301 Version 10.0.16299 FIPS186-4: PQG(gen)PARMS TESTED: [(2048,256)SHA(256); (3072,256) SHA(256)] PQG(ver)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)] KeyPairGen: [(2048,256); (3072,256)] SIG(gen)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)] SIG(ver)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)] DRBG: validation number 1555 Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1223 Version 10.0.15063 Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1188 Version 7.00.2872 Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1187 Version 8.00.6246 FIPS186-4: SHS: validation number 3347 Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #1098 Version 10.0.14393 FIPS186-4: SHS: validation number 3047 Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #1024 Version 10.0.10586 FIPS186-4: SHS: validation number 2886 Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #983 Version 10.0.10240 FIPS186-4: SHS: validation number 2373 Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #855 Version 6.3.9600 FIPS186-2: FIPS186-4: Windows Server 2008 R2 and SP1 CNG algorithms #391 Windows 7 Ultimate and SP1 CNG algorithms #386 Windows Server 2008 R2 and SP1 Enhanced DSS (DSSENH) #390 Windows 7 Ultimate and SP1 Enhanced DSS (DSSENH) #385 Windows Server 2008 CNG algorithms #284 Windows Vista Ultimate SP1 CNG algorithms #283 Windows Server 2008 Enhanced DSS (DSSENH) #282 Windows Vista Ultimate SP1 Enhanced DSS (DSSENH) #281 Windows Vista CNG algorithms #227 Windows Vista Enhanced DSS (DSSENH) #226 Windows 2000 DSSENH.DLL #29 Windows 2000 DSSBASE.DLL #28 Windows NT 4 SP6 DSSENH.DLL #26 Windows NT 4 SP6 DSSBASE.DLL #25 FIPS186-2: PRIME; KEYGEN(Y): SIG(gen): PQGGen: PQGVer: SigGen: SigVer: KeyPair: Prerequisite: SHS [#4011](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4011), DRBG [#1732](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1732)|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#1303](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1303) Version 10.0.15063.674|
+|DSA: PQGGen: PQGVer: SigGen: SigVer: KeyPair: Prerequisite: SHS [#4010](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4010), DRBG [#1731](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1731)|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#1302](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1302) Version 10.0.15254|
+|DSA: PQGGen: PQGVer: SigGen: SigVer: KeyPair: Prerequisite: SHS [#4009](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009), DRBG [#1730](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1730)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations [#1301](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1301) Version 10.0.16299|
+|**FIPS186-4:** **PQG(ver)**PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)] **SIG(gen)**PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)] **SIG(ver)** PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)] SHS: [validation number 3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790) DRBG: [validation number 1555](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1555)|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#1223](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1223) Version 10.0.15063|
+|**FIPS186-4: **SIG(ver)PARMS TESTED:** [(1024,160) SHA(1)] SHS: [validation number 3649](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649)|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#1188](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1188) Version 7.00.2872|
+|**FIPS186-4: **SIG(ver)PARMS TESTED:** [(1024,160) SHA(1)] SHS: [validation number 3648](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648)|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#1187](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1187) Version 8.00.6246|
+|**FIPS186-4: **PQG(ver)**PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)] **SIG(gen)**PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)] **SIG(ver)**PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)] SHS: [validation number 3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347) DRBG: [validation number 1217](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1217)|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations [#1098](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1098) Version 10.0.14393|
+|**FIPS186-4: **PQG(ver)**PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)] **SIG(ver)**PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)] SHS: [validation number 3047](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3047) DRBG: [validation number 955](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#955)|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations [#1024](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1024) Version 10.0.10586|
+|**FIPS186-4: **PQG(ver)**PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)] **SIG(gen)**PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)] **SIG(ver)**PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)] SHS: [validation number 2886](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2886) DRBG: [validation number 868](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#868)|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations [#983](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#983) Version 10.0.10240|
+|**FIPS186-4: **PQG(ver**)PARMS TESTED: [(2048,256), SHA(256); (3072,256) SHA(256)] **SIG(gen)**PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)] **SIG(ver)**PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)] SHS: [validation number 2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373) DRBG: [validation number 489](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#489)|Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations [#855](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#855) Version 6.3.9600|
+|**FIPS186-2**: **PQG(ver)** MOD(1024); **SIG(ver)** MOD(1024); SHS: [#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903) DRBG: [#258](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258) **FIPS186-4: PQG(gen)PARMS TESTED**: [(2048,256)SHA(256); (3072,256) SHA(256)] **PQG(ver)PARMS TESTED**: [(2048,256) SHA(256); (3072,256) SHA(256)] **SIG(gen)PARMS TESTED**: [(2048,256) SHA(256); (3072,256) SHA(256)] **SIG(ver)PARMS TESTED**: [(2048,256) SHA(256); (3072,256) SHA(256)] SHS: [#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903) DRBG: [#258](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258) Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical DSA List validation number 687](http://csrc.nist.gov/groups/stm/cavp/documents/dss/dsahistoricalval.htm#687).|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations [#687](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#687)|
+|**FIPS186-2: **SIG(ver)** MOD(1024); SHS: [#1902](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902) DRBG: [#258](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258) Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical DSA List validation number 686](http://csrc.nist.gov/groups/stm/cavp/documents/dss/dsahistoricalval.htm#686).|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 DSS and Diffie-Hellman Enhanced Cryptographic Provider (DSSENH) [#686](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#686)|
+|**FIPS186-2: SHS: [validation number 1773](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773) DRBG: [validation number 193](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#193) Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical DSA List validation number 645](http://csrc.nist.gov/groups/stm/cavp/documents/dss/dsahistoricalval.htm#645).|Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) [#645](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#645)|
+|**FIPS186-2: SHS: [validation number 1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081) DRBG: [validation number 23](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#23) Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical DSA List validation number 391](http://csrc.nist.gov/groups/stm/cavp/documents/dss/dsahistoricalval.htm#391). See [Historical DSA List validation number 386](http://csrc.nist.gov/groups/stm/cavp/documents/dss/dsahistoricalval.htm#386).|Windows Server 2008 R2 and SP1 CNG algorithms [#391](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#391) Windows 7 Ultimate and SP1 CNG algorithms [#386](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#386)|
+|**FIPS186-2: SHS: [validation number 1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081) RNG: [validation number 649](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#649) Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical DSA List validation number 390](http://csrc.nist.gov/groups/stm/cavp/documents/dss/dsahistoricalval.htm#390). See [Historical DSA List validation number 385](http://csrc.nist.gov/groups/stm/cavp/documents/dss/dsahistoricalval.htm#385).|Windows Server 2008 R2 and SP1 Enhanced DSS (DSSENH) [#390](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#390) Windows 7 Ultimate and SP1 Enhanced DSS (DSSENH) [#385](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#385)|
+|**FIPS186-2: SHS: [validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753) Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical DSA List validation number 284](http://csrc.nist.gov/groups/stm/cavp/documents/dss/dsahistoricalval.htm#284). See [Historical DSA List validation number 283](http://csrc.nist.gov/groups/stm/cavp/documents/dss/dsahistoricalval.htm#283).|Windows Server 2008 CNG algorithms [#284](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#284) Windows Vista Ultimate SP1 CNG algorithms [#283](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#283)|
+|**FIPS186-2: SHS: [validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753) RNG: [validation number 435](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#435) Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical DSA List validation number 282](http://csrc.nist.gov/groups/stm/cavp/documents/dss/dsahistoricalval.htm#282). See [Historical DSA List validation number 281](http://csrc.nist.gov/groups/stm/cavp/documents/dss/dsahistoricalval.htm#281).|Windows Server 2008 Enhanced DSS (DSSENH) [#282](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#282) Windows Vista Ultimate SP1 Enhanced DSS (DSSENH) [#281](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#281)|
+|**FIPS186-2: SHS: [validation number 618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618) RNG: [validation number 321](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#321) Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical DSA List validation number 227](http://csrc.nist.gov/groups/stm/cavp/documents/dss/dsahistoricalval.htm#227). See [Historical DSA List validation number 226](http://csrc.nist.gov/groups/stm/cavp/documents/dss/dsahistoricalval.htm#226).|Windows Vista CNG algorithms [#227](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#227) Windows Vista Enhanced DSS (DSSENH) [#226](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#226)|
+|**FIPS186-2: SHS: [validation number 784](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#784) RNG: [validation number 448](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#448) Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical DSA List validation number 292](http://csrc.nist.gov/groups/stm/cavp/documents/dss/dsahistoricalval.htm#292).|Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) [#292](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#292)|
+|**FIPS186-2: SHS: [validation number 783](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#783) RNG: [validation number 447](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#447)vSome of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical DSA List validation number 291](http://csrc.nist.gov/groups/stm/cavp/documents/dss/dsahistoricalval.htm#291).|Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) [#291](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#291)|
+|**FIPS186-2: **PQG(ver)** MOD(1024); **KEYGEN(Y)** MOD(1024); **SIG(gen)** MOD(1024); **SIG(ver)** MOD(1024); SHS: [validation number 611](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#611) RNG: [validation number 314](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#314)|Windows 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider [#221](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#221)|
+|**FIPS186-2: **PQG(ver)** MOD(1024); **KEYGEN(Y)** MOD(1024); **SIG(gen)** MOD(1024);v**SIG(ver)** MOD(1024);vSHS: [validation number 385](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#385)|Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) [#146](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#146)|
+|**FIPS186-2: **KEYGEN(Y)** MOD(1024);v**SIG(gen)** MOD(1024); **SIG(ver)** MOD(1024); SHS: [validation number 181](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#181)|Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) [#95](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#95)|
+|**FIPS186-2: **PQG(ver)** MOD(1024); **KEYGEN(Y)** MOD(1024); **SIG(gen)** MOD(1024); SHS: SHA-1 (BYTE) **SIG(ver)** MOD(1024); SHS: SHA-1 (BYTE)|Windows 2000 DSSENH.DLL [#29](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#29) Windows 2000 DSSBASE.DLL [#28](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#28) Windows NT 4 SP6 DSSENH.DLL [#26](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#26) Windows NT 4 SP6 DSSBASE.DLL [#25](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#25)|
+|**FIPS186-2: PRIME; **KEYGEN(Y):**SHS: SHA-1 (BYTE) **SIG(gen):SIG(ver)** MOD(1024); SHS: SHA-1 (BYTE)|Windows NT 4.0 SP4 Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider [#17](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#17)|
#### Elliptic Curve Digital Signature Algorithm (ECDSA)
- Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1263 Version 6.3.9600 Microsoft Surface Hub Virtual TPM Implementations #1253 Version 10.0.15063.674 Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #1252 Version 10.0.16299 Microsoft Surface Hub MsBignum Cryptographic Implementations #1251 Version 10.0.15063.674 Microsoft Surface Hub SymCrypt Cryptographic Implementations #1250 Version 10.0.15063.674 Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1249 Version 10.0.15254 Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #1248 Version 10.0.15254 Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1247 Version 10.0.16299 Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1246 Version 10.0.16299 Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #1136 Version 10.0.15063 Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1135 Version 10.0.15063 Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1133 Version 10.0.15063 Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1073 Version 7.00.2872 Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1072 Version 8.00.6246 FIPS186-4: SHS: validation number 3347 Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #920 Version 10.0.14393 FIPS186-4: SHS: validation number 3347 Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #911 Version 10.0.14393 FIPS186-4: SHS: validation number 3047 Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #760 Version 10.0.10586 FIPS186-4: SHS: validation number 2886 Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #706 Version 10.0.10240 FIPS186-4: SHS: validation number 2373 Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #505 Version 6.3.9600 FIPS186-2: FIPS186-4: FIPS186-2: FIPS186-4: Windows Server 2008 R2 and SP1 CNG algorithms #142 Windows 7 Ultimate and SP1 CNG algorithms #141 Windows Server 2008 CNG algorithms #83 Windows Vista Ultimate SP1 CNG algorithms #82 ECDSA:186-4: Key Pair Generation: Public Key Validation: Signature Generation: Signature Verification: Prerequisite: SHS [#2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373), DRBG [#489](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#489)|Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations [#1263](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1263) Version 6.3.9600|
+|ECDSA:186-4: Key Pair Generation: Prerequisite: SHS [#4011](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4011), DRBG [#1734](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1734)|Microsoft Surface Hub Virtual TPM Implementations [#1253](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1253) Version 10.0.15063.674|
+|ECDSA:186-4: Key Pair Generation: Prerequisite: SHS [#4009](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009), DRBG [#1733](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1733)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations [#1252](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1252) Version 10.0.16299|
+|ECDSA:186-4: Key Pair Generation: Public Key Validation: Signature Generation: Signature Verification: Prerequisite: SHS [#4011](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4011), DRBG [#1732](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1732)|Microsoft Surface Hub MsBignum Cryptographic Implementations [#1251](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1251) Version 10.0.15063.674|
+|ECDSA:186-4: Key Pair Generation: Public Key Validation: Signature Generation: Signature Verification: Prerequisite: SHS [#4011](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4011), DRBG [#1732](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1732)|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#1250](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1250) Version 10.0.15063.674|
+|ECDSA:186-4: Key Pair Generation: Public Key Validation: Signature Generation: Signature Verification: Prerequisite: SHS [#4010](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4010), DRBG [#1731](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1731)|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#1249](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1249) Version 10.0.15254|
+|ECDSA:186-4: Key Pair Generation: Public Key Validation: Signature Generation: Signature Verification: Prerequisite: SHS [#4010](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4010), DRBG [#1731](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1731)|Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations [#1248](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1248) Version 10.0.15254|
+|ECDSA:186-4: Key Pair Generation: Public Key Validation: Signature Generation: Signature Verification: Prerequisite: SHS [#4009](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009), DRBG [#1730](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1730)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations [#1247](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1247) Version 10.0.16299|
+|ECDSA:186-4: Key Pair Generation: Public Key Validation: Signature Generation: Signature Verification: Prerequisite: SHS [#4009](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009), DRBG [#1730](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1730)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations [#1246](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1246) Version 10.0.16299|
+|**FIPS186-4: SHS: [validation number 3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790) DRBG: [validation number 1555](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1555)|Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations [#1136](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1136) Version 10.0.15063|
+|**FIPS186-4: **PKV: CURVES**(P-256 P-384 P-521) **SigGen: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) **SigVer: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)) SHS: [validation number 3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790) DRBG: [validation number 1555](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1555)|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations [#1135](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1135) Version 10.0.15063|
+|**FIPS186-4: **PKV: CURVES**(P-256 P-384 P-521) **SigGen: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) **SigVer: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)) SHS: [validation number 3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790) DRBG: [validation number 1555](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1555)|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#1133](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1133) Version 10.0.15063|
+|**FIPS186-4: **PKV: CURVES**(P-256 P-384 P-521) **SigGen: CURVES**(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) SIG(gen) with SHA-1 affirmed for use with protocols only. **SigVer: CURVES**(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512)) **SHS:**[validation number 3649](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649) **DRBG:**[validation number 1430](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1430)|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#1073](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1073) Version 7.00.2872|
+|**FIPS186-4: **PKV: CURVES**(P-256 P-384 P-521) **SigGen: CURVES**(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) SIG(gen) with SHA-1 affirmed for use with protocols only. **SigVer: CURVES**(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512)) **SHS:**[validation number 3648](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648) **DRBG:**[validation number 1429](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1429)|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#1072](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1072) Version 8.00.6246|
+|**FIPS186-4: **SigGen: CURVES**(P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384) SIG(gen) with SHA-1 affirmed for use with protocols only.v**SigVer: CURVES**(P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384)) SHS: [validation number 3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347) DRBG: [validation number 1222](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1222)|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations [#920](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#920) Version 10.0.14393|
+|**FIPS186-4: **PKV: CURVES**(P-256 P-384 P-521) **SigGen: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) **SigVer: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))vSHS: [validation number 3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347) DRBG: [validation number 1217](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1217)|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations [#911](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#911) Version 10.0.14393|
+|**FIPS186-4: **SigGen: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) **SigVer: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)) SHS: [validation number 3047](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3047) DRBG: [validation number 955](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#955)|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations [#760](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#760) Version 10.0.10586|
+|**FIPS186-4: **SigGen: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) **SigVer**: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)) SHS: [validation number 2886](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2886) DRBG: [validation number 868](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#868)|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations [#706](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#706) Version 10.0.10240|
+|**FIPS186-4: **SigGen: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) **SigVer: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)) SHS: [validation number 2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373) DRBG: [validation number 489](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#489)|Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations [#505](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#505) Version 6.3.9600|
+|**FIPS186-2: **SHS**: [#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903) **DRBG**: [#258](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258) **SIG(ver): CURVES**(P-256 P-384 P-521) **SHS**: [#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903) **DRBG**: [#258](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258) **FIPS186-4: **SigGen: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) **SigVer: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)) **SHS**: [#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903) **DRBG**: [#258](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258) Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical ECDSA List validation number 341](http://csrc.nist.gov/groups/stm/cavp/documents/dss/ecdsahistoricalval.html#341).|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations [#341](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#341)|
+|**FIPS186-2: **SHS**: [validation number 1773](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773) **DRBG**: [validation number 193](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#193) **SIG(ver): CURVES**(P-256 P-384 P-521) **SHS**: [validation number 1773](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773) **DRBG**: [validation number 193](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#193) **FIPS186-4: **SigGen: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) **SigVer: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)) **SHS**: [validation number 1773](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773) **DRBG**: [validation number 193](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#193) Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical ECDSA List validation number 295](http://csrc.nist.gov/groups/stm/cavp/documents/dss/ecdsahistoricalval.html#295).|Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) [#295](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#295)|
+|**FIPS186-2: **SHS**: [validation number 1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081) **DRBG**: [validation number 23](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#23) **SIG(ver): CURVES**(P-256 P-384 P-521) **SHS**: [validation number 1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081) **DRBG**: [validation number 23](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#23) Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical ECDSA List validation number 142](http://csrc.nist.gov/groups/stm/cavp/documents/dss/ecdsahistoricalval.html#142). See [Historical ECDSA List validation number 141](http://csrc.nist.gov/groups/stm/cavp/documents/dss/ecdsahistoricalval.html#141).|Windows Server 2008 R2 and SP1 CNG algorithms [#142](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#142) Windows 7 Ultimate and SP1 CNG algorithms [#141](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#141)|
+|**FIPS186-2: **SHS**: [validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753) **SIG(ver): CURVES**(P-256 P-384 P-521) **SHS**: [validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753) Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical ECDSA List validation number 83](http://csrc.nist.gov/groups/stm/cavp/documents/dss/ecdsahistoricalval.html#83). See [Historical ECDSA List validation number 82](http://csrc.nist.gov/groups/stm/cavp/documents/dss/ecdsahistoricalval.html#82).|Windows Server 2008 CNG algorithms [#83](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#83) Windows Vista Ultimate SP1 CNG algorithms [#82](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#82)|
+|**FIPS186-2: **SHS**: [validation number 618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618) **RNG**: [validation number 321](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618) **SIG(ver): CURVES**(P-256 P-384 P-521) **SHS**: [validation number 618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618) **RNG**: [validation number 321](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#321) Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical ECDSA List validation number 60](http://csrc.nist.gov/groups/stm/cavp/documents/dss/ecdsahistoricalval.html#60).|Windows Vista CNG algorithms [#60](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#60)|
#### Keyed-Hash Message Authentication Code (HMAC)
- Prerequisite: SHS #4011 Microsoft Surface Hub Virtual TPM Implementations #3271 Version 10.0.15063.674 Prerequisite: SHS #4009 Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #3270 Version 10.0.16299 Prerequisite: SHS #4011 Microsoft Surface Hub SymCrypt Cryptographic Implementations #3269 Version 10.0.15063.674 Prerequisite: SHS #4010 Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #3268 Version 10.0.15254 Prerequisite: SHS #4009 Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #3267 Version 10.0.16299 HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 3790 HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3790 HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3790 Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #3062 Version 10.0.15063 HMAC-SHA1(Key Sizes Ranges Tested: KSBS) SHS validation number 3790 HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3790 HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3790 HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 3790 Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #3061 Version 10.0.15063 HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 3652 HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3652 HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3652 HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 3652 Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2946 Version 7.00.2872 HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 3651 HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3651 HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3651 HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 3651 Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2945 Version 8.00.6246 HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 3649 HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3649 HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3649 HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 3649 Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2943 Version 7.00.2872 HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 3648 HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3648 HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3648 HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 3648 Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2942 Version 8.00.6246 HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) HMAC-SHA256 (Key Size Ranges Tested: KSBS) HMAC-SHA384 (Key Size Ranges Tested: KSBS) Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #2661 Version 10.0.14393 HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 3347 HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3347 HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3347 HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 3347 Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #2651 Version 10.0.14393 HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) HMAC-SHA256 (Key Size Ranges Tested: KSBS) HMAC-SHA384 (Key Size Ranges Tested: KSBS) HMAC-SHA512 (Key Size Ranges Tested: KSBS) Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” SymCrypt Cryptographic Implementations #2381 Version 10.0.10586 HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) HMAC-SHA256 (Key Size Ranges Tested: KSBS) HMAC-SHA384 (Key Size Ranges Tested: KSBS) HMAC-SHA512 (Key Size Ranges Tested: KSBS) Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #2233 Version 10.0.10240 HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) HMAC-SHA256 (Key Size Ranges Tested: KSBS) HMAC-SHA384 (Key Size Ranges Tested: KSBS) HMAC-SHA512 (Key Size Ranges Tested: KSBS) Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #1773 Version 6.3.9600 HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 2764 HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 2764 HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 2764 HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 2764 Windows CE and Windows Mobile, and Windows Embedded Handheld Enhanced Cryptographic Provider (RSAENH) #2122 Version 5.2.29344 HMAC-SHA1 (Key Sizes Ranges Tested: KS#1902 HMAC-SHA256 (Key Size Ranges Tested: KS#1902 HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS#1902 HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS#1902 HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS#1902 HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS#1902 HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS#1903 HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS#1903 HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS#1903 HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS#1903 HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 1773 HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 1773 Tinker HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 1773 HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 1773 HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 1774 HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 1774 HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 1774 HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 1774 HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 1081 HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 1081 HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 1081 HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 1081 Windows Server 2008 R2 and SP1 CNG algorithms #686 Windows 7 and SP1 CNG algorithms #677 Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) #687 Windows 7 Enhanced Cryptographic Provider (RSAENH) #673 HMAC-SHA1(Key Sizes Ranges Tested: KSvalidation number 1081 HMAC-SHA256 (Key Size Ranges Tested: KSvalidation number 1081 HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 816 HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 816 HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 816 HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 816 HMAC-SHA1 (Key Sizes Ranges Tested: KSvalidation number 753 HMAC-SHA256 (Key Size Ranges Tested: KSvalidation number 753 HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 753 HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 753 HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 753 HMAC-SHA512 (Key Size Ranges Tested: KSBS)SHS validation number 753 Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) #408 Windows Vista Enhanced Cryptographic Provider (RSAENH) #407 HMAC-SHA1 (Key Sizes Ranges Tested: KSBS)SHSvalidation number 618 HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 618 HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 618 HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 618 Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #429 Windows XP, vendor-affirmed HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 783 HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 783 HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 783 HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 783 HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 613 HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 613 HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 613 HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 613 HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 753 HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 753 HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 753 HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 753 Windows Server 2008 CNG algorithms #413 Windows Vista Ultimate SP1 CNG algorithms #412 HMAC-SHA1 (Key Sizes Ranges Tested: KSvalidation number 737 HMAC-SHA256 (Key Size Ranges Tested: KSvalidation number 737 HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 618 HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 618 HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 618 HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 618 HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 589 HMAC-SHA256 (Key Size Ranges Tested: KSBS)SHSvalidation number 589 HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 589 HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 589 HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 578 HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 578 HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 578 HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 578 HMAC-SHA1 (Key Sizes Ranges Tested: KSvalidation number 495 HMAC-SHA256 (Key Size Ranges Tested: KSvalidation number 495 Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #99 Windows XP, vendor-affirmed HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 305 HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 305 HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 305 HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 305 HMAC-SHA-1: HMAC-SHA2-256: HMAC-SHA2-384: Prerequisite: SHS [#4011](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4011)|Microsoft Surface Hub Virtual TPM Implementations [#3271](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ HMAC#3271) Version 10.0.15063.674|
+| HMAC-SHA-1: HMAC-SHA2-256: HMAC-SHA2-384: Prerequisite: SHS [#4009](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations [#3270](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ HMAC#3270) Version 10.0.16299|
+| HMAC-SHA-1: HMAC-SHA2-256: HMAC-SHA2-384: HMAC-SHA2-512: Prerequisite: SHS [#4011](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4011)|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#3269](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ HMAC#3269) Version 10.0.15063.674|
+| HMAC-SHA-1: HMAC-SHA2-256: HMAC-SHA2-384: HMAC-SHA2-512: Prerequisite: SHS [#4010](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4010)|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#3268](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ HMAC#3268) Version 10.0.15254|
+| HMAC-SHA-1: HMAC-SHA2-256: HMAC-SHA2-384: HMAC-SHA2-512: Prerequisite: SHS [#4009](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations [#3267](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ HMAC#3267) Version 10.0.16299|
+| **HMAC-SHA1 (Key Sizes Ranges Tested:** KSBS) SHS [validation number 3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790) **HMAC-SHA256 (Key Size Ranges Tested:** KSBS) SHS [validation number 3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790) **HMAC-SHA384 (Key Size Ranges Tested:** KSBS) SHS [validation number 3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790)|Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations [#3062](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3062) Version 10.0.15063|
+| **HMAC-SHA1(Key Sizes Ranges Tested:** KSBS) SHS [validation number 3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790) **HMAC-SHA256 (Key Size Ranges Tested:** KSBS) SHS [validation number 3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790) **HMAC-SHA384 (Key Size Ranges Tested:** KSBS) SHS [validation number 3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790) **HMAC-SHA512 (Key Size Ranges Tested:** KSBS) SHS [validation number 3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790)|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#3061](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3061) Version 10.0.15063|
+| **HMAC-SHA1 (Key Sizes Ranges Tested:** KSBS) SHS [validation number 3652](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3652) **HMAC-SHA256 (Key Size Ranges Tested:** KSBS) SHS [validation number 3652](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3652) **HMAC-SHA384 (Key Size Ranges Tested:** KSBS) SHS [validation number 3652](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3652) **HMAC-SHA512 (Key Size Ranges Tested:** KSBS) SHS[validation number 3652](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3652)|Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) [#2946](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2946) Version 7.00.2872|
+| **HMAC-SHA1 (Key Sizes Ranges Tested:** KSBS) SHS [validation number 3651](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3651) **HMAC-SHA256 (Key Size Ranges Tested:** KSBS) SHS [validation number 3651](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3651) **HMAC-SHA384 (Key Size Ranges Tested:** KSBS) SHS [validation number 3651](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3651) **HMAC-SHA512 (Key Size Ranges Tested:** KSBS) SHS[validation number 3651](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3651)|Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) [#2945](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2945) Version 8.00.6246|
+| **HMAC-SHA1 (Key Sizes Ranges Tested:** KSBS) SHS [validation number 3649](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649) **HMAC-SHA256 (Key Size Ranges Tested:** KSBS) SHS [validation number 3649](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649) **HMAC-SHA384 (Key Size Ranges Tested:** KSBS) SHS [validation number 3649](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649) **HMAC-SHA512 (Key Size Ranges Tested:** KSBS) SHS[validation number 3649](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649)|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#2943](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2943) Version 7.00.2872|
+| **HMAC-SHA1 (Key Sizes Ranges Tested:** KSBS) SHS [validation number 3648](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648) **HMAC-SHA256 (Key Size Ranges Tested:** KSBS) SHS [validation number 3648](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648) **HMAC-SHA384 (Key Size Ranges Tested:** KSBS) SHS [validation number 3648](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648) **HMAC-SHA512 (Key Size Ranges Tested:** KSBS) SHS[validation number 3648](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648)|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#2942](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2942) Version 8.00.6246|
+| **HMAC-SHA1** (Key Sizes Ranges Tested: KSBS) SHS [validation number 3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347) **HMAC-SHA256** (Key Size Ranges Tested: KSBS) SHS [validation number 3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347) **HMAC-SHA384** (Key Size Ranges Tested: KSBS) SHS [validation number 3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347)|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations [#2661](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2661) Version 10.0.14393|
+| **HMAC-SHA1** (Key Sizes Ranges Tested: KSBS) SHS [validation number 3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347) **HMAC-SHA256** (Key Size Ranges Tested: KSBS) SHS [validation number 3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347) **HMAC-SHA384** (Key Size Ranges Tested: KSBS) SHS [validation number 3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347) **HMAC-SHA512** (Key Size Ranges Tested: KSBS) SHS [validation number 3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347)|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations [#2651](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2651) Version 10.0.14393|
+| **HMAC-SHA1** (Key Sizes Ranges Tested: KSBS) **HMAC-SHA256** (Key Size Ranges Tested: KSBS) **HMAC-SHA384** (Key Size Ranges Tested: KSBS) **HMAC-SHA512** (Key Size Ranges Tested: KSBS) Version 10.0.10586|
+| **HMAC-SHA1** (Key Sizes Ranges Tested: KSBS) **HMAC-SHA256** (Key Size Ranges Tested: KSBS) **HMAC-SHA384** (Key Size Ranges Tested: KSBS) **HMAC-SHA512** (Key Size Ranges Tested: KSBS) Version 10.0.10240|
+| **HMAC-SHA1** (Key Sizes Ranges Tested: KSBS) **HMAC-SHA256** (Key Size Ranges Tested: KSBS) **HMAC-SHA384** (Key Size Ranges Tested: KSBS) **HMAC-SHA512** (Key Size Ranges Tested: KSBS) Version 6.3.9600|
+| **HMAC-SHA1** (Key Sizes Ranges Tested: KSBS) SHS [validation number 2764](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2764) **HMAC-SHA256** (Key Size Ranges Tested: KSBS) SHS [validation number 2764](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2764) **HMAC-SHA384** (Key Size Ranges Tested: KSBS) SHS [validation number 2764](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2764) **HMAC-SHA512** (Key Size Ranges Tested: KSBS) SHS [validation number 2764](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2764)|Windows CE and Windows Mobile, and Windows Embedded Handheld Enhanced Cryptographic Provider (RSAENH) [#2122](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2122) Version 5.2.29344|
+| **HMAC-SHA1 (Key Sizes Ranges Tested: KS**[#1902](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902) **HMAC-SHA256 (Key Size Ranges Tested: KS**[#1902](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902)|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 BitLocker® Cryptographic Implementations #[1347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1347)|
+| **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS**[#1902](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902) **HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS**[#1902](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902) **HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS**[#1902](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902) **HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS**[#1902](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902)|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Enhanced Cryptographic Provider (RSAENH) #[1346](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1346)|
+| **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS)** **HMAC-SHA256 (Key Size Ranges Tested: KSBS)** **HMAC-SHA384 (Key Size Ranges Tested: KSBS)** **HMAC-SHA512 (Key Size Ranges Tested: KSBS)** **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 1773](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773) **HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 1773](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773) **HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 1773](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773)|Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll), [#1364](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1364)|
+| **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 1774](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1774) **HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 1774](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1774) **HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 1774](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1774) **HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 1774](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1774)|Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) [#1227](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1227)|
+| **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081) **HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081) **HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081) **HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081)|Windows Server 2008 R2 and SP1 CNG algorithms [#686](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#686) Windows 7 and SP1 CNG algorithms [#677](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#677) Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) [#687](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#687) Windows 7 Enhanced Cryptographic Provider (RSAENH) [#673](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#673)|
+| **HMAC-SHA1(Key Sizes Ranges Tested: KS**[validation number 1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081) **HMAC-SHA256 (Key Size Ranges Tested: KS**[validation number 1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081)|Windows 7 and SP1 and Windows Server 2008 R2 and SP1 BitLocker Algorithm Implementations [#675](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#675)|
+| **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 816](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#816) **HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 816](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#816) **HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 816](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#816) **HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 816](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#816)|Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) [#452](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#452)|
+| **HMAC-SHA1 (Key Sizes Ranges Tested: KS**[validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753) **HMAC-SHA256 (Key Size Ranges Tested: KS**[validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753)|Windows Vista Ultimate SP1 and Windows Server 2008 BitLocker Algorithm Implementations [#415](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#415)|
+| **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753) **HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753) **HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753) **HMAC-SHA512 (Key Size Ranges Tested: KSBS)** SHS [validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753)|Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) [#408](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#408) Windows Vista Enhanced Cryptographic Provider (RSAENH) [#407](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#407)|
+| **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS)SHS** [validation number 618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618) **HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618) **HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618) **HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618)|Windows Vista Enhanced Cryptographic Provider (RSAENH) [#297](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#297)|
+| **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 785](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#785)|Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) [#429](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#429) Windows XP, vendor-affirmed|
+| **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 783](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#783) **HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 783](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#783) **HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 783](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#783) **HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 783](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#783)|Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) [#428](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#428)|
+| **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 613](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#613) **HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 613](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#613) **HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 613](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#613) **HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 613](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#613)|Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) [#289](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#289)|
+| **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 610](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#610)|Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) [#287](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#287)|
+| **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753) **HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753) **HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753) **HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753)|Windows Server 2008 CNG algorithms [#413](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#413) Windows Vista Ultimate SP1 CNG algorithms [#412](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#412)|
+| **HMAC-SHA1 (Key Sizes Ranges Tested: KS**[validation number 737](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#737) **HMAC-SHA256 (Key Size Ranges Tested: KS**[validation number 737](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#737)|Windows Vista Ultimate BitLocker Drive Encryption [#386](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#386)|
+| **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618) **HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618) **HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 618](http://csrc.nist.gov/groups/stm/cavp/documents/shs/shaval.htm#618) **HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618)|Windows Vista CNG algorithms [#298](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#298)|
+| **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 589](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#589) **HMAC-SHA256 (Key Size Ranges Tested: KSBS)SHS** [validation number 589](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#589) **HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 589](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#589) **HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 589](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#589)|Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) [#267](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#267)|
+| **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 578](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#578) **HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 578](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#578) **HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 578](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#578) **HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 578](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#578)|Windows CE and Windows Mobile 6.0 and Windows Mobil 6.5 Enhanced Cryptographic Provider (RSAENH) [#260](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#260)|
+| **HMAC-SHA1 (Key Sizes Ranges Tested: KS**[validation number 495](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#495) **HMAC-SHA256 (Key Size Ranges Tested: KS**[validation number 495](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#495)|Windows Vista BitLocker Drive Encryption [#199](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#199)|
+| **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 364](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#364)|Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) [#99](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#99) Windows XP, vendor-affirmed|
+| **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 305](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#305) **HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 305](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#305) **HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 305](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#305) **HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 305](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#305)|Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) [#31](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#31)|
+
#### Key Agreement Scheme (KAS)
- Microsoft Surface Hub Virtual TPM Implementations #150 Version 10.0.15063.674 Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #149 Version 10.0.16299 Prerequisite: SHS #4011, ECDSA #1250, DRBG #1732 Microsoft Surface Hub SymCrypt Cryptographic Implementations #148 Version 10.0.15063.674 Prerequisite: SHS #4010, ECDSA #1249, DRBG #1731 Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #147 Version 10.0.15254 Prerequisite: SHS #4009, ECDSA #1246, DRBG #1730 Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #146 Version 10.0.16299 ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Full Validation Key Regeneration) SCHEMES [FullUnified (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC)] SHS validation number 3790 Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #128 Version 10.0.15063 FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation) SCHEMES [dhEphem (KARole(s): Initiator / Responder) ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation) SCHEMES [EphemeralUnified (No_KC < KARole(s): Initiator / Responder>) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))] Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #127 Version 10.0.15063 FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation) SCHEMES [dhEphem (KARole(s): Initiator / Responder) ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration) SCHEMES [EphemeralUnified (No_KC < KARole(s): Initiator / Responder>) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))] Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #115 Version 7.00.2872 FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation) SCHEMES [dhEphem (KARole(s): Initiator / Responder) ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration) SCHEMES [EphemeralUnified (No_KC) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))] Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #114 Version 8.00.6246 ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Full Validation Key Regeneration) SHS validation number 3347 ECDSA validation number 920 DRBG validation number 1222 Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #93 Version 10.0.14393 FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation) SHS validation number 3347 DSA validation number 1098 DRBG validation number 1217 ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration) SCHEMES [EphemeralUnified (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))] SHS validation number 3347 DSA validation number 1098 ECDSA validation number 911 DRBG validation number 1217 HMAC validation number 2651 Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #92 Version 10.0.14393 FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation) SCHEMES [dhEphem (KARole(s): Initiator / Responder) SHS validation number 3047 DSA validation number 1024 DRBG validation number 955 ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration) SCHEMES [EphemeralUnified (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))] SHS validation number 3047 ECDSA validation number 760 DRBG validation number 955 Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub Cryptography Next Generation (CNG) Implementations #72 Version 10.0.10586 FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation) SCHEMES [dhEphem (KARole(s): Initiator / Responder) SHS validation number 2886 DSA validation number 983 DRBG validation number 868 ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration) SCHEMES [EphemeralUnified (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))] SHS validation number 2886 ECDSA validation number 706 DRBG validation number 868 Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #64 Version 10.0.10240 FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation) SCHEMES [dhEphem (KARole(s): Initiator / Responder) SHS validation number 2373 DSA validation number 855 DRBG validation number 489 ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration) SCHEMES [EphemeralUnified (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))] SHS validation number 2373 ECDSA validation number 505 DRBG validation number 489 Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #47 Version 6.3.9600 FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation) SCHEMES [dhEphem (KARole(s): Initiator / Responder) ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration) SCHEMES [EphemeralUnified (No_KC < KARole(s): Initiator / Responder>) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))] KAS (SP 800–56A) key agreement key establishment methodology provides 80 bits to 256 bits of encryption strength Windows 7 and SP1, vendor-affirmed Windows Server 2008 R2 and SP1, vendor-affirmed Schemes: Full Unified: EC: ED: Version 10.0.15063.674|
+|KAS ECC: Schemes: Full Unified: EC: ED: Version 10.0.16299|
+|KAS ECC: Schemes: Ephemeral Unified: EC: ED: EE: One-Pass DH: EC: ED: EE: Static Unified: EC: ED: EE: KAS FFC: Schemes: dhEphem: FB: FC: dhOneFlow: FB: FC dhStatic: FB: FC: Version 10.0.15063.674|
+|KAS ECC: Schemes: Ephemeral Unified: EC: ED: EE: One-Pass DH: EC: ED: EE: Static Unified: EC: ED: EE: KAS FFC: Schemes: dhEphem: FB: FC: dhOneFlow: FB: FC dhStatic: FB: FC: Version 10.0.15254|
+|KAS ECC: Schemes: Ephemeral Unified: EC: ED: EE: One-Pass DH: ED EE: Static Unified: EC: ED: EE: KAS FFC: Schemes: dhEphem: FB: FC: dhOneFlow: FB: FC: dhStatic: FB: FC: Version 10.0.16299|
+|**ECC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Full Validation Key Regeneration) **SCHEMES** [**FullUnified** (**EC:** P-256 SHA256 HMAC) (**ED:** P-384 SHA384 HMAC)] SHS [validation number 3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790) DSA [validation number 1135](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1135) DRBG [validation number 1556](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1556)|Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations [#128](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#128) Version 10.0.15063|
+|**FFC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation) **SCHEMES** [**dhEphem** (KARole(s): Initiator / Responder)(**FB:** SHA256) (**FC:** SHA256)] [**dhOneFlow** (**FB:** SHA256) (**FC:** SHA256)] [**dhStatic** (**No_KC** < KARole(s): Initiator / Responder>) (**FB:** SHA256 HMAC) (**FC:** SHA256 HMAC)] SHS [validation number 3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790) DSA [validation number 1223](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1223) DRBG [validation number 1555](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1555)**ECC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation) **SCHEMES** [**EphemeralUnified** (**No_KC** < KARole(s): Initiator / Responder>) (**EC:** P-256 SHA256 HMAC) (**ED:** P-384 SHA384 HMAC) (**EE:** P-521 HMAC (SHA512, HMAC_SHA512)))] [**OnePassDH** (**No_KC** < KARole(s): Initiator / Responder>) (**EC:** P-256 SHA256 HMAC) (**ED:** P-384 SHA384 HMAC) (**EE:** P-521 HMAC (SHA512, HMAC_SHA512))] [**StaticUnified** (**No_KC** < KARole(s): Initiator / Responder>) (**EC:** P-256 SHA256 HMAC) (**ED:** P-384 SHA384 HMAC) (**EE:** P-521 HMAC (SHA512, HMAC_SHA512))] SHS [validation number 3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790) ECDSA [validation number 1133](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1133)DRBG [validation number 1555](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1555)|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#127](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#127) Version 10.0.15063|
+|**FFC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation) **SCHEMES** [**dhEphem** (KARole(s): Initiator / Responder)(**FB:** SHA256) (**FC:** SHA256)] [**dhOneFlow** (KARole(s): Initiator / Responder) (**FB:** SHA256) (**FC:** SHA256)] [**dhStatic** (**No_KC** < KARole(s): Initiator / Responder>) (**FB:** SHA256 HMAC) (**FC:** SHA256 HMAC)] SHS [validation number 3649](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649) DSA [validation number 1188](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1188) DRBG [validation number 1430](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1430) **ECC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration) **SCHEMES** [**EphemeralUnified** (**No_KC** < KARole(s): Initiator / Responder>) (**EC:** P-256 SHA256 HMAC) (**ED:** P-384 SHA384 HMAC) (**EE:** P-521 HMAC (SHA512, HMAC_SHA512)))] [**OnePassDH** (**No_KC** < KARole(s): Initiator / Responder>) (**EC:** P-256 SHA256 HMAC) (**ED:** P-384 SHA384 HMAC) (**EE:** P-521 HMAC (SHA512, HMAC_SHA512))] [**StaticUnified** (**No_KC** < KARole(s): Initiator / Responder>) (**EC:** P-256 SHA256 HMAC) (**ED:** P-384 SHA384 HMAC) (**EE:** P-521 HMAC (SHA512, HMAC_SHA512))]|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#115](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#115) Version 7.00.2872|
+|**FFC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation) **SCHEMES** [**dhEphem** (KARole(s): Initiator / Responder)(**FB:** SHA256) (**FC:** SHA256)] [**dhHybridOneFlow** (**No_KC** < KARole(s): Initiator / Responder>) (**FB:**SHA256 HMAC) (**FC:** SHA256 HMAC)] [**dhStatic** (**No_KC** < KARole(s): Initiator / Responder>) (**FB:**SHA256 HMAC) (**FC:** SHA256 HMAC)] SHS [validation number 3648](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648) DSA [validation number 1187](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1187) DRBG [validation number 1429](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1429) **ECC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration) **SCHEMES** [**EphemeralUnified** (**No_KC**) (**EC:** P-256 SHA256 HMAC) (**ED:** P-384 SHA384 HMAC) (**EE:** P-521 HMAC (SHA512, HMAC_SHA512)))] [**OnePassDH** (**No_KC** < KARole(s): Initiator / Responder>) (**EC:** P-256 SHA256 HMAC) (**ED:** P-384 SHA384 HMAC) (**EE:** P-521 HMAC (SHA512, HMAC_SHA512))] [**StaticUnified** (**No_KC** < KARole(s): Initiator / Responder>) (**EC:** P-256 SHA256 HMAC) (**ED:** P-384 SHA384 HMAC) (**EE:** P-521 HMAC (SHA512, HMAC_SHA512))] SHS [validation number 3648](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648) ECDSA [validation number 1072](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1072) DRBG [validation number 1429](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1429)|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#114](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#114) Version 8.00.6246|
+|**ECC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Full Validation Key Regeneration) **SCHEMES [FullUnified (No_KC** < KARole(s): Initiator / Responder > < KDF: CONCAT >) (**EC:** P-256 SHA256 HMAC) (**ED:** P-384 SHA384 HMAC)] SHS [validation number 3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347) ECDSA [validation number 920](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#920) DRBG [validation number 1222](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1222)|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations [#93](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#93) Version 10.0.14393|
+|**FFC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation) **SCHEMES** [dhEphem (KARole(s): Initiator / Responder)(**FB:** SHA256) (**FC:** SHA256)] [dhOneFlow (KARole(s): Initiator / Responder) (**FB:** SHA256) (**FC:** SHA256)] [**dhStatic (No_KC** < KARole(s): Initiator / Responder >) (FB: SHA256 HMAC) (FC: SHA256 HMAC)] SHS [validation number 3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347) DSA [validation number 1098](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1098) DRBG [validation number 1217](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1217) **ECC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration) **SCHEMES** [EphemeralUnified (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))] [OnePassDH (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))] [StaticUnified (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))] SHS [validation number 3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347) DSA [validation number 1098](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1098) ECDSA [validation number 911](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#911) DRBG [validation number 1217](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1217) HMAC [validation number 2651](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2651)|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations [#92](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#92) Version 10.0.14393|
+|**FFC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation) SCHEMES [dhEphem (KARole(s): Initiator / Responder)(FB: SHA256) (FC: SHA256)] [dhOneFlow (KARole(s): Initiator / Responder) (FB: SHA256) (FC: SHA256)] [dhStatic (No_KC < KARole(s): Initiator / Responder >) (FB: SHA256 HMAC) (FC: SHA256 HMAC)] SHS [validation number 3047](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3047) DSA [validation number 1024](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1024) DRBG [validation number 955](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#955) **ECC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration) SCHEMES [EphemeralUnified (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))] [OnePassDH (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))] [StaticUnified (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))] SHS [validation number 3047](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3047) ECDSA [validation number 760](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#760) DRBG [validation number 955](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#955)|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub Cryptography Next Generation (CNG) Implementations [#72](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#72) Version 10.0.10586|
+|**FFC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation) SCHEMES [dhEphem (KARole(s): Initiator / Responder)(FB: SHA256) (FC: SHA256)] [dhOneFlow (KARole(s): Initiator / Responder) (FB: SHA256) (FC: SHA256)] [dhStatic (No_KC < KARole(s): Initiator / Responder >) (FB: SHA256 HMAC) (FC: SHA256 HMAC)] SHS [validation number 2886](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2886) DSA [validation number 983](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#983) DRBG [validation number 868](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#868) **ECC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration) SCHEMES [EphemeralUnified (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))] [OnePassDH (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))] [StaticUnified (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))] SHS [validation number 2886](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2886) ECDSA [validation number 706](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#706) DRBG [validation number 868](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#868)|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations [#64](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#64) Version 10.0.10240|
+|**FFC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation) SCHEMES [dhEphem (KARole(s): Initiator / Responder)(FB: SHA256) (FC: SHA256)] [dhOneFlow (KARole(s): Initiator / Responder) (FB: SHA256) (FC: SHA256)] [dhStatic (No_KC < KARole(s): Initiator / Responder >) (FB: SHA256 HMAC) (FC: SHA256 HMAC)] SHS [validation number 2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373) DSA [validation number 855](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#855) DRBG [validation number 489](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#489) **ECC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration) SCHEMES [EphemeralUnified (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))] [OnePassDH (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))] [StaticUnified (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))] SHS [validation number 2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373) ECDSA [validation number 505](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#505) DRBG [validation number 489](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#489)|Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations [#47](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#47) Version 6.3.9600|
+|**FFC**: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation) SCHEMES [**dhEphem** (KARole(s): Initiator / Responder) (**FA**: SHA256) (**FB**: SHA256) (**FC**: SHA256)] [**dhOneFlow** (KARole(s): Initiator / Responder) (**FA**: SHA256) (**FB**: SHA256) (**FC**: SHA256)] [**dhStatic** (**No_KC** < KARole(s): Initiator / Responder>) (**FA**: SHA256 HMAC) (**FB**: SHA256 HMAC) (**FC**: SHA256 HMAC)] SHS [#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903) DSA [validation number 687](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#687) DRBG [#258](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258) **ECC**: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration) **SCHEMES** [**EphemeralUnified** (**No_KC** < KARole(s): Initiator / Responder>) (EC: P-256 SHA256 HMAC) (**ED**: P-384 SHA384 HMAC) (**EE**: P-521 HMAC (SHA512, HMAC_SHA512)))] [**OnePassDH(No_KC** < KARole(s): Initiator / Responder>) (**EC**: P-256 SHA256) (**ED**: P-384 SHA384) (**EE**: P-521 (SHA512, HMAC_SHA512)))] [**StaticUnified** (**No_KC** < KARole(s): Initiator / Responder>) (**EC**: P-256 SHA256 HMAC) (**ED**: P-384 SHA384 HMAC) (**EE**: P-521 HMAC (SHA512, HMAC_SHA512))] SHS [#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903) ECDSA [validation number 341](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#341) DRBG [#258](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258)|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations [#36](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#36)|
+|**KAS (SP 800–56A)** Windows Server 2008 R2 and SP1, vendor-affirmed|
SP 800-108 Key-Based Key Derivation Functions (KBKDF)
- MAC prerequisite: HMAC #3271 Microsoft Surface Hub Virtual TPM Implementations #161 Version 10.0.15063.674 MAC prerequisite: HMAC #3270 Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #160 Version 10.0.16299 MAC prerequisite: AES #4902, HMAC #3269 Microsoft Surface Hub Cryptography Next Generation (CNG) Implementations #159 Version 10.0.15063.674 MAC prerequisite: AES #4901, HMAC #3268 K prerequisite: KAS #147 Windows 10 Mobile (version 1709) Cryptography Next Generation (CNG) Implementations #158 Version 10.0.15254 MAC prerequisite: AES #4897, HMAC #3267 K prerequisite: KAS #146 Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Cryptography Next Generation (CNG) Implementations #157 Version 10.0.16299 Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #141 Version 10.0.15063 Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile Cryptography Next Generation (CNG) Implementations #140 Version 10.0.15063 CTR_Mode: (Llength(Min20 Max64) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA384]) LocationCounter([BeforeFixedData]) rlength([32])) KAS validation number 93 DRBG validation number 1222 MAC validation number 2661 Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #102 Version 10.0.14393 CTR_Mode: (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32])) KAS validation number 92 AES validation number 4064 DRBG validation number 1217 MAC validation number 2651 Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #101 Version 10.0.14393 CTR_Mode: (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32])) KAS validation number 72 AES validation number 3629 DRBG validation number 955 MAC validation number 2381 Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations #72 Version 10.0.10586 CTR_Mode: (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32])) KAS validation number 64 AES validation number 3497 RBG validation number 868 MAC validation number 2233 Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #66 Version 10.0.10240 CTR_Mode: (Llength(Min0 Max0) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32])) Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #30 Version 6.3.9600 CTR_Mode: (Llength(Min0 Max4) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32])) DRBG #258 HMAC validation number 1345 MACs: HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384 MAC prerequisite: HMAC [#3271](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3271) K prerequisite: DRBG [#1734](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1734), KAS [#150](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#150)|Microsoft Surface Hub Virtual TPM Implementations [#161](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#161) Version 10.0.15063.674|
+|Counter: MACs: HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384 MAC prerequisite: HMAC [#3270](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3270) K prerequisite: DRBG [#1733](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1733), KAS [#149](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#149)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations [#160](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#160) Version 10.0.16299|
+|Counter: MACs: CMAC-AES-128, CMAC-AES-192, CMAC-AES-256, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512 MAC prerequisite: AES [#4902](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4902), HMAC [#3269](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3269) K prerequisite: KAS [#148](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#148)|Microsoft Surface Hub Cryptography Next Generation (CNG) Implementations [#159](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#159) Version 10.0.15063.674|
+|Counter: MACs: CMAC-AES-128, CMAC-AES-192, CMAC-AES-256, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512 MAC prerequisite: AES [#4901](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4901), HMAC [#3268](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3268) K prerequisite: KAS [#147](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#147)|Windows 10 Mobile (version 1709) Cryptography Next Generation (CNG) Implementations [#158](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#158) Version 10.0.15254|
+|Counter: MACs: CMAC-AES-128, CMAC-AES-192, CMAC-AES-256, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512 MAC prerequisite: AES [#4897](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4897), HMAC [#3267](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3267) K prerequisite: KAS [#146](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#146)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Cryptography Next Generation (CNG) Implementations [#157](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#157) Version 10.0.16299|
+|**CTR_Mode:** (Llength(Min0 Max0) MACSupported([HMACSHA1] [HMACSHA256][HMACSHA384]) LocationCounter([BeforeFixedData]) rlength([32])) KAS [validation number 128](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#128) DRBG [validation number 1556](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1556) MAC [validation number 3062](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3062)|Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations [#141](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#141) Version 10.0.15063|
+|**CTR_Mode:** (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32])) KAS [validation number 127](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#127) AES [validation number 4624](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4624) DRBG [validation number 1555](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1555) MAC [validation number 3061](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3061)|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile Cryptography Next Generation (CNG) Implementations [#140](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#140) Version 10.0.15063|
+|**CTR_Mode:** (Llength(Min20 Max64) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA384]) LocationCounter([BeforeFixedData]) rlength([32])) KAS [validation number 93](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#93) DRBG [validation number 1222](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1222) MAC [validation number 2661](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2661)|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations [#102](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#102) Version 10.0.14393|
+|**CTR_Mode:** (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32])) KAS [validation number 92](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#92) AES [validation number 4064](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4064) DRBG [validation number 1217](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1217) MAC [validation number 2651](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2651)|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations [#101](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#101) Version 10.0.14393|
+|**CTR_Mode:** (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32])) KAS [validation number 72](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#72) AES [validation number 3629](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3629) DRBG [validation number 955](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#955) MAC [validation number 2381](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2381)|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations [#72](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#72) Version 10.0.10586|
+|**CTR_Mode:** (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32])) KAS [validation number 64](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#64) AES [validation number 3497](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3497) RBG [validation number 868](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#868) MAC [validation number 2233](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2233)|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations [#66](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#66) Version 10.0.10240|
+|**CTR_Mode:** (Llength(Min0 Max0) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32])) DRBG [validation number 489](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#489) MAC [validation number 1773](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1773)|Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations [#30](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#30) Version 6.3.9600|
+|**CTR_Mode**: (Llength(Min0 Max4) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32])) DRBG [#258](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258) HMAC [validation number 1345](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1345)|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations [#3](http://csrc.nist.gov/groups/stm/cavp/documents/kbkdf800-108/kbkdfval.htm#3)|
Random Number Generator (RNG)
- FIPS 186-2 General Purpose [(x-Original); (SHA-1)] Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1060 Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #292 Windows CE and Windows Mobile 6.0 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) #286 Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #66 FIPS 186-2 FIPS 186-2 General Purpose Windows 7 and SP1 and Windows Server 2008 R2 and SP1 RNG Library #649 Windows Vista Ultimate SP1 and Windows Server 2008 RNG Implementation #435 Windows Vista RNG implementation #321 Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #470 Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #449 Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #447 Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #316 Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #313 Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #448 Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #314 Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) [#292](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#292) Windows CE and Windows Mobile 6.0 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) [#286](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#286) Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) [#66](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#66)|
+|**FIPS 186-2 Windows Vista Ultimate SP1 and Windows Server 2008 RNG Implementation [#435](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#435) Windows Vista RNG implementation [#321](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#321)|
+|**FIPS 186-2 General Purpose Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) [#449](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#449) Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) [#447](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#447) Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) [#316](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#316) Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) [#313](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#313)|
+|**FIPS 186-2 Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider [#314](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#314)|
#### RSA
- RSA: Microsoft Surface Hub Virtual TPM Implementations #2677 Version 10.0.15063.674 RSA: Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #2676 Version 10.0.16299 RSA: Microsoft Surface Hub RSA32 Algorithm Implementations #2675 Version 10.0.15063.674 RSA: Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); RSA32 Algorithm Implementations #2674 Version 10.0.16299 RSA: Windows 10 Mobile (version 1709) RSA32 Algorithm Implementations #2673 Version 10.0.15254 RSA: Microsoft Surface Hub MsBignum Cryptographic Implementations #2672 Version 10.0.15063.674 RSA: Microsoft Surface Hub SymCrypt Cryptographic Implementations #2671 Version 10.0.15063.674 RSA: Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #2670 Version 10.0.15254 RSA: Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #2669 Version 10.0.15254 Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #2668 Version 10.0.16299 Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #2667 Version 10.0.16299 Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #2524 Version 10.0.15063 Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile RSA32 Algorithm Implementations #2523 Version 10.0.15063 Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #2522 Version 10.0.15063 Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #2521 Version 10.0.15063 FIPS186-2: FIPS186-4: Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2415 Version 7.00.2872 FIPS186-2: FIPS186-4: Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2414 Version 8.00.6246 FIPS186-2: FIPS186-4: Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2412 Version 7.00.2872 FIPS186-2: FIPS186-4: Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2411 Version 8.00.6246 FIPS186-4: Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #2206 Version 10.0.14393 FIPS186-4: SHA validation number 3347 DRBG: validation number 1217 Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA Key Generation Implementation #2195 Version 10.0.14393 FIPS186-4: soft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations #2194 Version 10.0.14393 FIPS186-4: SHA validation number 3347 DRBG: validation number 1217 Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #2193 Version 10.0.14393 FIPS186-4: Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) SHA validation number 3347 DRBG: validation number 1217 Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #2192 Version 10.0.14393 FIPS186-4: SHA validation number 3047 DRBG: validation number 955 Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” RSA Key Generation Implementation #1889 Version 10.0.10586 FIPS186-4: Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub RSA32 Algorithm Implementations #1871 Version 10.0.10586 FIPS186-4: Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub MsBignum Cryptographic Implementations #1888 Version 10.0.10586 FIPS186-4: Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub Cryptography Next Generation (CNG) Implementations #1887 Version 10.0.10586 FIPS186-4: SHA validation number 2886 DRBG: validation number 868 Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA Key Generation Implementation #1798 Version 10.0.10240 FIPS186-4: Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations #1784 Version 10.0.10240 FIPS186-4: Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #1783 Version 10.0.10240 FIPS186-4: Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #1802 Version 10.0.10240 FIPS186-4: SHA validation number 2373 DRBG: validation number 489 Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 RSA Key Generation Implementation #1487 Version 6.3.9600 FIPS186-4: Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations #1494 Version 6.3.9600 FIPS186-4: Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1493 Version 6.3.9600 FIPS186-4: Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #1519 Version 6.3.9600 FIPS186-4: Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 1134. Windows Server 2008 R2 and SP1 CNG algorithms #567 Windows 7 and SP1 CNG algorithms #560 Windows Server 2008 CNG algorithms #358 Windows Vista SP1 CNG algorithms #357 Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) #355 Windows Vista SP1 Enhanced Cryptographic Provider (RSAENH) #354 FIPS186-2: – PKCS#1 v1.5, signature generation, and verification – Mod sizes: 1024, 1536, 2048, 3072, 4096 – SHS: SHA–1/256/384/512 Windows XP, vendor-affirmed Windows 2000, vendor-affirmed 186-4: Signature Generation PKCS1.5: Mod 2048 SHA: SHA-1, Signature Generation PSS: Mod 2048: Signature Verification PKCS1.5: Mod 1024 SHA: SHA-1, Mod 2048 SHA: SHA-1, Signature Verification PSS: Mod 2048: Mod 3072: Prerequisite: SHS [#4011](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4011), DRBG [#1734](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1734)|Microsoft Surface Hub Virtual TPM Implementations [#2677](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2677) Version 10.0.15063.674|
+|RSA: 186-4: Signature Generation PKCS1.5: Mod 2048 SHA: Signature Generation PSS: Mod 2048: Signature Verification PKCS1.5: Mod 1024 SHA: Mod 2048 SHA: Signature Verification PSS: Mod 1024 Mod 2048: Prerequisite: SHS [#4009](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009), DRBG [#1733](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1733)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter ( Version 1709); Virtual TPM Implementations [#2676](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2676) Version 10.0.16299|
+|RSA: 186-4: Key Generation: Signature Verification PKCS1.5: Mod 1024 SHA: Mod 2048 SHA: Mod 3072 SHA: Prerequisite: SHS [#4011](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4011), DRBG [#1732](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1732)|Microsoft Surface Hub RSA32 Algorithm Implementations [#2675](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2675) Version 10.0.15063.674|
+|RSA: 186-4: Signature Verification PKCS1.5: Mod 1024 SHA: Mod 2048 SHA: Mod 3072 SHA: Prerequisite: SHS [#4009](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009), DRBG [#1730](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1730)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); RSA32 Algorithm Implementations [#2674](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2674) Version 10.0.16299|
+|RSA: 186-4: Signature Verification PKCS1.5: Mod 1024 SHA: Mod 2048 SHA: Mod 3072 SHA: Prerequisite: SHS [#4010](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4010), DRBG [#1731](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1731)|Windows 10 Mobile (version 1709) RSA32 Algorithm Implementations [#2673](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2673) Version 10.0.15254|
+|RSA: 186-4: Key Generation: Mod lengths: 2048, 3072 (bits) Primality Tests: C.3 Signature Generation PKCS1.5: Mod 2048 SHA: Mod 3072 SHA: Signature Generation PSS: Mod 2048: Mod 3072 Signature Verification PKCS1.5 Mod 1024 SHA: Mod 2048 SHA: Mod 3072 SHA: Signature Verification PSS Mod 1024 Mod 2048: Mod 3072: Prerequisite: SHS [#4011](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4011), DRBG [#1732](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1732)|Microsoft Surface Hub MsBignum Cryptographic Implementations [#2672](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2672) Version 10.0.15063.674|
+|RSA: 186-4: Key Generation: Probable Random Primes: Mod lengths: 2048, 3072 (bits) Primality Tests: C 2 Signature Generation PKCS1.5: Mod 2048 SHA: Mod 3072 SHA: Signature Generation PSS: Mod 2048: Mod 3072: Signature Verification PKCS1.5: Mod 1024 SHA: Mod 2048 SHA: Mod 3072 SHA: Signature Verification PSS: Mod 1024: Mod 2048: Mod 3072: Prerequisite: SHS [#4011](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4011), DRBG [#1732](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1732)|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#2671](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2671) Version 10.0.15063.674|
+|RSA: 186-4: Key Generation: Probable Random Primes: Mod lengths: 2048, 3072 (bits) Primality Tests: C.2 Signature Generation PKCS1.5: Mod 2048 SHA: Mod 3072 SHA: Signature Generation PSS: Mod 2048: Mod 3072: Signature Verification PKCS1.5: Mod 1024 SHA: Mod 2048 SHA: Mod 3072 SHA: Signature Verification PSS: Mod 1024: Mod 2048 Mod 3072: Prerequisite: SHS [#4010](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4010), DRBG [#1731](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1731)|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#2670](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2670) Version 10.0.15254|
+|RSA: 186-4: Key Generation: Public Key Exponent: Fixed (10001) Provable Primes with Conditions: Mod lengths: 2048, 3072 (bits) Primality Tests: C.3 Signature Generation PKCS1.5: Mod 2048 SHA: Mod 3072 SHA: Signature Generation PSS: Mod 2048: Mod 3072 Signature Verification PKCS1.5 Mod 1024 SHA: Mod 2048 SHA: Mod 3072 SHA: Signature Verification PSS: Mod 1024 Mod 2048: Mod 3072: Prerequisite: SHS [#4010](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4010), DRBG [#1731](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1731)|Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations [#2669](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2669) Version 10.0.15254|
+| 186-4: Key Generation: Public Key Exponent: Fixed (10001) Provable Primes with Conditions: Mod lengths: 2048, 3072 (bits) Primality Tests: C.3 Signature Generation PKCS1.5: Mod 2048 SHA: Mod 3072 SHA: Signature Generation PSS: Mod 2048: Mod 3072 Signature Verification PKCS1.5 Mod 1024 SHA: Mod 2048 SHA: Mod 3072 SHA: Signature Verification PSS: Mod 1024 Mod 2048: Mod 3072: Prerequisite: SHS [#4009](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009), DRBG [#1730](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1730)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations [#2668](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2668) Version 10.0.16299|
+| 186-4: Key Generation Probable Random Primes: Mod lengths: 2048, 3072 (bits) Primality Tests: C.2 Signature Generation PKCS1.5: Mod 2048 SHA: Mod 3072 SHA: Signature Generation PSS: Mod 2048: Mod 3072: Signature Verification PKCS1.5: Mod 1024 SHA: Mod 2048 SHA: Mod 3072 SHA: Signature Verification PSS: Mod 1024: Mod 2048: Mod 3072: Prerequisite: SHS [#4009](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009), DRBG [#1730](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1730)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations [#2667](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2667) Version 10.0.16299|
+| **FIPS186-4: **SIG(ver) (1024 SHA(1, 256, 384)) (2048 SHA(1, 256, 384)) **[RSASSA-PSS]:** Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) **SIG(gen) with SHA-1 affirmed for use with protocols only. **SIG(ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) SHA [validation number 3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790)|Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations [#2524](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2524) Version 10.0.15063|
+| **FIPS186-4: SHA [validation number 3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790)|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile RSA32 Algorithm Implementations [#2523](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2523) Version 10.0.15063|
+| **FIPS186-4: 186-4KEY(gen):** FIPS186-4_Fixed_e (10001); **PGM(ProbPrimeCondition):** 2048, 3072 **PPTT:**(C.3)** **SIG(ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) **[RSASSA-PSS]:** Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) **SIG(gen) with SHA-1 affirmed for use with protocols only. **SIG(ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64 SHA [validation number 3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790) DRBG: [validation number 1555](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1555)|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations [#2522](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2522) Version 10.0.15063|
+| **FIPS186-4: 186-4KEY(gen):**PGM(ProbRandom:** (2048, 3072) **PPTT:**(C.2)** **SIG(ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) **[RSASSA-PSS]:** Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) **SIG(gen) with SHA-1 affirmed for use with protocols only. **SIG(ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) SHA [validation number 3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790)|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#2521](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2521) Version 10.0.15063|
+| **FIPS186-2: **FIPS186-4: **SIG(ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) SHA [validation number 3652](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3652)|Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) [#2415](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2415) Version 7.00.2872|
+| **FIPS186-2: **FIPS186-4: **SIG(ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) SHA [validation number 3651](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3651)|Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) [#2414](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2414) Version 8.00.6246|
+| **FIPS186-2: **FIPS186-4: 186-4KEY(gen):** FIPS186-4_Fixed_e (10001); **PGM(ProbRandom:** (2048, 3072) **PPTT:**(C.2) **SIG(ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) SHA [validation number 3649](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649) DRBG: [validation number 1430](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1430)|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#2412](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2412) Version 7.00.2872|
+| **FIPS186-2: **FIPS186-4: 186-4KEY(gen):** FIPS186-4_Fixed_e (10001); **PGM(ProbRandom:** (2048, 3072) **PPTT:**(C.2)** **SIG(ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) SHA [validation number 3648](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648) DRBG: [validation number 1429](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1429)|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#2411](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2411) Version 8.00.6246|
+| **FIPS186-4: **[RSASSA-PSS]:** Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) SIG(gen) with SHA-1 affirmed for use with protocols only.Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) SHA [validation number 3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347)|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations [#2206](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2206) Version 10.0.14393|
+| **FIPS186-4: 186-4KEY(gen):** FIPS186-4_Fixed_e (10001 **PGM(ProbPrimeCondition):** 2048, 3072 PPTT:(C.3) SHA [validation number 3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347) DRBG: [validation number 1217](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1217)|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA Key Generation Implementation [#2195](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2195) Version 10.0.14393|
+| **FIPS186-4: SHA [validation number 3346](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3346)|soft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations [#2194](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2194) Version 10.0.14393|
+| **FIPS186-4: **SIG(Ver)** (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) SHA [validation number 3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347) DRBG: [validation number 1217](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1217)|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations [#2193](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2193) Version 10.0.14393|
+| **FIPS186-4: **Sig(Ver):** (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) SHA [validation number 3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347) DRBG: [validation number 1217](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1217)|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations [#2192](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2192) Version 10.0.14393|
+| **FIPS186-4: 186-4KEY(gen)**: FIPS186-4_Fixed_e (10001); **PGM(ProbPrimeCondition**): 2048, 3072 PPTT:(C.3) SHA [validation number 3047](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3047) DRBG: [validation number 955](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#955)|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” RSA Key Generation Implementation [#1889](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1889) Version 10.0.10586|
+| **FIPS186-4: SHA [validation number 3048](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3048)|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub RSA32 Algorithm Implementations [#1871](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1871) Version 10.0.10586|
+| **FIPS186-4: **SIG(Ver)** (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) SHA [validation number 3047](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3047)|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub MsBignum Cryptographic Implementations [#1888](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1888) Version 10.0.10586|
+| **FIPS186-4: **Sig(Ver):** (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) SHA [validation number 3047](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3047)|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub Cryptography Next Generation (CNG) Implementations [#1887](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1887) Version 10.0.10586|
+| **FIPS186-4: 186-4KEY(gen):** FIPS186-4_Fixed_e (10001);PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3) SHA [validation number 2886](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2886) DRBG: [validation number 868](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#868)|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA Key Generation Implementation [#1798](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1798) Version 10.0.10240|
+| **FIPS186-4: SHA [validation number 2871](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2871)|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations [#1784](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1784) Version 10.0.10240|
+| **FIPS186-4: SHA [validation number 2871](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2871)|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations [#1783](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1783) Version 10.0.10240|
+| **FIPS186-4: SHA [validation number 2886](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2886)|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations [#1802](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1802) Version 10.0.10240|
+| **FIPS186-4: 186-4KEY(gen):** FIPS186-4_Fixed_e; **PGM(ProbPrimeCondition):** 2048, 3072 PPTT:(C.3) SHA [validation number 2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373) DRBG: [validation number 489](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#489)|Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 RSA Key Generation Implementation [#1487](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1487) Version 6.3.9600|
+| **FIPS186-4: SHA [validation number 2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373)|Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations [#1494](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1494) Version 6.3.9600|
+| **FIPS186-4: SHA [validation number 2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373)|Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations [#1493](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1493) Version 6.3.9600|
+| **FIPS186-4: SHA [validation number 2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373)|Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations [#1519](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1519) Version 6.3.9600|
+| **FIPS186-4: **[RSASSA-PSS]:** Sig(Gen): (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512)), Sig(Ver): (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512, 512)), SHA [#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903) Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical RSA List validation number 1134](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#1134).|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations [#1134](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1134)|
+| **FIPS186-4: 186-4KEY(gen):** FIPS186-4_Fixed_e, FIPS186-4_Fixed_e_Value **PGM(ProbPrimeCondition):** 2048, 3072 **PPTT:**(C.3) SHA [#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903) DRBG: [#258](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258)|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 RSA Key Generation Implementation [#1133](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1133)|
+| **FIPS186-2: Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical RSA List validation number 1132](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#1132).|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Enhanced Cryptographic Provider (RSAENH) [#1132](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1132)|
+| **FIPS186-2:ALG[ANSIX9.31]:** SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 1774](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1774) Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical RSA List validation number 1052](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#1052).|Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) [#1052](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1052)|
+| **FIPS186-2: Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical RSA List validation number 1051](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#1051).|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#1051](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1051)|
+| **FIPS186-2: Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical RSA List validation number 568](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#568).|Windows Server 2008 R2 and SP1 Enhanced Cryptographic Provider (RSAENH) [#568](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#568)|
+| **FIPS186-2: Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical RSA List validation number 567](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#567). See [Historical RSA List validation number 560](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#560).|Windows Server 2008 R2 and SP1 CNG algorithms [#567](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#567) Windows 7 and SP1 CNG algorithms [#560](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#560)|
+| **FIPS186-2: Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical RSA List validation number 559](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#559).|Windows 7 and SP1 and Server 2008 R2 and SP1 RSA Key Generation Implementation [#559](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#559)|
+| **FIPS186-2: Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical RSA List validation number 557](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#557).|Windows 7 and SP1 Enhanced Cryptographic Provider (RSAENH) [#557](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#557)|
+| **FIPS186-2: Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical RSA List validation number 395](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#395).|Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) [#395](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#395)|
+| **FIPS186-2: Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical RSA List validation number 371](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#371).|Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) [#371](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#371)|
+| **FIPS186-2: Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical RSA List validation number 358](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#358). See [Historical RSA List validation number 357](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#357).|Windows Server 2008 CNG algorithms [#358](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#358) Windows Vista SP1 CNG algorithms [#357](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#357)|
+| **FIPS186-2: Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical RSA List validation number 355](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#355). See [Historical RSA List validation number 354](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#354).|Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) [#355](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#355) Windows Vista SP1 Enhanced Cryptographic Provider (RSAENH) [#354](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#354)|
+| **FIPS186-2: Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical RSA List validation number 353](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#353).|Windows Vista SP1 and Windows Server 2008 RSA Key Generation Implementation [#353](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#353)|
+| **FIPS186-2: Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical RSA List validation number 258](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#258).|Windows Vista RSA key generation implementation [#258](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#258)|
+| **FIPS186-2: Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical RSA List validation number 257](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#257).|Windows Vista CNG algorithms [#257](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#257)|
+| **FIPS186-2: Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical RSA List validation number 255](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#255).|Windows Vista Enhanced Cryptographic Provider (RSAENH) [#255](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#255)|
+| **FIPS186-2: Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical RSA List validation number 245](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#245).|Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) [#245](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#245)|
+| **FIPS186-2: Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical RSA List validation number 230](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#230).|Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) [#230](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#230)|
+| **FIPS186-2: Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical RSA List validation number 222](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#222).|Windows CE and Windows Mobile 6 and Windows Mobile 6.1 Enhanced Cryptographic Provider (RSAENH) [#222](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#222)|
+| **FIPS186-2: SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 364](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#364) Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical RSA List validation number 81](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#81).|Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) [#81](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#81)|
+| **FIPS186-2: Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical RSA List validation number 52](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#52).|Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) [#52](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#52)|
+| **FIPS186-2:**: Windows 2000, vendor-affirmed|
#### Secure Hash Standard (SHS)
- Microsoft Surface Hub SymCrypt Cryptographic Implementations #4011 Version 10.0.15063.674 Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #4010 Version 10.0.15254 Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #4009 Version 10.0.16299 Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #3790 Version 10.0.15063 Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #3652 Version 7.00.2872 Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #3651 Version 8.00.6246 Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #3649 Version 7.00.2872 Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #3648 Version 8.00.6246 SHA-1 (BYTE-only) SHA-256 (BYTE-only) SHA-384 (BYTE-only) SHA-512 (BYTE-only) Implementation does not support zero-length (null) messages. Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #1903 Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) #1902 Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1774 Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #1773 Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #1081 Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #816 Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #785 Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #784 Windows Vista SP1 and Windows Server 2008 Symmetric Algorithm Implementation #753 Windows Vista Symmetric Algorithm Implementation #618 Windows Vista BitLocker Drive Encryption #737 Windows Vista Beta 2 BitLocker Drive Encryption #495 Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #613 Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #364 Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #611 Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #610 Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #385 Windows Server 2003 SP1 Kernel Mode Cryptographic Module (fips.sys) #371 Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #181 Windows Server 2003 Kernel Mode Cryptographic Module (fips.sys) #177 Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) #176 Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #589 Windows CE and Windows Mobile 6 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) #578 Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #305 Windows XP Microsoft Enhanced Cryptographic Provider #83 Crypto Driver for Windows 2000 (fips.sys) #35 Windows 2000 Microsoft Outlook Cryptographic Provider (EXCHCSP.DLL) SR-1A (3821) #32 Windows 2000 RSAENH.DLL #24 Windows 2000 RSABASE.DLL #23 Windows NT 4 SP6 RSAENH.DLL #21 Windows NT 4 SP6 RSABASE.DLL #20 SHA-1: SHA-256: SHA-384: SHA-512: Version 10.0.15063.674|
+| SHA-1: SHA-256: SHA-384: SHA-512: Version 10.0.15254|
+| SHA-1: SHA-256: SHA-384: SHA-512: Version 10.0.16299|
+| Version 10.0.15063|
+| Version 7.00.2872|
+| Version 8.00.6246|
+| Version 7.00.2872|
+| Version 8.00.6246|
+| Version 10.0.14393|
+| Version 10.0.14393|
+| Version 10.0.10586|
+| Version 10.0.10586|
+| Version 10.0.10240|
+| Version 10.0.10240|
+| Version 6.3.9600|
+| Version 6.3.9600|
+| Implementation does not support zero-length (null) messages.|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) [#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903) Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) [#1902](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902)|
+| Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) [#1773](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773)|
+| Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) [#816](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#816.)|
+| Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) [#784](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#784)|
+| Windows Vista Symmetric Algorithm Implementation [#618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618)|
+| Windows Vista Beta 2 BitLocker Drive Encryption [#495](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#495)|
+| Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) [#364](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#364)|
+| Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) [#610](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#610) Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) [#385](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#385) Windows Server 2003 SP1 Kernel Mode Cryptographic Module (fips.sys) [#371](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#371) Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) [#181](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#181) Windows Server 2003 Kernel Mode Cryptographic Module (fips.sys) [#177](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#177) Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) [#176](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#176)|
+| Windows CE and Windows Mobile 6 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) [#578](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#578) Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) [#305](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#305)|
+| Crypto Driver for Windows 2000 (fips.sys) [#35](http://csrc.nist.gov/groups/stm/cavp/documents/shs/shaval.htmlhttp:/csrc.nist.gov/groups/stm/cavp/documents/shs/shaval.html#35) Windows 2000 Microsoft Outlook Cryptographic Provider (EXCHCSP.DLL) SR-1A (3821) [#32](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#32) Windows 2000 RSAENH.DLL [#24](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#24) Windows 2000 RSABASE.DLL [#23](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#23) Windows NT 4 SP6 RSAENH.DLL [#21](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#21) Windows NT 4 SP6 RSABASE.DLL [#20](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#20)|
#### Triple DES
- Microsoft Surface Hub SymCrypt Cryptographic Implementations #2558 Version 10.0.15063.674 Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #2557 Version 10.0.15254 Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #2556 Version 10.0.16299 Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #2459 Version 10.0.15063 TECB(KO 1 e/d); TCBC(KO 1 e/d) Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2384 Version 8.00.6246 TECB(KO 1 e/d); TCBC(KO 1 e/d) Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2383 Version 8.00.6246 TECB(KO 1 e/d); TCBC(KO 1 e/d); CTR (int only) Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2382 Version 7.00.2872 TECB(KO 1 e/d); TCBC(KO 1 e/d) Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2381 Version 8.00.6246 TECB(KO 1 e/d); TCBC(KO 1 e/d); TCFB8(KO 1 e/d); TCFB64(KO 1 e/d) Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #2227 Version 10.0.14393 TECB(KO 1 e/d); TCBC(KO 1 e/d); TCFB8(KO 1 e/d); TCFB64(KO 1 e/d) Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations #2024 Version 10.0.10586 TECB(KO 1 e/d); TCBC(KO 1 e/d); TCFB8(KO 1 e/d); TCFB64(KO 1 e/d) Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #1969 Version 10.0.10240 TECB(KO 1 e/d); TCBC(KO 1 e/d); TCFB8(KO 1 e/d); TCFB64(KO 1 e/d) Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #1692 Version 6.3.9600 TECB(e/d; KO 1, 2); TCBC(e/d; KO 1, 2); TCFB8(e/d; KO 1, 2); TCFB64(e/d; KO 1, 2) TECB(e/d; KO 1, 2); TCBC(e/d; KO 1, 2); TCFB8(e/d; KO 1, 2) TECB(e/d; KO 1, 2); TCBC(e/d; KO 1, 2); TCFB8(e/d; KO 1, 2) TECB(e/d; KO 1, 2); TCBC(e/d; KO 1, 2); TCFB8(e/d; KO 1, 2) TECB(e/d; KO 1, 2); TCBC(e/d; KO 1, 2); TCFB8(e/d; KO 1, 2) Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 #1386, vendor-affirmed Windows 7 and SP1 and Windows Server 2008 R2 and SP1 #846, vendor-affirmed TECB(e/d; KO 1, 2); TCBC(e/d; KO 1, 2) Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1308 Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #1307 Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #691 Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #677 Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #676 Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #675 Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #544 Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #543 Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #542 Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #526 Windows CE and Windows Mobile 6 and Windows Mobile 6.1 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) #517 Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #381 Windows Server 2003 SP1 Kernel Mode Cryptographic Module (fips.sys) #370 Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #365 Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #315 Windows Server 2003 Kernel Mode Cryptographic Module (fips.sys) #201 Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #199 Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) #192 Windows XP Microsoft Enhanced Cryptographic Provider #81 Windows 2000 Microsoft Outlook Cryptographic Provider (EXCHCSP.DLL) SR-1A (3821) #18 Crypto Driver for Windows 2000 (fips.sys) #16 TDES-CBC: TDES-CFB64: TDES-CFB8: TDES-ECB: Version 10.0.15063.674|
+| TDES-CBC: TDES-CFB64: TDES-CFB8: TDES-ECB: Version 10.0.15254|
+| TDES-CBC: TDES-CFB64: TDES-CFB8: TDES-ECB: Version 10.0.16299|
+|**TECB**(KO 1 e/d); **TCBC**(KO 1 e/d); **TCFB8**(KO 1 e/d); **TCFB64**(KO 1 e/d)|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#2459](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2459) Version 10.0.15063|
+|**TECB**(KO 1 e/d);**TCBC**(KO 1 e/d)|Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) [#2384](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2384) Version 8.00.6246|
+|**TECB**(KO 1 e/d);**TCBC**(KO 1 e/d)|Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) [#2383](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2383) Version 8.00.6246|
+|**TECB**(KO 1 e/d);**TCBC**(KO 1 e/d);**CTR** (int only)|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#2382](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2382) Version 7.00.2872|
+|**TECB**(KO 1 e/d);**TCBC**(KO 1 e/d)|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#2381](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2381) Version 8.00.6246|
+|**TECB**(KO 1 e/d);**TCBC**(KO 1 e/d);**TCFB8**(KO 1 e/d);**TCFB64**(KO 1 e/d)|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations [#2227](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2227) Version 10.0.14393|
+|**TECB**(KO 1 e/d);**TCBC**(KO 1 e/d);**TCFB8**(KO 1 e/d);**TCFB64**(KO 1 e/d)|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations [#2024](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2024) Version 10.0.10586|
+|**TECB**(KO 1 e/d);**TCBC**(KO 1 e/d);**TCFB8**(KO 1 e/d);**TCFB64**(KO 1 e/d)|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations [#1969](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1969) Version 10.0.10240|
+|**TECB**(KO 1 e/d);**TCBC**(KO 1 e/d);**TCFB8**(KO 1 e/d);**TCFB64**(KO 1 e/d)|Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations [#1692](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1692) Version 6.3.9600|
+|**TECB**(e/d; KO 1, 2);**TCBC**(e/d; KO 1, 2);**TCFB8**(e/d; KO 1, 2);**TCFB64**(e/d; KO 1, 2)|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) [#1387](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1387)|
+|**TECB**(e/d; KO 1, 2);**TCBC**(e/d; KO 1, 2);**TCFB8**(e/d; KO 1, 2)|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) [#1386](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1386)|
+|**TECB**(e/d; KO 1, 2);**TCBC**(e/d; KO 1, 2);**TCFB8**(e/d; KO 1, 2)|Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation [#846](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#846)|
+|**TECB**(e/d; KO 1, 2);**TCBC**(e/d; KO 1, 2);**TCFB8**(e/d; KO 1, 2)|Windows Vista SP1 and Windows Server 2008 Symmetric Algorithm Implementation [#656](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#656)|
+|**TECB**(e/d; KO 1, 2);**TCBC**(e/d; KO 1, 2);**TCFB8**(e/d; KO 1, 2)|Windows Vista Symmetric Algorithm Implementation [#549](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#549)|
+|**Triple DES MAC**|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 [#1386](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1386), vendor-affirmedWindows 7 and SP1 and Windows Server 2008 R2 and SP1 [#846](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#846), vendor-affirmed|
+|**TECB**(e/d; KO 1, 2);**TCBC**(e/d; KO 1, 2)|Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) [#1308](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1308)Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) [#1307](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1307) Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) [#691](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#691) Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) [#677](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#677) Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) [#676](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#676) Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) [#675](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#675) Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) [#544](http://csrc.nist.gov/groups/stm/cavp/documents/des/tripledesval.html#544) Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider [#543](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#543) Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) [#542](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#542)Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) [#526](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#526) Windows CE and Windows Mobile 6 and Windows Mobile 6.1 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) [#517](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#517) Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) [#381](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#381) Windows Server 2003 SP1 Kernel Mode Cryptographic Module (fips.sys) [#370](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#370) Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) [#365](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#365)Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) [#315](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#315) Windows Server 2003 Kernel Mode Cryptographic Module (fips.sys) [#201](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#201) Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) [#199](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#199) Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) [#192](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#192)Windows XP Microsoft Enhanced Cryptographic Provider [#81](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#81) Windows 2000 Microsoft Outlook Cryptographic Provider (EXCHCSP.DLL) SR-1A (3821) [#18](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#18)Crypto Driver for Windows 2000 (fips.sys) [#16](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#16)|
#### SP 800-132 Password-Based Key Derivation Function (PBKDF)
- Kernel Mode Cryptographic Primitives Library (cng.sys) Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2937 Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2936 Code Integrity (ci.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2935 Boot Manager in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2931 Kernel Mode Cryptographic Primitives Library (cng.sys) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2936 Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG), vendor-affirmed Prerequisite: DRBG #489 Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1540 Version 6.3.9600 Microsoft Surface Hub Virtual TPM Implementations #1519 Version 10.0.15063.674 Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #1518 Version 10.0.16299 Microsoft Surface Hub MsBignum Cryptographic Implementations #1517 Version 10.0.15063.674 Microsoft Surface Hub MsBignum Cryptographic Implementations #1516 Version 10.0.15063.674 Prerequisite: DRBG #1732 Microsoft Surface Hub MsBignum Cryptographic Implementations #1515 Version 10.0.15063.674 Prerequisite: DRBG #1732 Microsoft Surface Hub SymCrypt Cryptographic Implementations #1514 Version 10.0.15063.674 Microsoft Surface Hub SymCrypt Cryptographic Implementations #1513 Version 10.0.15063.674 Microsoft Surface Hub SymCrypt Cryptographic Implementations #1512 Version 10.0.15063.674 Prerequisite: SHS #4011, HMAC #3269 Prerequisite: SHS #4011, HMAC #3269 Microsoft Surface Hub SymCrypt Cryptographic Implementations #1511 Version 10.0.15063.674 Prerequisite: DRBG #1731 Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1510 Version 10.0.15254 Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1509 Version 10.0.15254 Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1508 Version 10.0.15254 Prerequisite: SHS #4010, HMAC #3268 Prerequisite: SHS #4010, HMAC #3268 Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1507 Version 10.0.15254 Prerequisite: DRBG #1731 Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #1506 Version 10.0.15254 Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #1505 Version 10.0.15254 Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #1504 Version 10.0.15254 Prerequisite: DRBG #1730 Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1503 Version 10.0.16299 Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1502 Version 10.0.16299 Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1501 Version 10.0.16299 Prerequisite: DRBG #1730 Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1499 Version 10.0.16299 Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1498 Version 10.0.16299 Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1497 Version 10.0.16299 Prerequisite: SHS #4009, HMAC #3267 Prerequisite: SHS #4009, HMAC #3267 Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1496 Version 10.0.16299 FIPS186-4 ECDSA Signature Generation of hash sized messages ECDSA SigGen Component: CURVES(P-256 P-384 P-521) Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1284 Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1279 Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #922 Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #894 Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #288 FIPS186-4 RSA; PKCS#1 v2.1 RSASP1 Signature Primitive RSASP1: (Mod2048: PKCS1.5 PKCSPSS) Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #1285 Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1282 Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1280 Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #893 Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #888 Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #665 Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #572 Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry MsBignum Cryptographic Implementations #289 FIPS186-4 RSA; RSADP RSADP Primitive RSADP: (Mod2048) Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1283 Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1281 Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #895 Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #887 Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations #663 Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #576 SP800-135 Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1496 Version 10.0.16299 Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1278 Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1140 Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1139 Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update BcryptPrimitives and NCryptSSLp #886 Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” BCryptPrimitives and NCryptSSLp #664 Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 BCryptPrimitives and NCryptSSLp #575 Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 BCryptPrimitives and NCryptSSLp #323 ECDSA SigGen: Prerequisite: DRBG [#489](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#489)|Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations [#1540](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1540) Version 6.3.9600|
+| RSASP1: Modulus Size: 2048 (bits) Version 10.0.15063.674|
+| RSASP1: Modulus Size: 2048 (bits) Version 10.0.16299|
+|RSADP: Modulus Size: 2048 (bits)|Microsoft Surface Hub MsBignum Cryptographic Implementations [#1517](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1517) Version 10.0.15063.674|
+| RSASP1: Modulus Size: 2048 (bits) Version 10.0.15063.674|
+| ECDSA SigGen: Prerequisite: DRBG [#1732](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1732)|Microsoft Surface Hub MsBignum Cryptographic Implementations [#1515](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1515) Version 10.0.15063.674|
+| ECDSA SigGen: Prerequisite: DRBG [#1732](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1732)|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#1514](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1514) Version 10.0.15063.674|
+|RSADP: Modulus Size: 2048 (bits)|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#1513](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1513) Version 10.0.15063.674|
+| RSASP1: Modulus Size: 2048 (bits) Version 10.0.15063.674|
+| IKEv1: Diffie-Hellman shared secrets: Diffie-Hellman shared secret: Diffie-Hellman shared secret: Prerequisite: SHS [#4011](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4011), HMAC [#3269](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3269) IKEv2: Diffie-Hellman shared secret: Diffie-Hellman shared secret: Diffie-Hellman shared secret: Prerequisite: SHS [#4011](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4011), HMAC [#3269](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3269) TLS: SHA Functions: SHA-256, SHA-384 Prerequisite: SHS [#4011](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4011), HMAC [#3269](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3269)|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#1511](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1511) Version 10.0.15063.674|
+| ECDSA SigGen: Prerequisite: DRBG [#1731](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1731)|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#1510](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1510) Version 10.0.15254|
+|RSADP: Modulus Size: 2048 (bits)|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#1509](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1509) Version 10.0.15254|
+| RSASP1: Modulus Size: 2048 (bits) Version 10.0.15254|
+| IKEv1: Diffie-Hellman shared secret: Diffie-Hellman shared secret: Diffie-Hellman shared secret: Prerequisite: SHS [#4010](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4010), HMAC [#3268](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3268) IKEv2: Diffie-Hellman shared secret: Diffie-Hellman shared secret: Diffie-Hellman shared secret: Prerequisite: SHS [#4010](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4010), HMAC [#3268](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3268) TLS: SHA Functions: SHA-256, SHA-384 Prerequisite: SHS [#4010](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4010), HMAC [#3268](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3268)|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#1507](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1507) Version 10.0.15254|
+| ECDSA SigGen: Prerequisite: DRBG [#1731](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1731)|Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations [#1506](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1506) Version 10.0.15254|
+|RSADP: Modulus Size: 2048 (bits)|Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations [#1505](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1505) Version 10.0.15254|
+| RSASP1: Modulus Size: 2048 (bits) Version 10.0.15254|
+| ECDSA SigGen: Prerequisite: DRBG [#1730](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1730)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations [#1503](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1503) Version 10.0.16299|
+|RSADP: Modulus Size: 2048 (bits)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations [#1502](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1502) Version 10.0.16299|
+| RSASP1: Modulus Size: 2048 (bits) Version 10.0.16299|
+| ECDSA SigGen: Prerequisite: DRBG [#1730](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1730)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations [#1499](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1499) Version 10.0.16299|
+|RSADP: Modulus Size: 2048 (bits)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations [#1498](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1498) Version 10.0.16299|
+| RSASP1: Modulus Size: 2048 (bits) Version 10.0.16299|
+| IKEv1: Diffie-Hellman shared secret: Diffie-Hellman shared secret: Diffie-Hellman shared secret: Prerequisite: SHS [#4009](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009), HMAC [#3267](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3267) IKEv2: Diffie-Hellman shared secret: Diffie-Hellman shared secret: Diffie-Hellman shared secret: Prerequisite: SHS [#4009](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009), HMAC [#3267](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3267) TLS: SHA Functions: SHA-256, SHA-384 Prerequisite: SHS [#4009](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009), HMAC [#3267](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3267)|Windows 10 Home, Pro, Enterprise, Education,Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations [#1496](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1496) Version 10.0.16299|
+|FIPS186-4 ECDSA Signature Generation of hash sized messages ECDSA SigGen Component: CURVES(P-256 P-384 P-521)|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations [#1284](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1284) Version 10.0. 15063 Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#1279](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1279) Version 10.0. 15063 Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations [#922](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#922) Version 10.0.14393 Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations [#894](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#894) Version 10.0.14393icrosoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations [#666](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#666) Version 10.0.10586 Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations [#288](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#288) Version 6.3.9600|
+|FIPS186-4 RSA; PKCS#1 v2.1 RSASP1 Signature Primitive RSASP1: (Mod2048: PKCS1.5 PKCSPSS)|Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations [#1285](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1285) Version 10.0.15063 Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations [#1282](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1282) Version 10.0.15063 Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#1280](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1280) Version 10.0.15063 Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations [#893](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#893) Version 10.0.14393 Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations [#888](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#888) Version 10.0.14393 Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations [#665](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#665) Version 10.0.10586 Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations [#572](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#572) Version 10.0.10240 Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry MsBignum Cryptographic Implementations [#289](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#289) Version 6.3.9600|
+|FIPS186-4 RSA; RSADP RSADP Primitive RSADP: (Mod2048)|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations [#1283](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1283) Version 10.0.15063 Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#1281](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1281) Version 10.0.15063 Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations [#895](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#895) Version 10.0.14393 Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations [#887](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#887) Version 10.0.14393 Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations [#663](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#663) Version 10.0.10586 Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations [#576](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#576) Version 10.0.10240|
+|SP800-135 Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations [#1496](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1496) Version 10.0.16299 Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#1278](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1278) Version 10.0.15063 Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#1140](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1140) Version 7.00.2872 Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#1139](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1139) Version 8.00.6246 Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update BcryptPrimitives and NCryptSSLp [#886](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#886) Version 10.0.14393 Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” BCryptPrimitives and NCryptSSLp [#664](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#664) Version 10.0.10586 Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 BCryptPrimitives and NCryptSSLp [#575](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#575) Version 10.0.10240 Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 BCryptPrimitives and NCryptSSLp [#323](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#323) Version 6.3.9600|
## Contact
@@ -7346,4 +960,4 @@ fips@microsoft.com
* [FIPS 140-2, Security Requirements for Cryptographic Modules](http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf))
* [Cryptographic Module Validation Program (CMVP) FAQ](http://csrc.nist.gov/groups/stm/cmvp/documents/cmvpfaq.pdf)
* [SP 800-57 - Recommendation for Key Management – Part 1: General (Revised)](https://csrc.nist.gov/publications/detail/sp/800-57-part-1/rev-5/final)
-* [SP 800-131A - Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths](http://csrc.nist.gov/publications/nistpubs/800-131a/sp800-131a.pdf)
\ No newline at end of file
+* [SP 800-131A - Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths](http://csrc.nist.gov/publications/nistpubs/800-131a/sp800-131a.pdf)
-
+ |Windows PowerShell command|Description|
+ |--- |--- |
+ |`Export-UevPackage MicrosoftNotepad.pkgx`|Extracts the settings from a Microsoft Notepad package file and converts them into a human-readable format in XML.|
+ |`Repair-UevTemplateIndex`|Repairs the index of the UE-V settings location templates.|
## To configure the UE-V service with WMI
@@ -225,91 +85,21 @@ You can use Windows Management Instrumentation (WMI) and Windows PowerShell to m
2. Use the following WMI commands to configure the service.
-
-
-
-
- Export-UevPackage MicrosoftNotepad.pkgx
-
-
- Repair-UevTemplateIndex
-
+ |`Windows PowerShell command`|Description|
+ |--- |--- |
+ |`Get-WmiObject -Namespace root\Microsoft\UEV Configuration`|Displays the active UE-V service settings. User-specific settings have precedence over the computer settings.|
+ |`Get-WmiObject -Namespace root\Microsoft\UEV UserConfiguration`|Displays the UE-V service configuration that is defined for a user.|
+ |`Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration`|Displays the UE-V service configuration that is defined for a computer.|
+ |`Get-WmiObject -Namespace root\Microsoft\Uev ConfigurationItem`|Displays the details for each configuration item.|
+ |`$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration`
-
-
-
- Windows PowerShell commandDescription
-
-
- Get-WmiObject -Namespace root\Microsoft\UEV Configuration
-
- Get-WmiObject -Namespace root\Microsoft\UEV UserConfiguration
-
- Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration
-
- Get-WmiObject -Namespace root\Microsoft\Uev ConfigurationItem
-
- $config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration$config.SettingsStoragePath = <path_to_settings_storage_location>
-
- $config = Get-WmiObject -Namespace root\Microsoft\UEV UserConfiguration$config.SettingsStoragePath = <path_to_settings_storage_location>$config.Put()
-
- $config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration$config.SyncTimeoutInMilliseconds = <timeout_in_milliseconds>$config.Put()
-
- $config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration$config.MaxPackageSizeInBytes = <size_in_bytes>$config.Put()
-
- $config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration$config.SyncMethod = <sync_method>$config.Put()
-
- $config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration$config.<setting name> = $true$config.Put()
-
- $config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration$config.<setting name> = $false$config.Put()
-
- $config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration$config.<setting name> = <setting value>$config.Put()
-
-
- $config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration$config.<setting name> = <setting value>$config.Put()
-
-
-
-
-
-
+ |WMI command|Description|
+ |--- |--- |
+ |`Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class UserSettings -Name ExportPackage -ArgumentList
-
-
-
- WMI command
- Description
-
-
- Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class UserSettings -Name ExportPackage -ArgumentList <package name>
-
-
- Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class SettingsLocationTemplate -Name RebuildIndex
-
-
+ |User account|Recommended permissions|
+ |--- |--- |
+ |Everyone|No permissions|
+ |Security group of UE-V|Full control|
2. Set the following NTFS file system permissions for the settings storage location folder.
-
-
-
-
- User account
- Recommended permissions
-
-
-
-
-
-
-
+ |User account|Recommended permissions|Folder|
+ |--- |--- |--- |
+ |Creator/Owner|No permissions|No permissions|
+ |Domain Admins|Full control|This folder, subfolders, and files|
+ |Security group of UE-V users|List folder/read data, create folders/append data|This folder only|
+ |Everyone|Remove all permissions|No permissions|
3. Set the following share-level SMB permissions for the settings template catalog folder.
-
-
-
-
- User account
- Recommended permissions
- Folder
-
-
-
-
-
-
-
-
-
-
-
-
+ |User account|Recommend permissions|
+ |--- |--- |
+ |Everyone|No permissions|
+ |Domain computers|Read permission Levels|
+ |Administrators|Read/write permission levels|
4. Set the following NTFS permissions for the settings template catalog folder.
-
-
-
-
- User account
- Recommend permissions
-
-
-
-
-
-
-
-
-
+ |User account|Recommended permissions|Apply to|
+ |--- |--- |--- |
+ |Creator/Owner|Full control|This folder, sub-folders, and files|
+ |Domain Computers|List folder contents and Read permissions|This folder, sub-folders, and files|
+ |Everyone|No permissions|No permissions|
+ |Administrators|Full Control|This folder, sub-folders, and files|
### Use Windows Server as of Windows Server 2003 to host redirected file shares
@@ -205,7 +104,8 @@ To ensure that UE-V works optimally, create only the root share on the server, a
This permission configuration enables users to create folders for settings storage. The UE-V service creates and secures a settings package folder while it runs in the context of the user. Users receive full control to their settings package folder. Other users do not inherit access to this folder. You do not have to create and secure individual user directories. The UE-V service that runs in the context of the user does it automatically.
-> **Note** Additional security can be configured when a Windows Server is used for the settings storage share. UE-V can be configured to verify that either the local Administrators group or the current user is the owner of the folder where settings packages are stored. To enable additional security, use the following command:
+> [!NOTE]
+> Additional security can be configured when a Windows Server is used for the settings storage share. UE-V can be configured to verify that either the local Administrators group or the current user is the owner of the folder where settings packages are stored. To enable additional security, use the following command:
1. Add the REG\_DWORD registry key RepositoryOwnerCheckEnabled to `HKEY_LOCAL_MACHINE\Software\Microsoft\UEV\Agent\Configuration`.
@@ -234,11 +134,6 @@ If you plan to share settings location templates with anyone outside your organi
To remove the template author name or template author email, you can use the UE-V generator application. From the generator, select **Edit a Settings Location Template**. Select the settings location template to edit from the recently used templates or Browse to the settings template file. Select **Next** to continue. On the Properties page, remove the data from the Template author name or Template author email text fields. Save the settings location template.
-
-
-
-
-
## Related topics
[Technical Reference for UE-V](uev-technical-reference.md)
diff --git a/windows/configuration/ue-v/uev-sync-trigger-events.md b/windows/configuration/ue-v/uev-sync-trigger-events.md
index 1c4975fe78..d9006a04ab 100644
--- a/windows/configuration/ue-v/uev-sync-trigger-events.md
+++ b/windows/configuration/ue-v/uev-sync-trigger-events.md
@@ -22,96 +22,18 @@ User Experience Virtualization (UE-V) lets you synchronize your application and
## UE-V Sync Trigger Events
-
The following table explains the trigger events for classic applications and Windows settings.
-
-
-
-
- User account
- Recommended permissions
- Apply to
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|UE-V Trigger Event|SyncMethod=SyncProvider|SyncMethod=None|
+|--- |--- |--- |
+|**Windows Logon**|
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Office 2016 templates (UE-V for Windows 10 and Windows 10, version 1607, available in UE-V gallery)|Office 2013 templates (UE-V for Windows 10 and UE-V 2.x, available on UE-V gallery)|Office 2010 templates (UE-V 1.0 and 1.0 SP1)|
+|--- |--- |--- |
+|MicrosoftOffice2016Win32.xml
-
-
-
-Office 2016 templates (UE-V for Windows 10 and Windows 10, version 1607, available in UE-V gallery)
-Office 2013 templates (UE-V for Windows 10 and UE-V 2.x, available on UE-V gallery)
-Office 2010 templates (UE-V 1.0 and 1.0 SP1)
-
-
-
-
-
-
-
+|2016|2013|2010|
+|--- |--- |--- |
+|Microsoft Access 2016
-
-
-
Make sure that your device supports UEFI before attempting to convert the disk.
+> [!IMPORTANT]
+> After the disk has been converted to GPT partition style, the firmware must be reconfigured to boot in UEFI mode.
+>
+> Make sure that your device supports UEFI before attempting to convert the disk.
## Disk Prerequisites
@@ -62,9 +65,7 @@ If any of these checks fails, the conversion will not proceed and an error will
## Syntax
-
-
+`MBR2GPT /validate|convert [/disk:MBR2GPT /validate|convert [/disk:<diskNumber>] [/logs:<logDirectory>] [/map:<source>=<destination>] [/allowFullOS]
-
- a. It is not also the OS or Windows Recovery Environment partition.
- b. It is at least 100MB (or 260MB for 4K sector size disks) in size.
- c. It is less than or equal to 1GB in size. This is a safety precaution to ensure it is not a data partition.
- d. The conversion is not being performed from the full OS. In this case, the existing MBR system partition is in use and cannot be repurposed.
+1. The existing MBR system partition is reused if it meets these requirements:
+ 1. It is not also the OS or Windows Recovery Environment partition.
+ 1. It is at least 100MB (or 260MB for 4K sector size disks) in size.
+ 1. It is less than or equal to 1GB in size. This is a safety precaution to ensure it is not a data partition.
+ 1. The conversion is not being performed from the full OS. In this case, the existing MBR system partition is in use and cannot be repurposed.
+
2. If the existing MBR system partition cannot be reused, a new ESP is created by shrinking the OS partition. This new partition has a size of 100MB (or 260MB for 4K sector size disks) and is formatted FAT32.
If the existing MBR system partition is not reused for the ESP, it is no longer used by the boot process after the conversion. Other partitions are not modified.
@@ -272,7 +274,10 @@ For more information about partition types, see:
### Persisting drive letter assignments
-The conversion tool will attempt to remap all drive letter assignment information contained in the registry that correspond to the volumes of the converted disk. If a drive letter assignment cannot be restored, an error will be displayed at the console and in the log, so that you can manually perform the correct assignment of the drive letter. **Important**: this code runs after the layout conversion has taken place, so the operation cannot be undone at this stage.
+The conversion tool will attempt to remap all drive letter assignment information contained in the registry that correspond to the volumes of the converted disk. If a drive letter assignment cannot be restored, an error will be displayed at the console and in the log, so that you can manually perform the correct assignment of the drive letter.
+
+> [!IMPORTANT]
+> This code runs after the layout conversion has taken place, so the operation cannot be undone at this stage.
The conversion tool will obtain volume unique ID data before and after the layout conversion, organizing this information into a lookup table. It will then iterate through all the entries in **HKLM\SYSTEM\MountedDevices**, and for each entry do the following:
@@ -293,7 +298,10 @@ Four log files are created by the MBR2GPT tool:
- setupact.log
- setuperr.log
-These files contain errors and warnings encountered during disk validation and conversion. Information in these files can be helpful in diagnosing problems with the tool. The setupact.log and setuperr.log files will have the most detailed information about disk layouts, processes, and other information pertaining to disk validation and conversion. Note: The setupact*.log files are different than the Windows Setup files that are found in the %Windir%\Panther directory.
+These files contain errors and warnings encountered during disk validation and conversion. Information in these files can be helpful in diagnosing problems with the tool. The setupact.log and setuperr.log files will have the most detailed information about disk layouts, processes, and other information pertaining to disk validation and conversion.
+
+> [!NOTE]
+> The setupact*.log files are different than the Windows Setup files that are found in the %Windir%\Panther directory.
The default location for all these log files in Windows PE is **%windir%**.
@@ -303,8 +311,7 @@ To view a list of options available when using the tool, type **mbr2gpt /?**
The following text is displayed:
-```
-
+```console
C:\> mbr2gpt /?
Converts a disk from MBR to GPT partitioning without modifying or deleting data on the disk.
@@ -365,7 +372,7 @@ MBR2GPT has the following associated return codes:
You can type the following command at a Windows PowerShell prompt to display the disk number and partition type. Example output is also shown:
-```
+```powershell
PS C:\> Get-Disk | ft -Auto
Number Friendly Name Serial Number HealthStatus OperationalStatus Total Size Partition Style
@@ -376,12 +383,12 @@ Number Friendly Name Serial Number HealthStatus OperationalStatus To
You can also view the partition type of a disk by opening the Disk Management tool, right-clicking the disk number, clicking **Properties**, and then clicking the **Volumes** tab. See the following example:
-
+:::image type="content" alt-text="Volumes." source="images/mbr2gpt-volume.png":::
If Windows PowerShell and Disk Management are not available, such as when you are using Windows PE, you can determine the partition type at a command prompt with the DiskPart tool. To determine the partition style from a command line, type **diskpart** and then type **list disk**. See the following example:
-```
+```console
X:\>DiskPart
Microsoft DiskPart version 10.0.15048.0
@@ -424,31 +431,36 @@ To fix this issue, mount the Windows PE image (WIM), copy the missing file from
2. Copy the ReAgent files and the ReAgent localization files from the Windows 10, version 1903 ADK source folder to the mounted WIM.
- For example, if the ADK is installed to the default location of C:\Program Files (x86)\Windows Kits\10 and the Windows PE image is mounted to C:\WinPE_Mount, run the following commands from an elevated Command Prompt window:
+ For example, if the ADK is installed to the default location of C:\Program Files (x86)\Windows Kits\10 and the Windows PE image is mounted to C:\WinPE_Mount, run the following commands from an elevated Command Prompt window:
- > [!NOTE]
- > You can access the ReAgent files if you have installed the User State Migration Tool (USMT) as a feature while installing Windows Assessment and Deployment Kit.
+ > [!NOTE]
+ > You can access the ReAgent files if you have installed the User State Migration Tool (USMT) as a feature while installing Windows Assessment and Deployment Kit.
- **Command 1:**
- ```cmd
- copy "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Setup\amd64\Sources\ReAgent*.*" "C:\WinPE_Mount\Windows\System32"
- ```
- This command copies three files:
+ **Command 1:**
+
+ ```console
+ copy "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Setup\amd64\Sources\ReAgent*.*" "C:\WinPE_Mount\Windows\System32"
+ ```
+
+ This command copies three files:
- * ReAgent.admx
- * ReAgent.dll
- * ReAgent.xml
+ * ReAgent.admx
+ * ReAgent.dll
+ * ReAgent.xml
- **Command 2:**
- ```cmd
- copy "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Setup\amd64\Sources\En-Us\ReAgent*.*" "C:\WinPE_Mount\Windows\System32\En-Us"
- ```
- This command copies two files:
- * ReAgent.adml
- * ReAgent.dll.mui
+ **Command 2:**
+
+ ```console
+ copy "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Setup\amd64\Sources\En-Us\ReAgent*.*" "C:\WinPE_Mount\Windows\System32\En-Us"
+ ```
+
+ This command copies two files:
- > [!NOTE]
- > If you aren't using an English version of Windows, replace "En-Us" in the path with the appropriate string that represents the system language.
+ * ReAgent.adml
+ * ReAgent.dll.mui
+
+ > [!NOTE]
+ > If you aren't using an English version of Windows, replace "En-Us" in the path with the appropriate string that represents the system language.
3. After you copy all the files, commit the changes and unmount the Windows PE WIM. MBR2GPT.exe now functions as expected in Windows PE. For information about how to unmount WIM files while committing changes, see [Unmounting an image](/windows-hardware/manufacture/desktop/mount-and-modify-a-windows-image-using-dism#unmounting-an-image).
@@ -457,4 +469,4 @@ To fix this issue, mount the Windows PE image (WIM), copy the missing file from
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx)
[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications)
-
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
\ No newline at end of file
+
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
diff --git a/windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md b/windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md
index 5edd92497e..3ad9a31c4c 100644
--- a/windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md
+++ b/windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md
@@ -37,65 +37,14 @@ On the user interface for the Standard User Analyzer (SUA) tool, you can apply f
3. On the **Options** menu, click a command that corresponds to the filter that you want to apply. The following table describes the commands.
-
-
-
-
-
-
-
-
-
-
-
-
-
+ |Options menu command|Description|
+ |--- |--- |
+ |**Filter Noise**|Filters noise from the issues.
-
-
-
- Options menu command
- Description
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Description|Data type|
+|--- |--- |--- |
+|APP_NAME|Name of the application.|String|
+|DATABASE_GUID|Unique ID for your compatibility database.|String|
+|DATABASE_INSTALLED|Specifies if you have installed the database.|Boolean|
+|DATABASE_NAME|Descriptive name of your database.|String|
+|DATABASE_PATH|Location of the database on your computer.|String|
+|FIX_COUNT|Number of compatibility fixes applied to a specific application.|Integer|
+|FIX_NAME|Name of your compatibility fix.|String|
+|MATCH_COUNT|Number of matching files for a specific, fixed application.|Integer|
+|MATCHFILE_NAME|Name of a matching file used to identify a specific, fixed application.|String|
+|MODE_COUNT|Number of compatibility modes applied to a specific, fixed application.|Integer|
+|MODE_NAME|Name of your compatibility mode.|String|
+|PROGRAM_APPHELPTYPE|Type of AppHelp message applied to an entry. The value can be 1 or 2, where 1 enables the program to run and 2 blocks the program.|Integer|
+|PROGRAM_DISABLED|Specifies if you disabled the compatibility fix for an application. If True, Compatibility Administrator does not apply the fixes to the application.|Boolean|
+|PROGRAM_GUID|Unique ID for an application.|String|
+|PROGRAM_NAME|Name of the application that you are fixing.|String|
## Available Operators
-
The following table shows the operators that you can use for querying your customized-compatibility databases in the Compatibility Administrator.
-
-
-
-
-Attribute
-Description
-Data type
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Symbol|Description|Data type|Precedence|
+|--- |--- |--- |--- |
+|>|Greater than|Integer or string|1|
+|>=|Greater than or equal to|Integer or string|1|
+|<|Less than|Integer or string|1|
+|<=|Less than or equal to|Integer or string|1|
+|<>|Not equal to|Integer or string|1|
+|=|Equal to|Integer, string, or Boolean|1|
+|HAS|A special SQL operator used to check if the left-hand operand contains a substring specified by the right-hand operand.|Left-hand operand. MATCHFILE_NAME, MODE_NAME, FIX_NAME
-
-
-
-Symbol
-Description
-Data type
-Precedence
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Right-hand operand. String|1|
+|OR|Logical OR operator|Boolean|2|
+|AND|Logical AND operator|Boolean|2|
## Related topics
+
[Using the Compatibility Administrator Tool](using-the-compatibility-administrator-tool.md)
-
-
-
-
-
-
-
-
diff --git a/windows/deployment/planning/compatibility-administrator-users-guide.md b/windows/deployment/planning/compatibility-administrator-users-guide.md
index 9b6a2402c6..f0d03186b1 100644
--- a/windows/deployment/planning/compatibility-administrator-users-guide.md
+++ b/windows/deployment/planning/compatibility-administrator-users-guide.md
@@ -44,29 +44,8 @@ The following flowchart shows the steps for using the Compatibility Administrato
## In this section
-
-
+|Topic|Description|
+|--- |--- |
+|[Using the Compatibility Administrator Tool](using-the-compatibility-administrator-tool.md)|This section provides information about using the Compatibility Administrator tool.|
+|[Managing Application-Compatibility Fixes and Custom Fix Databases](managing-application-compatibility-fixes-and-custom-fix-databases.md)|This section provides information about managing your application-compatibility fixes and custom-compatibility fix databases. This section explains the reasons for using compatibility fixes and how to deploy custom-compatibility fix databases.|
+|[Using the Sdbinst.exe Command-Line Tool](using-the-sdbinstexe-command-line-tool.md)|You must deploy your customized database (.Sdb) files to other computers in your organization before your compatibility fixes, compatibility modes, and AppHelp messages are applied. You can deploy your customized database files in several ways. Including, by using a logon script, by using Group Policy, or by performing file copy operations.|
\ No newline at end of file
diff --git a/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md b/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md
index eda58b00ab..6f317ff61b 100644
--- a/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md
+++ b/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md
@@ -42,933 +42,131 @@ If you start the Compatibility Administrator as an Administrator (with elevated
The following table lists the known compatibility fixes for all Windows operating systems that have been released from Windows Vista through Windows 10. The fixes are listed in alphabetical order.
-
-
-
-
-Topic
-Description
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Fix|Fix Description|
+|--- |--- |
+|8And16BitAggregateBlts|Applications that are mitigated by 8/16-bit mitigation can exhibit performance issues. This layer aggregates all the blt operations and improves performance.|
+|8And16BitDXMaxWinMode|Applications that use DX8/9 and are mitigated by the 8/16-bit mitigation are run in a maximized windowed mode. This layer mitigates applications that exhibit graphical corruption in full screen mode.|
+|8And16BitGDIRedraw|This fix repairs applications that use GDI and that work in 8-bit color mode. The application is forced to repaint its window on RealizePalette.|
+|AccelGdipFlush|This fix increases the speed of GdipFlush, which has perf issues in DWM.|
+|AoaMp4Converter|This fix resolves a display issue for the AoA Mp4 Converter.|
+|BIOSRead|This problem is indicated when an application cannot access the **Device\PhysicalMemory** object beyond the kernel-mode drivers, on any of the Windows Server® 2003 operating systems.
-
-
-
-Fix
-Fix Description
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Software\MyCompany\Key1^Software\MyCompany\Key2.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-9.0.c.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Where the DLL_Name is the name of the specific DLL, including the file extension. Flag_Type is KERNEL, USER, or PROCESS, and a Hexidecimal_Value, starting with 0x and up to 64 bits long.
Where Deprecated_Service is the name of the service that has been deprecated and App_Service is the name of the specific application service that is to be modified; for example, NtLmSsp\WMI.
`MAJORVERSION.MINORVERSION.LETTER`
Where Exception1 and Exception2 are specific exceptions to be ignored. For example: ACCESS_VIOLATION_READ:1;ACCESS_VIOLATION_WRITE:1.
Desktop or Quick Launch shortcuts: You must manually place the shortcuts on the individual user's desktop or Quick Launch bar.
Where the Client is the name of the email protocol, Protocol is mailto, and App is the name of the application.
Where MessageString1 and MessageString2 reflect the message strings that can pass.
For more detailed information about this application fix, see [Using the VirtualizeHKCRLite Fix](/previous-versions/windows/it-pro/windows-7/dd638327(v=ws.10)).|
+|VirtualizeRegisterTypeLib|The fix, when it is used with the VirtualizeHKCRLite fix, ensures that the type library and the COM class registration happen simultaneously. This functions much like the RegistryTypeLib fix when the RegisterTypeLibForUser parameter is used.
Where Component1.dll and Component2.dll reflect the components to be skipped.
-
\ No newline at end of file
+|Compatibility Mode Name|Description|Included Compatibility Fixes|
+|--- |--- |--- |
+|WinSrv03|Emulates the Windows Server 2003 operating system.|
-
-
-
-Compatibility Mode Name
-Description
-Included Compatibility Fixes
-
-
-
-
-
-
-
-
-
+|Vendor name|Product description|HWID|Windows Update availability|
+|--- |--- |--- |--- |
+|Broadcom|802.11abgn Wireless SDIO adapter|sd\vid_02d0&pid_4330&fn_1|Contact the system OEM or Broadcom for driver availability.|
+|Broadcom|802.11n Network Adapter|pci\ven_14e4&dev_4331&subsys_00d6106b&rev_02|Contact the system OEM or Broadcom for driver availability.|
+|Broadcom|802.11n Network Adapter|pci\ven_14e4&dev_4331&subsys_00f5106b&rev_02|Contact the system OEM or Broadcom for driver availability.|
+|Broadcom|802.11n Network Adapter|pci\ven_14e4&dev_4331&subsys_00ef106b&rev_02|Contact the system OEM or Broadcom for driver availability.|
+|Broadcom|802.11n Network Adapter|pci\ven_14e4&dev_4331&subsys_00f4106b&rev_02|Contact the system OEM or Broadcom for driver availability.|
+|Broadcom|802.11n Network Adapter|pci\ven_14e4&dev_4331&subsys_010e106b&rev_02|Contact the system OEM or Broadcom for driver availability.|
+|Broadcom|802.11n Network Adapter|pci\ven_14e4&dev_4331&subsys_00e4106b&rev_02|Contact the system OEM or Broadcom for driver availability.|
+|Broadcom|802.11n Network Adapter|pci\ven_14e4&dev_4331&subsys_433114e4&rev_02|Contact the system OEM or Broadcom for driver availability.|
+|Broadcom|802.11n Network Adapter|pci\ven_14e4&dev_4331&subsys_010f106b&rev_02|Contact the system OEM or Broadcom for driver availability.|
+|Marvell|Yukon 88E8001/8003/8010 PCI Gigabit Ethernet|pci\ven_11ab&dev_4320&subsys_811a1043|[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619080)
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
[64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619082)|
+|Marvell|Libertas 802.11b/g Wireless|pci\ven_11ab&dev_1faa&subsys_6b001385&rev_03|[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619128)
[64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619129)|
+|Qualcomm|Atheros AR6004 Wireless LAN Adapter|sd\vid_0271&pid_0401|[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619086)
64-bit driver not available|
+|Qualcomm|Atheros AR5BWB222 Wireless Network Adapter|pci\ven_168c&dev_0034&subsys_20031a56|[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619348)
64-bit driver not available|
+|Qualcomm|Atheros AR5BWB222 Wireless Network Adapter|pci\ven_168c&dev_0034&subsys_020a1028&rev_01|Contact the system OEM or Qualcom for driver availability.|
+|Qualcomm|Atheros AR5005G Wireless Network Adapter|pci\ven_168c&dev_001a&subsys_04181468&rev_01|[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619349)
-
+ |Mitigation menu command|Description|
+ |--- |--- |
+ |**Apply Mitigations**|Opens the **Mitigate AppCompat Issues** dialog box, in which you can select the fixes that you intend to apply to the application.|
+ |**Undo Mitigations**|Removes the application fixes that you just applied.
-
-
-
- Mitigation menu command
- Description
-
-
-
-
-
-
-
-
-
-
-
+|Topic|Description|
+|--- |--- |
+|[Understanding and Using Compatibility Fixes](understanding-and-using-compatibility-fixes.md)|As the Windows operating system evolves to support new technology and functionality, the implementations of some functions may change. This can cause problems for applications that relied upon the original implementation. You can avoid compatibility issues by using the Microsoft Windows Application Compatibility (Compatibility Fix) infrastructure to create a specific application fix for a particular version of an application.|
+|[Compatibility Fix Database Management Strategies and Deployment](compatibility-fix-database-management-strategies-and-deployment.md)|After you determine that you will use compatibility fixes in your application-compatibility mitigation strategy, you must define a strategy to manage your custom compatibility-fix database. Typically, you can use one of two approaches:|
+|[Testing Your Application Mitigation Packages](testing-your-application-mitigation-packages.md)|This topic provides details about testing your application-mitigation packages, including recommendations about how to report your information and how to resolve any outstanding issues.|
## Related topics
+
[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
[Using the Compatibility Administrator Tool](using-the-compatibility-administrator-tool.md)
diff --git a/windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md b/windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md
index d4b510cd08..69a2bc6507 100644
--- a/windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md
+++ b/windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md
@@ -37,41 +37,12 @@ On the user interface for the Standard User Analyzer (SUA) tool, you can show th
3. On the **View** menu, click the command that corresponds to the messages that you want to see. The following table describes the commands.
-
-
-
-
-Topic
-Description
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|View menu command|Description|
+|--- |--- |
+|**Error Messages**|When this command is selected, the user interface shows error messages that the SUA tool has generated. Error messages are highlighted in pink.
-
-
-
- View menu command
- Description
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Topic|Description|
+|--- |--- |
+|[Using the SUA Wizard](using-the-sua-wizard.md)|The Standard User Analyzer (SUA) Wizard works much like the SUA tool to evaluate User Account Control (UAC) issues. However, the SUA Wizard does not offer detailed analysis, and it cannot disable virtualization or elevate your permissions.|
+|[Using the SUA Tool](using-the-sua-tool.md)|By using the Standard User Analyzer (SUA) tool, you can test your applications and monitor API calls to detect compatibility issues with the User Account Control (UAC) feature.|
diff --git a/windows/deployment/planning/tabs-on-the-sua-tool-interface.md b/windows/deployment/planning/tabs-on-the-sua-tool-interface.md
index d3c279c3eb..b1fcb63b8d 100644
--- a/windows/deployment/planning/tabs-on-the-sua-tool-interface.md
+++ b/windows/deployment/planning/tabs-on-the-sua-tool-interface.md
@@ -31,76 +31,15 @@ The tabs in the Standard User Analyzer (SUA) tool show the User Account Control
The following table provides a description of each tab on the user interface for the SUA tool.
-
-
-
-
-Topic
-Description
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Tab name|Description|
+|--- |--- |
+|App Info|Provides the following information for the selected application:
-
-
-
-Tab name
-Description
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Topic|Description|
+|--- |--- |
+|[Available Data Types and Operators in Compatibility Administrator](available-data-types-and-operators-in-compatibility-administrator.md)|The Compatibility Administrator tool provides a way to query your custom-compatibility databases.|
+|[Searching for Fixed Applications in Compatibility Administrator](searching-for-fixed-applications-in-compatibility-administrator.md)|With the search functionality in Compatibility Administrator, you can locate specific executable (.exe) files with previously applied compatibility fixes, compatibility modes, or AppHelp messages. This is particularly useful if you are trying to identify applications with a specific compatibility fix or identifying which fixes are applied to a specific application.|
+|[Searching for Installed Compatibility Fixes with the Query Tool in Compatibility Administrator](searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md)|You can access the Query tool from within Compatibility Administrator. The Query tool provides the same functionality as using the Search feature.|
+|[Creating a Custom Compatibility Fix in Compatibility Administrator](creating-a-custom-compatibility-fix-in-compatibility-administrator.md)|The Compatibility Administrator tool uses the term fix to describe the combination of compatibility information added to a customized database for a specific application. This combination can include single application fixes, groups of fixes that work together as a compatibility mode, and blocking and non-blocking AppHelp messages.|
+|[Creating a Custom Compatibility Mode in Compatibility Administrator](creating-a-custom-compatibility-mode-in-compatibility-administrator.md)|Windows® provides several compatibility modes, groups of compatibility fixes found to resolve many common application-compatibility issues. While working with Compatibility Administrator, you might decide to group some of your individual compatibility fixes into a custom-compatibility mode, which you can then deploy and use on any of your compatibility databases.|
+|[Creating an AppHelp Message in Compatibility Administrator](creating-an-apphelp-message-in-compatibility-administrator.md)|The Compatibility Administrator tool enables you to create an AppHelp text message. This is a blocking or non-blocking message that appears when a user starts an application that you know has major functionality issues on the Windows® operating system.|
+|[Viewing the Events Screen in Compatibility Administrator](viewing-the-events-screen-in-compatibility-administrator.md)|The **Events** screen enables you to record and to view your activities in the Compatibility Administrator tool, provided that the screen is open while you perform the activities.|
+|[Enabling and Disabling Compatibility Fixes in Compatibility Administrator](enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md)|You can disable and enable individual compatibility fixes in your customized databases for testing and troubleshooting purposes.|
+|[Installing and Uninstalling Custom Compatibility Databases in Compatibility Administrator](installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md)|The Compatibility Administrator tool enables the creation and the use of custom-compatibility and standard-compatibility databases. Both the custom databases and the standard databases store the known compatibility fixes, compatibility modes, and AppHelp messages. They also store the required application-matching information for installation on your local computers.|
diff --git a/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md b/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md
index 649a832f90..3369ff0c1e 100644
--- a/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md
+++ b/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md
@@ -1,6 +1,6 @@
---
title: Using the Sdbinst.exe Command-Line Tool (Windows 10)
-description: Learn how to deploy customized database (.sdb) files using the Sdbinst.exe Command-Line Tool. Review a list of command line options.
+description: Learn how to deploy customized database (.sdb) files using the Sdbinst.exe Command-Line Tool. Review a list of command-line options.
ms.assetid: c1945425-3f8d-4de8-9d2d-59f801f07034
ms.reviewer:
manager: laurawi
@@ -28,15 +28,16 @@ ms.topic: article
- Windows Server 2012
- Windows Server 2008 R2
-You must deploy your customized database (.sdb) files to other computers in your organization before your compatibility fixes, compatibility modes, and AppHelp messages are applied. You can deploy your customized database files in several ways, including by using a logon script, by using Group Policy, or by performing file copy operations.
+You must deploy your customized database (.sdb) files to other computers in your organization. That is, before your compatibility fixes, compatibility modes, and AppHelp messages are applied. You can deploy your customized database files in several ways. By using a logon script, by using Group Policy, or by performing file copy operations.
-After you deploy and store the customized databases on each of your local computers, you must register the database files. Until you register the database files, the operating system is unable to identify the available compatibility fixes when starting an application.
+After you deploy and store the customized databases on each of your local computers, you must register the database files.
+Until you register the database files, the operating system is unable to identify the available compatibility fixes when starting an application.
## Command-Line Options for Deploying Customized Database Files
Sample output from the command `Sdbinst.exe /?` in an elevated CMD window:
-```
+```console
Microsoft Windows [Version 10.0.14393]
(c) 2016 Microsoft Corporation. All rights reserved.
@@ -59,56 +60,15 @@ Sdbinst.exe \[-?\] \[-p\] \[-q\] \[-u\] \[-g\] \[-u filepath\] \[-g *GUID*\] \[-
The following table describes the available command-line options.
-
-
-
-
-Topic
-Description
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Option|Description|
+|--- |--- |
+|-?|Displays the Help for the Sdbinst.exe tool.
-
-
-
-Option
-Description
-
-
-sdbinst.exe -?
-
-sdbinst.exe -p C:\Windows\AppPatch\Myapp.sdb
-
-sdbinst.exe -q
-
-sdbinst.exe -u C:\example.sdb
-
-sdbinst.exe -g 6586cd8f-edc9-4ea8-ad94-afabea7f62e3
-
-
-sdbinst.exe -n "My_Database"
`sdbinst.exe -?`|
+|-p|Allows SDBs installation with Patches.
`sdbinst.exe -p C:\Windows\AppPatch\Myapp.sdb`|
+|-q|Does a silent installation with no visible window, status, or warning information. Fatal errors appear only in Event Viewer (Eventvwr.exe).
`sdbinst.exe -q`|
+|-u *filepath*|Does an uninstallation of the specified database.
`sdbinst.exe -u C:\example.sdb`|
+|-g *GUID*|Specifies the customized database to uninstall by a globally unique identifier (GUID).
`sdbinst.exe -g 6586cd8f-edc9-4ea8-ad94-afabea7f62e3`|
+|-n *"name"*|Specifies the customized database to uninstall by file name.
`sdbinst.exe -n "My_Database"`|
## Related topics
+
[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
diff --git a/windows/deployment/planning/windows-to-go-overview.md b/windows/deployment/planning/windows-to-go-overview.md
index 5dff0dda28..a35fdac4bf 100644
--- a/windows/deployment/planning/windows-to-go-overview.md
+++ b/windows/deployment/planning/windows-to-go-overview.md
@@ -135,93 +135,27 @@ When assessing the use of a PC as a host for a Windows To Go workspace you shoul
The following table details the characteristics that the host computer must have to be used with Windows To Go:
-
-
+|Item|Requirement|
+|--- |--- |
+|Boot process|Capable of USB boot|
+|Firmware|USB boot enabled. (PCs certified for use with Windows 7 or later can be configured to boot directly from USB, check with the hardware manufacturer if you are unsure of the ability of your PC to boot from USB)|
+|Processor architecture|Must support the image on the Windows To Go drive|
+|External USB Hubs|Not supported; connect the Windows To Go drive directly to the host machine|
+|Processor|1 Ghz or faster|
+|RAM|2 GB or greater|
+|Graphics|DirectX 9 graphics device with WDDM 1.2 or greater driver|
+|USB port|USB 2.0 port or greater|
**Checking for architectural compatibility between the host PC and the Windows To Go drive**
In addition to the USB boot support in the BIOS, the Windows 10 image on your Windows To Go drive must be compatible with the processor architecture and the firmware of the host PC as shown in the table below.
-
-
-
-
-Item
-Requirement
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Host PC Firmware Type|Host PC Processor Architecture|Compatible Windows To Go Image Architecture|
+|--- |--- |--- |
+|Legacy BIOS|32-bit|32-bit only|
+|Legacy BIOS|64-bit|32-bit and 64-bit|
+|UEFI BIOS|32-bit|32-bit only|
+|UEFI BIOS|64-bit|64-bit only|
## Additional resources
diff --git a/windows/deployment/update/waas-integrate-wufb.md b/windows/deployment/update/waas-integrate-wufb.md
index b5d5e02b67..4b5547147d 100644
--- a/windows/deployment/update/waas-integrate-wufb.md
+++ b/windows/deployment/update/waas-integrate-wufb.md
@@ -41,11 +41,13 @@ For Windows 10, version 1607 and later, devices can be configured to receive upd
- Admin has opted to put updates to Office and other products on WSUS
- Admin has also put 3rd party drivers on WSUS
-
-
-
-
-Host PC Firmware Type
-Host PC Processor Architecture
-Compatible Windows To Go Image Architecture
-
-
-
-
-
-
-
-
-
-
+|Content|Metadata source|Payload source|Deferred?|
+|--- |--- |--- |--- |
+|Updates to Windows|Windows Update|Windows Update|Yes|
+|Updates to Office and other products|WSUS|WSUS|No|
+|Third-party drivers|WSUS|WSUS|No|
+
+
### Configuration example \#2: Excluding drivers from Windows quality updates using Windows Update for Business
@@ -55,13 +57,13 @@ For Windows 10, version 1607 and later, devices can be configured to receive upd
- Device is also configured to be managed by WSUS
- Admin has opted to put Windows Update drivers on WSUS
+|Content|Metadata source|Payload source|Deferred?|
+|--- |--- |--- |--- |
+|Updates to Windows (excluding drivers)|Windows Update|Windows Update|Yes|
+|Updates to Office and other products|WSUS|WSUS|No|
+|Drivers|WSUS|WSUS|No|
-Content Metadata source Payload source Deferred?
- Updates to Windows Windows Update Windows Update Yes 
Updates to Office and other products WSUS WSUS No Third-party drivers WSUS WSUS No
+
### Configuration example \#3: Device configured to receive Microsoft updates
@@ -75,12 +77,13 @@ In this example, the deferral behavior for updates to Office and other non-Windo
- In a non-WSUS case, these updates would be deferred just as any update to Windows would be.
- However, with WSUS also configured, these updates are sourced from Microsoft but deferral policies are not applied.
+|Content|Metadata source|Payload source|Deferred?|
+|--- |--- |--- |--- |
+|Updates to Windows (excluding drivers)|Microsoft Update|Microsoft Update|Yes|
+|Updates to Office and other products|Microsoft Update|Microsoft Update|No|
+|Drivers, third-party applications|WSUS|WSUS|No|
-Content Metadata source Payload source Deferred?
- Updates to Windows (excluding drivers) Windows Update Windows Update Yes 
Updates to Office and other products WSUS WSUS No Drivers WSUS WSUS No
+
>[!NOTE]
> Because the admin enabled **Update/AllowMUUpdateService**, placing the content on WSUS was not needed for the particular device, as the device will always receive Microsoft Update content from Microsoft when configured in this manner.
@@ -89,7 +92,7 @@ In this example, the deferral behavior for updates to Office and other non-Windo
For Windows 10, version 1607, organizations already managing their systems with a Configuration Manager solution can also have their devices configured for Windows Update for Business (that is, setting deferral policies on those devices). Such devices will be visible in the Configuration Manager console, however they will appear with a detection state of **Unknown**.
-
+:::image type="content" alt-text="Example of unknown devices." source="images/wufb-sccm.png" lightbox="images/wufb-sccm.png":::
For more information, see [Integration with Windows Update for Business in Windows 10](/sccm/sum/deploy-use/integrate-windows-update-for-business-windows-10).
diff --git a/windows/deployment/upgrade/log-files.md b/windows/deployment/upgrade/log-files.md
index b37d7a9c41..3d678e1787 100644
--- a/windows/deployment/upgrade/log-files.md
+++ b/windows/deployment/upgrade/log-files.md
@@ -29,48 +29,35 @@ ms.collection: highpri
Several log files are created during each phase of the upgrade process. These log files are essential for troubleshooting upgrade problems. By default, the folders that contain these log files are hidden on the upgrade target computer. To view the log files, configure Windows Explorer to view hidden items, or use a tool to automatically gather these logs. The most useful log is **setupact.log**. The log files are located in a different folder depending on the Windows Setup phase. Recall that you can determine the phase from the extend code.
>[!NOTE]
->Also see the [Windows Error Reporting](windows-error-reporting.md) section in this document for help locating error codes and log files.
+>Also see the [Windows Error Reporting](windows-error-reporting.md) section in this document for help locating error codes and log files.
The following table describes some log files and how to use them for troubleshooting purposes:Content Metadata source Payload source Deferred?
- Updates to Windows (excluding drivers) Microsoft Update Microsoft Update Yes 
Updates to Office and other products Microsoft Update Microsoft Update No Drivers, third-party applications WSUS WSUS No
-
-
-
-
+|Log file |Phase: Location |Description |When to use|
+|---|---|---|---|
+|setupact.log|Down-Level:Log file Phase: Location Description When to use
-setupact.log Down-Level:
$Windows.~BT\Sources\PantherContains information about setup actions during the downlevel phase.
-All down-level failures and starting point for rollback investigations.
-
This is the most important log for diagnosing setup issues.OOBE:
-
$Windows.~BT\Sources\Panther\UnattendGCContains information about actions during the OOBE phase. Investigating rollbacks that failed during OOBE phase and operations – 0x4001C, 0x4001D, 0x4001E, 0x4001F.
-Rollback:
$Windows.~BT\Sources\RollbackContains information about actions during rollback. Investigating generic rollbacks - 0xC1900101.
-Pre-initialization (prior to downlevel):
WindowsContains information about initializing setup. If setup fails to launch.
-Post-upgrade (after OOBE):
Windows\PantherContains information about setup actions during the installation. Investigate post-upgrade related issues.
-setuperr.log Same as setupact.log Contains information about setup errors during the installation. Review all errors encountered during the installation phase.
-miglog.xml Post-upgrade (after OOBE):
Windows\PantherContains information about what was migrated during the installation. Identify post upgrade data migration issues.
-BlueBox.log Down-Level:
Windows\Logs\MosetupContains information communication between setup.exe and Windows Update. Use during WSUS and WU down-level failures or for 0xC1900107.
-Supplemental rollback logs:
-
-Setupmem.dmp
-setupapi.dev.log
-Event logs (*.evtx)$Windows.~BT\Sources\Rollback Additional logs collected during rollback.
-
-Setupmem.dmp: If OS bug checks during upgrade, setup will attempt to extract a mini-dump.
-
-Setupapi: Device install issues - 0x30018
-Event logs: Generic rollbacks (0xC1900101) or unexpected reboots.
$Windows.~BT\Sources\Panther|Contains information about setup actions during the downlevel phase. |All down-level failures and starting point for rollback investigations.
This is the most important log for diagnosing setup issues.|
+|setupact.log|OOBE:
$Windows.~BT\Sources\Panther\UnattendGC|Contains information about actions during the OOBE phase.|Investigating rollbacks that failed during OOBE phase and operations – 0x4001C, 0x4001D, 0x4001E, 0x4001F.|
+|setupact.log|Rollback:
$Windows.~BT\Sources\Rollback|Contains information about actions during rollback.|Investigating generic rollbacks - 0xC1900101.|
+|setupact.log|Pre-initialization (prior to downlevel):
Windows|Contains information about initializing setup.|If setup fails to launch.|
+|setupact.log|Post-upgrade (after OOBE):
Windows\Panther|Contains information about setup actions during the installation.|Investigate post-upgrade related issues.|
+|setuperr.log|Same as setupact.log|Contains information about setup errors during the installation.|Review all errors encountered during the installation phase.|
+|miglog.xml|Post-upgrade (after OOBE):
Windows\Panther|Contains information about what was migrated during the installation.|Identify post upgrade data migration issues.|
+|BlueBox.log|Down-Level:
Windows\Logs\Mosetup|Contains information communication between setup.exe and Windows Update.|Use during WSUS and WU down-level failures or for 0xC1900107.|
+|Supplemental rollback logs:
Setupmem.dmp
setupapi.dev.log
Event logs (*.evtx)|$Windows.~BT\Sources\Rollback|Additional logs collected during rollback.|Setupmem.dmp: If OS bug checks during upgrade, setup will attempt to extract a mini-dump.
Setupapi: Device install issues - 0x30018
Event logs: Generic rollbacks (0xC1900101) or unexpected reboots.|
## Log entry structure
A setupact.log or setuperr.log entry (files are located at C:\Windows) includes the following elements:
-
-
+1. **The date and time** - 2016-09-08 09:20:05.
+
+2. **The log level** - Info, Warning, Error, Fatal Error.
+
+3. **The logging component** - CONX, MOUPG, PANTHR, SP, IBSLIB, MIG, DISM, CSI, CBS.
+
+ The logging components SP (setup platform), MIG (migration engine), and CONX (compatibility information) are particularly useful for troubleshooting Windows Setup errors.
+
+4. **The message** - Operation completed successfully.
See the following example:
@@ -83,40 +70,45 @@ See the following example:
The following instructions are meant for IT professionals. Also see the [Upgrade error codes](upgrade-error-codes.md) section in this guide to familiarize yourself with [result codes](upgrade-error-codes.md#result-codes) and [extend codes](upgrade-error-codes.md#extend-codes).
-
-
-
To analyze Windows Setup log files:
+To analyze Windows Setup log files:
-
-
+1. Determine the Windows Setup error code. This code should be returned by Windows Setup if it is not successful with the upgrade process.
+
+2. Based on the [extend code](upgrade-error-codes.md#extend-codes) portion of the error code, determine the type and location of a [log files](#log-files) to investigate.
+
+3. Open the log file in a text editor, such as notepad.
+
+4. Using the [result code](upgrade-error-codes.md#result-codes) portion of the Windows Setup error code, search for the result code in the file and find the last occurrence of the code. Alternatively search for the "abort" and abandoning" text strings described in step 7 below.
+
+5. To find the last occurrence of the result code:
+
+ 1. Scroll to the bottom of the file and click after the last character.
+ 2. Click **Edit**.
+ 3. Click **Find**.
+ 4. Type the result code.
+ 5. Under **Direction** select **Up**.
+ 6. Click **Find Next**.
+
+6. When you have located the last occurrence of the result code, scroll up a few lines from this location in the file and review the processes that failed just prior to generating the result code.
+
+7. Search for the following important text strings:
+
+ * **Shell application requested abort**
+ * **Abandoning apply due to error for object**
+
+8. Decode Win32 errors that appear in this section.
+
+9. Write down the timestamp for the observed errors in this section.
+
+10. Search other log files for additional information matching these timestamps or errors.
For example, assume that the error code for an error is 0x8007042B - 0x2000D. Searching for "8007042B" reveals the following content from the setuperr.log file:
Some lines in the text below are shortened to enhance readability. The date and time at the start of each line (ex: 2016-10-05 15:27:08) is shortened to minutes and seconds, and the certificate file name which is a long text string is shortened to just "CN."
-
-
-
-
-
setuperr.log content:
+**setuperr.log** content:
-
+```console
27:08, Error SP Error READ, 0x00000570 while gathering/applying object: File, C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]. Will return 0[gle=0x00000570]
27:08, Error MIG Error 1392 while gathering object C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]. Shell application requested abort![gle=0x00000570]
27:08, Error Gather failed. Last error: 0x00000000
@@ -125,21 +117,21 @@ Some lines in the text below are shortened to enhance readability. The date and
27:09, Error SP Operation failed: Migrate framework (Full). Error: 0x8007042B[gle=0x000000b7]
27:09, Error SP Operation execution failed: 13. hr = 0x8007042B[gle=0x000000b7]
27:09, Error SP CSetupPlatformPrivate::Execute: Execution of operations queue failed, abandoning. Error: 0x8007042B[gle=0x000000b7]
-
+```
The first line indicates there was an error **0x00000570** with the file **C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]** (shown below):
-
+```console
27:08, Error SP Error READ, 0x00000570 while gathering/applying object: File, C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]. Will return 0[gle=0x00000570]
-
+```
-The error 0x00000570 is a [Win32 error code](/openspecs/windows_protocols/ms-erref/18d8fbe8-a967-4f1c-ae50-99ca8e491d2d) corresponding to: ERROR_FILE_CORRUPT: The file or directory is corrupted and unreadable.
+The error 0x00000570 is a [Win32 error code](/openspecs/windows_protocols/ms-erref/18d8fbe8-a967-4f1c-ae50-99ca8e491d2d) corresponding to: ERROR_FILE_CORRUPT: The file or directory is corrupted and unreadable.
Therefore, Windows Setup failed because it was not able to migrate the corrupt file **C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\[CN]**. This file is a local system certificate and can be safely deleted. Searching the setupact.log file for additional details, the phrase "Shell application requested abort" is found in a location with the same timestamp as the lines in setuperr.log. This confirms our suspicion that this file is the cause of the upgrade failure:
-
setupact.log content:
+**setupact.log** content:
-
+```console
27:00, Info Gather started at 10/5/2016 23:27:00
27:00, Info [0x080489] MIG Setting system object filter context (System)
27:00, Info [0x0803e5] MIG Not unmapping HKCU\Software\Classes; it is not mapped
@@ -160,11 +152,11 @@ Therefore, Windows Setup failed because it was not able to migrate the corrupt f
27:08, Info Gather ended at 10/5/2016 23:27:08 with result 44
27:08, Info Leaving MigGather method
27:08, Error SP SPDoFrameworkGather: Gather operation failed. Error: 0x0000002C
-
+```
-
setupapi.dev.log content:
+**setupapi.dev.log** content:
-
+```console
>>> [Device Install (UpdateDriverForPlugAndPlayDevices) - PCI\VEN_8086&DEV_8C4F]
>>> Section start 2019/09/26 20:13:01.623
cmd: rundll32.exe "C:\WINDOWS\Installer\MSI6E4C.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_95972906 484 ChipsetWiX.CustomAction!Intel.Deployment.ChipsetWiX.CustomActions.InstallDrivers
@@ -248,9 +240,12 @@ Therefore, Windows Setup failed because it was not able to migrate the corrupt f
! ndv: No devices were updated.
<<< Section end 2019/09/26 20:13:01.759
<<< [Exit status: FAILURE(0xC1900101)]
-
+```
-
This analysis indicates that the Windows upgrade error can be resolved by deleting the C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\[CN] file. Note: In this example, the full, unshortened file name is C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\be8228fb2d3cb6c6b0ccd9ad51b320b4_a43d512c-69f2-42de-aef9-7a88fabdaa3f.
+This analysis indicates that the Windows upgrade error can be resolved by deleting the C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\[CN] file.
+
+> [!NOTE]
+> In this example, the full, unshortened file name is C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\be8228fb2d3cb6c6b0ccd9ad51b320b4_a43d512c-69f2-42de-aef9-7a88fabdaa3f.
## Related topics
diff --git a/windows/deployment/upgrade/resolution-procedures.md b/windows/deployment/upgrade/resolution-procedures.md
index 3a353c8752..227541cee7 100644
--- a/windows/deployment/upgrade/resolution-procedures.md
+++ b/windows/deployment/upgrade/resolution-procedures.md
@@ -69,196 +69,40 @@ See the following general troubleshooting procedures associated with a result co
## Other result codes
-
-
-
+|Error code|Cause|Mitigation|
+|--- |--- |--- |
+|0xC1800118|WSUS has downloaded content that it cannot use due to a missing decryption key.|See [Steps to resolve error 0xC1800118](/archive/blogs/wsus/resolving-error-0xc1800118) for information.|
+|0xC1900200|Setup.exe has detected that the machine does not meet the minimum system requirements.|Ensure the system you are trying to upgrade meets the minimum system requirements. See [Windows 10 specifications](https://www.microsoft.com/windows/windows-10-specifications) for information.|
+|0x80090011|A device driver error occurred during user data migration.|Contact your hardware vendor and get all the device drivers updated. It is recommended to have an active internet connection during upgrade process.
-
-
-Error code
-Cause
-Mitigation
-
-
-
-0xC1800118
-WSUS has downloaded content that it cannot use due to a missing decryption key.
-See Steps to resolve error 0xC1800118 for information.
-
-
-
-0xC1900200
-Setup.exe has detected that the machine does not meet the minimum system requirements.
-Ensure the system you are trying to upgrade meets the minimum system requirements.
-
See Windows 10 specifications for information.
-
-0x80090011
-A device driver error occurred during user data migration.
-Contact your hardware vendor and get all the device drivers updated. It is recommended to have an active internet connection during upgrade process.
-
-
Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process.
-
-
-0xC7700112
-Failure to complete writing data to the system drive, possibly due to write access failure on the hard disk.
-This issue is resolved in the latest version of Upgrade Assistant.
-
-
Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process.
-
-0x80190001
-An unexpected error was encountered while attempting to download files required for upgrade.
-To resolve this issue, download and run the media creation tool. See Download windows 10.
-
-
-
-0x80246007
-The update was not downloaded successfully.
-Attempt other methods of upgrading the operating system.
-
-Download and run the media creation tool. See Download windows 10.
-
Attempt to upgrade using .ISO or USB.
-Note
Windows 10 Enterprise isn’t available in the media creation tool. For more information, go to the Volume Licensing Service Center.
-
-
-0x80244018
-Your machine is connected through a proxy server.
-Make sure Automatically Detect Settings is selected in internet options. (Control Panel > Internet Options > Connections > LAN Settings).
-
-
-
-0xC1900201
-The system did not pass the minimum requirements to install the update.
-Contact the hardware vendor to get the latest updates.
-
-
-
-0x80240017
-The upgrade is unavailable for this edition of Windows.
-Administrative policies enforced by your organization might be preventing the upgrade. Contact your IT administrator.
-
-
-0x80070020
-The existing process cannot access the file because it is being used by another process.
-Use the MSCONFIG tool to perform a clean boot on the machine and then try to perform the update again. For more information, see How to perform a clean boot in Windows.
-
-
-0x80070522
-The user doesn’t have required privilege or credentials to upgrade.
-Ensure that you have signed in as a local administrator or have local administrator privileges.
-
-
-0xC1900107
-A cleanup operation from a previous installation attempt is still pending and a system reboot is required in order to continue the upgrade.
-
-Restart the device and run setup again. If restarting the device does not resolve the issue, then use the Disk Cleanup utility and clean up the temporary files as well as the System files. For more information, see Disk cleanup in Windows 10.
-
-
-
-0xC1900209
-The user has chosen to cancel because the system does not pass the compatibility scan to install the update. Setup.exe will report this error when it can upgrade the machine with user data but cannot migrate installed applications.
-Incompatible software is blocking the upgrade process. Uninstall the application and try the upgrade again. See Windows 10 Pre-Upgrade Validation using SETUP.EXE for more information.
-
-
You can also download the Windows Assessment and Deployment Kit (ADK) for Windows 10 and install Application Compatibility Tools.
-
-
-
-0x8007002
-This error is specific to upgrades using System Center 2012 Configuration Manager R2 SP1 CU3 (5.00.8238.1403)
-Analyze the SMSTS.log and verify that the upgrade is failing on "Apply Operating system" Phase: Error 80072efe DownloadFileWithRanges() failed. 80072efe. ApplyOperatingSystem (0x0760)
-
-
The error 80072efe means that the connection with the server was terminated abnormally.
-
To resolve this issue, try the OS Deployment test on a client in same VLAN as the Configuration Manager server. Check the network configuration for random client-server connection issues happening on the remote VLAN.
-
-
-
-0x80240FFF
-Occurs when update synchronization fails. It can occur when you are using Windows Server Update Services on its own or when it is integrated with Microsoft Endpoint Configuration Manager. If you enable update synchronization before you install hotfix 3095113, WSUS doesn't recognize the Upgrades classification and instead treats the upgrade like a regular update.
- You can prevent this by installing hotfix 3095113 before you enable update synchronization. However, if you have already run into this problem, do the following:
-
-
-
-For detailed information on how to run these steps check out How to delete upgrades in WSUS.
-
-
-
-0x8007007E
-Occurs when update synchronization fails because you do not have hotfix 3095113 installed before you enable update synchronization. Specifically, the CopyToCache operation fails on clients that have already downloaded the upgrade because Windows Server Update Services has bad metadata related to the upgrade. It can occur when you are using standalone Windows Server Update Services or when WSUS is integrated with Microsoft Endpoint Configuration Manager.
- Use the following steps to repair Windows Server Update Services. You must run these steps on each WSUS server that synched metadata before you installed the hotfix.
-
-
-
-
-
-
-
-
+| Error Codes | Cause | Mitigation |
+| --- | --- | --- |
+|0x80070003- 0x20007|This is a failure during SafeOS phase driver installation.|[Verify device drivers](/windows-hardware/drivers/install/troubleshooting-device-and-driver-installations) on the computer, and [analyze log files](log-files.md#analyze-log-files) to determine the problem driver.|
+|0x8007025D - 0x2000C|This error occurs if the ISO file's metadata is corrupt.|Re-download the ISO/Media and re-attempt the upgradeError Codes Cause Mitigation 0x80070003- 0x20007
- This is a failure during SafeOS phase driver installation.
-
- Verify device drivers on the computer, and analyze log files to determine the problem driver.
- 0x8007025D - 0x2000C
- This error occurs if the ISO file's metadata is corrupt. "Re-download the ISO/Media and re-attempt the upgrade.
-
-Alternatively, re-create installation media the [Media Creation Tool](https://www.microsoft.com/software-download/windows10).
-
- 0x80070490 - 0x20007 An incompatible device driver is present.
-
- Verify device drivers on the computer, and analyze log files to determine the problem driver.
-
- 0xC1900101 - 0x2000c
- An unspecified error occurred in the SafeOS phase during WIM apply. This can be caused by an outdated driver or disk corruption.
- Run checkdisk to repair the file system. For more information, see the quick fixes section in this guide.
-
Update drivers on the computer, and select "Download and install updates (recommended)" during the upgrade process. Disconnect devices other than the mouse, keyboard and display.0xC1900200 - 0x20008
-
- The computer doesn’t meet the minimum requirements to download or upgrade to Windows 10.
-
-See Windows 10 Specifications and verify the computer meets minimum requirements.
-
-Review logs for [compatibility information](/archive/blogs/askcore/using-the-windows-10-compatibility-reports-to-understand-upgrade-issues). 0x80070004 - 0x3000D
- This is a problem with data migration during the first boot phase. There are multiple possible causes.
-
- Analyze log files to determine the issue. 0xC1900101 - 0x4001E
- Installation failed in the SECOND_BOOT phase with an error during PRE_OOBE operation.
- This is a generic error that occurs during the OOBE phase of setup. See the 0xC1900101 section of this guide and review general troubleshooting procedures described in that section. 0x80070005 - 0x4000D
- The installation failed in the SECOND_BOOT phase with an error in during MIGRATE_DATA operation. This error indicates that access was denied while attempting to migrate data.
- Analyze log files to determine the data point that is reporting access denied. 0x80070004 - 0x50012
- Windows Setup failed to open a file.
- Analyze log files to determine the data point that is reporting access problems. 0xC190020e
-
0x80070070 - 0x50011
-
0x80070070 - 0x50012
-
0x80070070 - 0x60000
-These errors indicate the computer does not have enough free space available to install the upgrade.
- To upgrade a computer to Windows 10, it requires 16 GB of free hard drive space for a 32-bit OS, and 20 GB for a 64-bit OS. If there is not enough space, attempt to free up drive space before proceeding with the upgrade.
-
-> [!NOTE]
-> If your device allows it, you can use an external USB drive for the upgrade process. Windows setup will back up the previous version of Windows to a USB external drive. The external drive must be at least 8GB (16GB is recommended). The external drive should be formatted using NTFS. Drives that are formatted in FAT32 may run into errors due to FAT32 file size limitations. USB drives are preferred over SD cards because drivers for SD cards are not migrated if the device does not support Connected Standby.
-
Update drivers on the computer, and select "Download and install updates (recommended)" during the upgrade process. Disconnect devices other than the mouse, keyboard and display.|
+|0xC1900200 - 0x20008|The computer doesn’t meet the minimum requirements to download or upgrade to Windows 10.|See [Windows 10 Specifications](https://www.microsoft.com/windows/windows-10-specifications) and verify the computer meets minimum requirements.
0x80070070 - 0x50011
0x80070070 - 0x50012
0x80070070 - 0x60000|These errors indicate the computer does not have enough free space available to install the upgrade.|To upgrade a computer to Windows 10, it requires 16 GB of free hard drive space for a 32-bit OS, and 20 GB for a 64-bit OS. If there is not enough space, attempt to [free up drive space](https://support.microsoft.com/help/17421/windows-free-up-drive-space) before proceeding with the upgrade.
-
+|Feature|Description|
+|--- |--- |
+|Credential Guard|This feature uses virtualization-based security to help protect security secrets (for example, NTLM password hashes, Kerberos Ticket Granting Tickets) so that only privileged system software can access them. This helps prevent Pass-the-Hash or Pass-the-Ticket attacks.
-
-
-
-Feature
-Description
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
[Connect domain-joined devices to Azure AD for Windows 10 experiences](/azure/active-directory/devices/hybrid-azuread-join-plan)
[Compare Windows 10 editions](https://www.microsoft.com/WindowsForBusiness/Compare)
-[Windows for business](https://www.microsoft.com/windowsforbusiness/default.aspx)
\ No newline at end of file
+[Windows for business](https://www.microsoft.com/windowsforbusiness/default.aspx)
diff --git a/windows/security/identity-protection/access-control/active-directory-accounts.md b/windows/security/identity-protection/access-control/active-directory-accounts.md
index 16468960fb..f2d6c64736 100644
--- a/windows/security/identity-protection/access-control/active-directory-accounts.md
+++ b/windows/security/identity-protection/access-control/active-directory-accounts.md
@@ -107,65 +107,23 @@ The Administrator account can also be disabled when it is not required. Renaming
On a domain controller, the Administrator account becomes the Domain Admin account. The Domain Admin account is used to sign in to the domain controller and this account requires a strong password. The Domain Admin account gives you access to domain resources.
-**Note**
-When the domain controller is initially installed, you can sign in and use Server Manager to set up a local Administrator account, with the rights and permissions you want to assign. For example, you can use a local Administrator account to manage the operating system when you first install it. By using this approach, you can set up the operating system without getting locked out. Generally, you do not need to use the account after installation. You can only create local user accounts on the domain controller, before Active Directory Domain Services is installed, and not afterwards.
-
-
+> [!NOTE]
+> When the domain controller is initially installed, you can sign in and use Server Manager to set up a local Administrator account, with the rights and permissions you want to assign. For example, you can use a local Administrator account to manage the operating system when you first install it. By using this approach, you can set up the operating system without getting locked out. Generally, you do not need to use the account after installation. You can only create local user accounts on the domain controller, before Active Directory Domain Services is installed, and not afterwards.
When Active Directory is installed on the first domain controller in the domain, the Administrator account is created for Active Directory. The Administrator account is the most powerful account in the domain. It is given domain-wide access and administrative rights to administer the computer and the domain, and it has the most extensive rights and permissions over the domain. The person who installs Active Directory Domain Services on the computer creates the password for this account during the installation.
**Administrator account attributes**
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-`
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Group Policy Creator Owners, and Schema Admins in Active Directory
Domain Users group|
+|Protected by ADMINSDHOLDER?|Yes|
+|Safe to move out of default container?|Yes|
+|Safe to delegate management of this group to non-service administrators?|No|
## Guest account
@@ -200,54 +158,16 @@ For details about the Guest account attributes, see the following table.
**Guest account attributes**
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-`
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-`
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-`
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Account settings|Description|
+|--- |--- |
+|User must change password at next logon|Forces a password change the next time that the user logs signs in to the network. Use this option when you want to ensure that the user is the only person to know his or her password.|
+|User cannot change password|Prevents the user from changing the password. Use this option when you want to maintain control over a user account, such as for a Guest or temporary account.|
+|Password never expires|Prevents a user password from expiring. It is a best practice to enable this option with service accounts and to use strong passwords.|
+|Store passwords using reversible encryption|Provides support for applications that use protocols requiring knowledge of the plaintext form of the user’s password for authentication purposes.
-
-
-
-Account settings
-Description
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
This option is required when using Challenge Handshake Authentication Protocol (CHAP) in Internet Authentication Services (IAS), and when using digest authentication in Internet Information Services (IIS).|
+|Account is disabled|Prevents the user from signing in with the selected account. As an administrator, you can use disabled accounts as templates for common user accounts.|
+|Smart card is required for interactive logon|Requires that a user has a smart card to sign on to the network interactively. The user must also have a smart card reader attached to their computer and a valid personal identification number (PIN) for the smart card.
When this attribute is applied on the account, the effect is as follows:
-
+ |Windows Update Setting|Configuration|
+ |--- |--- |
+ |Allow Automatic Updates immediate installation|Enabled|
+ |Configure Automatic Updates|Enabled4 - Auto download and schedule the installation0 - Every day 03:00|
+ |Enable Windows Update Power Management to automatically wake up the system to install scheduled updates|Enabled|
+ |Specify intranet Microsoft Update service location|Enabled `http://
-
-
-
-
-
-
4 - Auto download and schedule the installation
0 - Every day 03:00
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Scope|Possible Members|Scope Conversion|Can Grant Permissions|Possible Member of|
+|--- |--- |--- |--- |--- |
+|Universal|Accounts from any domain in the same forest
-
-
-
-Scope
-Possible Members
-Scope Conversion
-Can Grant Permissions
-Possible Member of
-
-
-
-
-
-
-
-
-
-
-
+|Default Security Group|Windows Server 2016|Windows Server 2012 R2|Windows Server 2012|Windows Server 2008 R2|
+|--- |--- |--- |--- |--- |
+|[Access Control Assistance Operators](#bkmk-acasstops)|Yes|Yes|Yes||
+|[Account Operators](#bkmk-accountoperators)|Yes|Yes|Yes|Yes|
+|[Administrators](#bkmk-admins)|Yes|Yes|Yes|Yes|
+|[Allowed RODC Password Replication Group](#bkmk-allowedrodcpwdrepl)|Yes|Yes|Yes|Yes|
+|[Backup Operators](#bkmk-backupoperators)|Yes|Yes|Yes|Yes|
+|[Certificate Service DCOM Access](#bkmk-certificateservicedcomaccess)|Yes|Yes|Yes|Yes|
+|[Cert Publishers](#bkmk-certpublishers)|Yes|Yes|Yes|Yes|
+|[Cloneable Domain Controllers](#bkmk-cloneabledomaincontrollers)|Yes|Yes|Yes||
+|[Cryptographic Operators](#bkmk-cryptographicoperators)|Yes|Yes|Yes|Yes|
+|[Denied RODC Password Replication Group](#bkmk-deniedrodcpwdrepl)|Yes|Yes|Yes|Yes|
+|[Device Owners](#bkmk-device-owners)|Yes|Yes|Yes|Yes|
+|[Distributed COM Users](#bkmk-distributedcomusers)|Yes|Yes|Yes|Yes|
+|[DnsUpdateProxy](#bkmk-dnsupdateproxy)|Yes|Yes|Yes|Yes|
+|[DnsAdmins](#bkmk-dnsadmins)|Yes|Yes|Yes|Yes|
+|[Domain Admins](#bkmk-domainadmins)|Yes|Yes|Yes|Yes|
+|[Domain Computers](#bkmk-domaincomputers)|Yes|Yes|Yes|Yes|
+|[Domain Controllers](#bkmk-domaincontrollers)|Yes|Yes|Yes|Yes|
+|[Domain Guests](#bkmk-domainguests)|Yes|Yes|Yes|Yes|
+|[Domain Users](#bkmk-domainusers)|Yes|Yes|Yes|Yes|
+|[Enterprise Admins](#bkmk-entadmins)|Yes|Yes|Yes|Yes|
+|[Enterprise Key Admins](#enterprise-key-admins)|Yes||||
+|[Enterprise Read-only Domain Controllers](#bkmk-entrodc)|Yes|Yes|Yes|Yes|
+|[Event Log Readers](#bkmk-eventlogreaders)|Yes|Yes|Yes|Yes|
+|[Group Policy Creator Owners](#bkmk-gpcreatorsowners)|Yes|Yes|Yes|Yes|
+|[Guests](#bkmk-guests)|Yes|Yes|Yes|Yes|
+|[Hyper-V Administrators](#bkmk-hypervadministrators)|Yes|Yes|Yes||
+|[IIS_IUSRS](#bkmk-iis-iusrs)|Yes|Yes|Yes|Yes|
+|[Incoming Forest Trust Builders](#bkmk-inforesttrustbldrs)|Yes|Yes|Yes|Yes|
+|[Key Admins](#key-admins)|Yes||||
+|[Network Configuration Operators](#bkmk-networkcfgoperators)|Yes|Yes|Yes|Yes|
+|[Performance Log Users](#bkmk-perflogusers)|Yes|Yes|Yes|Yes|
+|[Performance Monitor Users](#bkmk-perfmonitorusers)|Yes|Yes|Yes|Yes|
+|[Pre–Windows 2000 Compatible Access](#bkmk-pre-ws2kcompataccess)|Yes|Yes|Yes|Yes|
+|[Print Operators](#bkmk-printoperators)|Yes|Yes|Yes|Yes|
+|[Protected Users](#bkmk-protectedusers)|Yes|Yes|||
+|[RAS and IAS Servers](#bkmk-rasandias)|Yes|Yes|Yes|Yes|
+|[RDS Endpoint Servers](#bkmk-rdsendpointservers)|Yes|Yes|Yes||
+|[RDS Management Servers](#bkmk-rdsmanagementservers)|Yes|Yes|Yes||
+|[RDS Remote Access Servers](#bkmk-rdsremoteaccessservers)|Yes|Yes|Yes||
+|[Read-only Domain Controllers](#bkmk-rodc)|Yes|Yes|Yes|Yes|
+|[Remote Desktop Users](#bkmk-remotedesktopusers)|Yes|Yes|Yes|Yes|
+|[Remote Management Users](#bkmk-remotemanagementusers)|Yes|Yes|Yes||
+|[Replicator](#bkmk-replicator)|Yes|Yes|Yes|Yes|
+|[Schema Admins](#bkmk-schemaadmins)|Yes|Yes|Yes|Yes|
+|[Server Operators](#bkmk-serveroperators)|Yes|Yes|Yes|Yes|
+|[Storage Replica Administrators](#storage-replica-administrators)|Yes||||
+|[System Managed Accounts Group](#system-managed-accounts-group)|Yes||||
+|[Terminal Server License Servers](#bkmk-terminalserverlic)|Yes|Yes|Yes|Yes|
+|[Users](#bkmk-users)|Yes|Yes|Yes|Yes|
+|[Windows Authorization Access Group](#bkmk-winauthaccess)|Yes|Yes|Yes|Yes|
+|[WinRMRemoteWMIUsers_](#bkmk-winrmremotewmiusers-)||Yes|Yes||
### Access Control Assistance Operators
@@ -560,59 +183,17 @@ The Access Control Assistance Operators group applies to versions of the Windows
This security group has not changed since Windows Server 2008.
-
-
-
-
-Default Security Group
-Windows Server 2016
-Windows Server 2012 R2
-Windows Server 2012
-Windows Server 2008 R2
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-32-579|
+|Type|Builtin Local|
+|Default container|CN=BuiltIn, DC=<domain>, DC=|
+|Default members|None|
+|Default member of|None|
+|Protected by ADMINSDHOLDER?|No|
+|Safe to move out of default container?|Cannot be moved|
+|Safe to delegate management of this group to non-Service admins?||
+|Default User Rights|None|
### Account Operators
@@ -629,56 +210,17 @@ The Account Operators group applies to versions of the Windows Server operating
This security group has not changed since Windows Server 2008.
-
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-32-548|
+|Type|Builtin Local|
+|Default container|CN=BuiltIn, DC=<domain>, DC=|
+|Default members|None|
+|Default member of|None|
+|Protected by ADMINSDHOLDER?|Yes|
+|Safe to move out of default container?|Cannot be moved|
+|Safe to delegate management of this group to non-Service admins?|No|
+|Default User Rights|[Allow log on locally](/windows/device-security/security-policy-settings/allow-log-on-locally): SeInteractiveLogonRight|
@@ -701,84 +243,17 @@ This security group includes the following changes since Windows Server 2008:
- [Remove computer from docking station](/windows/device-security/security-policy-settings/remove-computer-from-docking-station) was removed in Windows Server 2012 R2.
-
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-32-544|
+|Type|Builtin Local|
+|Default container|CN=BuiltIn, DC=<domain>, DC=|
+|Default members|Administrator, Domain Admins, Enterprise Admins|
+|Default member of|None|
+|Protected by ADMINSDHOLDER?|Yes|
+|Safe to move out of default container?|Cannot be moved|
+|Safe to delegate management of this group to non-Service admins?|No|
+|Default User Rights|[Adjust memory quotas for a process](/windows/device-security/security-policy-settings/adjust-memory-quotas-for-a-process): SeIncreaseQuotaPrivilege
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-21-<domain>-571|
+|Type|Domain local|
+|Default container|CN=Users DC=<domain>, DC=|
+|Default members|None|
+|Default member of|None|
+|Protected by ADMINSDHOLDER?|No|
+|Safe to move out of default container?|Cannot be moved|
+|Safe to delegate management of this group to non-Service admins?||
+|Default User Rights|None|
### Backup Operators
@@ -849,60 +283,17 @@ The Backup Operators group applies to versions of the Windows Server operating s
This security group has not changed since Windows Server 2008.
-
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-32-551|
+|Type|Builtin Local|
+|Default container|CN=BuiltIn, DC=<domain>, DC=|
+|Default members|None|
+|Default member of|None|
+|Protected by ADMINSDHOLDER?|Yes|
+|Safe to move out of default container?|Cannot be moved|
+|Safe to delegate management of this group to non-Service admins?|No|
+|Default User Rights|[Allow log on locally](/windows/device-security/security-policy-settings/allow-log-on-locally): SeInteractiveLogonRight
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-32-<domain>-574|
+|Type|Domain Local|
+|Default container|CN=Builtin, DC=<domain>, DC=|
+|Default members|None|
+|Default member of|None|
+|Protected by ADMINSDHOLDER?|No|
+|Safe to move out of default container?|Cannot be moved|
+|Safe to delegate management of this group to non-Service admins?||
+|Default User Rights|None|
-
### Cert Publishers
@@ -975,58 +326,17 @@ The Cert Publishers group applies to versions of the Windows Server operating sy
This security group has not changed since Windows Server 2008.
-
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-21-<domain>-517|
+|Type|Domain Local|
+|Default container|CN=Users, DC=<domain>, DC=|
+|Default members|None|
+|Default member of|[Denied RODC Password Replication Group](#bkmk-deniedrodcpwdrepl)|
+|Protected by ADMINSDHOLDER?|No|
+|Safe to move out of default container?|Cannot be moved|
+|Safe to delegate management of this group to non-Service admins?|No|
+|Default User Rights|None|
### Cloneable Domain Controllers
@@ -1036,58 +346,17 @@ For more information, see [Introduction to Active Directory Domain Services (AD
This security group was introduced in Windows Server 2012, and it has not changed in subsequent versions.
-
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-21-<domain>-522|
+|Type|Global|
+|Default container|CN=Users, DC=<domain>, DC=|
+|Default members|None|
+|Default member of|None|
+|Protected by ADMINSDHOLDER?|No|
+|Safe to move out of default container?|Cannot be moved|
+|Safe to delegate management of this group to non-Service admins?||
+|Default User Rights|None|
### Cryptographic Operators
@@ -1097,56 +366,17 @@ The Cryptographic Operators group applies to versions of the Windows Server oper
This security group was introduced in Windows Vista Service Pack 1, and it has not changed in subsequent versions.
-
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-32-569|
+|Type|Builtin Local|
+|Default container|CN=Builtin, DC=<domain>, DC=|
+|Default members|None|
+|Default member of|None|
+|Protected by ADMINSDHOLDER?|No|
+|Safe to move out of default container?|Cannot be moved|
+|Safe to delegate management of this group to non-Service admins?||
+|Default User Rights|None|
@@ -1160,63 +390,18 @@ This security group includes the following changes since Windows Server 2008:
- Windows Server 2012 changed the default members to include [Cert Publishers](#bkmk-certpublishers).
-
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-21-<domain>-572|
+|Type|Domain local|
+|Default container|CN=Users, DC=<domain>, DC=|
+|Default members|[Cert Publishers](#bkmk-certpublishers)
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-32-583|
+|Type|Builtin Local|
+|Default container|CN=BuiltIn, DC=<domain>, DC=|
+|Default members|None|
+|Default member of|None|
+|Protected by ADMINSDHOLDER?|No|
+|Safe to move out of default container?|Can be moved out but it is not recommended|
+|Safe to delegate management of this group to non-Service admins?|No|
+|Default User Rights|[Allow log on locally](/windows/device-security/security-policy-settings/allow-log-on-locally): SeInteractiveLogonRight
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-32-562|
+|Type|Builtin Local|
+|Default container|CN=Builtin, DC=<domain>, DC=|
+|Default members|None|
+|Default member of|None|
+|Protected by ADMINSDHOLDER?|No|
+|Safe to move out of default container?|Cannot be moved|
+|Safe to delegate management of this group to non-Service admins?||
+|Default User Rights|None|
### DnsUpdateProxy
@@ -1353,58 +452,17 @@ For information, see [DNS Record Ownership and the DnsUpdateProxy Group](/previo
This security group has not changed since Windows Server 2008.
-
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-21-<domain>-<variable RI>|
+|Type|Global|
+|Default container|CN=Users, DC=<domain>, DC=|
+|Default members|None|
+|Default member of|None|
+|Protected by ADMINSDHOLDER?|No|
+|Safe to move out of default container?|Yes|
+|Safe to delegate management of this group to non-Service admins?||
+|Default User Rights|None|
### DnsAdmins
@@ -1414,58 +472,17 @@ For more information about security and DNS, see [DNSSEC in Windows Server 2012]
This security group has not changed since Windows Server 2008.
-
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-21-<domain>-<variable RI>|
+|Type|Builtin Local|
+|Default container|CN=Users, DC=<domain>, DC=|
+|Default members|None|
+|Default member of|None|
+|Protected by ADMINSDHOLDER?|No|
+|Safe to move out of default container?|Yes|
+|Safe to delegate management of this group to non-Service admins?||
+|Default User Rights|None|
### Domain Admins
@@ -1477,58 +494,17 @@ The Domain Admins group applies to versions of the Windows Server operating syst
This security group has not changed since Windows Server 2008.
-
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-21-<domain>-512|
+|Type|Global|
+|Default container|CN=Users, DC=<domain>, DC=|
+|Default members|Administrator|
+|Default member of|[Administrators](#bkmk-admins)
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-21-<domain>-515|
+|Type|Global|
+|Default container|CN=Users, DC=<domain>, DC=|
+|Default members|All computers joined to the domain, excluding domain controllers|
+|Default member of|None|
+|Protected by ADMINSDHOLDER?|No|
+|Safe to move out of default container?|Yes (but not required)|
+|Safe to delegate management of this group to non-Service admins?|Yes|
+|Default User Rights|None|
-
### Domain Controllers
The Domain Controllers group can include all domain controllers in the domain. New domain controllers are automatically added to this group.
@@ -1601,58 +536,17 @@ The Domain Controllers group applies to versions of the Windows Server operating
This security group has not changed since Windows Server 2008.
-
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-21-<domain>-516|
+|Type|Global|
+|Default container|CN=Users, DC=<domain>, DC=|
+|Default members|Computer accounts for all domain controllers of the domain|
+|Default member of|[Denied RODC Password Replication Group](#bkmk-deniedrodcpwdrepl)|
+|Protected by ADMINSDHOLDER?|Yes|
+|Safe to move out of default container?|No|
+|Safe to delegate management of this group to non-Service admins?|No|
+|Default User Rights|None|
### Domain Guests
@@ -1662,58 +556,17 @@ The Domain Guests group applies to versions of the Windows Server operating syst
This security group has not changed since Windows Server 2008.
-
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-21-<domain>-514|
+|Type|Global|
+|Default container|CN=Users, DC=<domain>, DC=|
+|Default members|Guest|
+|Default member of|[Guests](#bkmk-guests)|
+|Protected by ADMINSDHOLDER?|Yes|
+|Safe to move out of default container?|Can be moved out but it is not recommended|
+|Safe to delegate management of this group to non-Service admins?|No|
+|Default User Rights|See [Guests](#bkmk-guests)|
### Domain Users
@@ -1725,60 +578,19 @@ The Domain Users group applies to versions of the Windows Server operating syste
This security group has not changed since Windows Server 2008.
-
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-21-<domain>-513|
+|Type|Global|
+|Default container|CN=Users, DC=<domain>, DC=|
+|Default members|Administrator
+krbtgt|
+|Default member of|[Users](#bkmk-users)|
+|Protected by ADMINSDHOLDER?|No|
+|Safe to move out of default container?|Yes|
+|Safe to delegate management of this group to non-Service admins?|No|
+|Default User Rights|See [Users](#bkmk-users)|
-
### Enterprise Admins
The Enterprise Admins group exists only in the root domain of an Active Directory forest of domains. It is a Universal group if the domain is in native mode; it is a Global group if the domain is in mixed mode. Members of this group are authorized to make forest-wide changes in Active Directory, such as adding child domains.
@@ -1789,58 +601,18 @@ The Enterprise Admins group applies to versions of the Windows Server operating
This security group has not changed since Windows Server 2008.
-
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-21-<root domain>-519|
+|Type|Universal (if Domain is in Native-Mode) else Global|
+|Default container|CN=Users, DC=<domain>, DC=|
+|Default members|Administrator|
+|Default member of|[Administrators](#bkmk-admins)
+[Denied RODC Password Replication Group](#bkmk-deniedrodcpwdrepl)|
+|Protected by ADMINSDHOLDER?|Yes|
+|Safe to move out of default container?|Yes|
+|Safe to delegate management of this group to non-Service admins?|No|
+|Default User Rights|See [Administrators](#bkmk-admins)
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-21-<root domain>-498|
+|Type|Universal|
+|Default container|CN=Users, DC=<domain>, DC=|
+|Default members|None|
+|Default member of|None|
+|Protected by ADMINSDHOLDER?|Yes|
+|Safe to move out of default container?||
+|Safe to delegate management of this group to non-Service admins?||
+|Default User Rights|None|
### Event Log Readers
@@ -1934,58 +665,17 @@ The Event Log Readers group applies to versions of the Windows Server operating
This security group has not changed since Windows Server 2008.
-
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-32-573|
+|Type|Domain Local|
+|Default container|CN=Users, DC=<domain>, DC=|
+|Default members|None|
+|Default member of|None|
+|Protected by ADMINSDHOLDER?|No|
+|Safe to move out of default container?|Cannot be moved|
+|Safe to delegate management of this group to non-Service admins?||
+|Default User Rights|None|
### Group Policy Creator Owners
@@ -1997,58 +687,17 @@ The Group Policy Creator Owners group applies to versions of the Windows Server
This security group has not changed since Windows Server 2008.
-
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-21-<domain>-520|
+|Type|Global|
+|Default container|CN=Users, DC=<domain>, DC=|
+|Default members|Administrator|
+|Default member of|[Denied RODC Password Replication Group](#bkmk-deniedrodcpwdrepl)|
+|Protected by ADMINSDHOLDER?|No|
+|Safe to move out of default container?|No|
+|Safe to delegate management of this group to non-Service admins?|No|
+|Default User Rights|See [Denied RODC Password Replication Group](#bkmk-deniedrodcpwdrepl)|
### Guests
@@ -2063,64 +712,22 @@ Computer Configuration\\Administrative Templates\\System\\User Profiles
The Guest account does not require a password. You can set rights and permissions for the Guest account as in any user account. By default, the Guest account is a member of the built-in Guests group and the Domain Guests global group, which allows a user to sign in to a domain. The Guest account is disabled by default, and we recommend that it stay disabled.
-
-
The Guests group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable).
This security group has not changed since Windows Server 2008.
-
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-32-546|
+|Type|Builtin Local|
+|Default container|CN=BuiltIn, DC=<domain>, DC=|
+|Default members|[Domain Guests](#bkmk-domainguests)|
+|Default member of|None|
+|Protected by ADMINSDHOLDER?|No|
+|Safe to move out of default container?|Cannot be moved|
+|Safe to delegate management of this group to non-Service admins?|No|
+|Default User Rights|None|
-
### Hyper-V Administrators
@@ -2133,58 +740,17 @@ Members of the Hyper-V Administrators group have complete and unrestricted acces
This security group was introduced in Windows Server 2012, and it has not changed in subsequent versions.
-
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-32-578|
+|Type|Builtin Local|
+|Default container|CN=BuiltIn, DC=<domain>, DC=|
+|Default members|None|
+|Default member of|None|
+|Protected by ADMINSDHOLDER?|No|
+|Safe to move out of default container?|Cannot be moved|
+|Safe to delegate management of this group to non-Service admins?||
+|Default User Rights|None|
### IIS\_IUSRS
@@ -2194,59 +760,18 @@ For more information, see [Understanding Built-In User and Group Accounts in IIS
This security group has not changed since Windows Server 2008.
-
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-32-568|
+|Type|Builtin Local|
+|Default container|CN=BuiltIn, DC=<domain>, DC=|
+|Default members|IUSR|
+|Default member of|None|
+|Protected by ADMINSDHOLDER?|No|
+|Safe to move out of default container?||
+|Safe to delegate management of this group to non-Service admins?||
+|Default User Rights|None|
-
### Incoming Forest Trust Builders
Members of the Incoming Forest Trust Builders group can create incoming, one-way trusts to this forest. Active Directory provides security across multiple domains or forests through domain and forest trust relationships. Before authentication can occur across trusts, Windows must determine whether the domain being requested by a user, computer, or service has a trust relationship with the logon domain of the requesting account.
@@ -2265,60 +790,19 @@ The Incoming Forest Trust Builders group applies to versions of the Windows Serv
> [!NOTE]
> This group cannot be renamed, deleted, or moved.
-
-
This security group has not changed since Windows Server 2008.
-
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-32-557|
+|Type|Builtin Local|
+|Default container|CN=Builtin, DC=<domain>, DC=|
+|Default members|None|
+|Default member of|None|
+|Protected by ADMINSDHOLDER?|No|
+|Safe to move out of default container?|Cannot be moved|
+|Safe to delegate management of this group to non-Service admins?|No|
+|Default User Rights|None|
### Key Admins
@@ -2372,58 +856,17 @@ The Network Configuration Operators group applies to versions of the Windows Ser
This security group has not changed since Windows Server 2008.
-
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-32-556|
+|Type|Builtin Local|
+|Default container|CN=Builtin, DC=<domain>, DC=|
+|Default members|None|
+|Default member of|None|
+|Protected by ADMINSDHOLDER?|No|
+|Safe to move out of default container?|Cannot be moved|
+|Safe to delegate management of this group to non-Service admins?|Yes|
+|Default User Rights|None|
### Performance Log Users
@@ -2456,56 +899,17 @@ The Performance Log Users group applies to versions of the Windows Server operat
This security group has not changed since Windows Server 2008.
-
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-32-559|
+|Type|Builtin Local|
+|Default container|CN=Builtin, DC=<domain>, DC=|
+|Default members|None|
+|Default member of|None|
+|Protected by ADMINSDHOLDER?|No|
+|Safe to move out of default container?|Cannot be moved|
+|Safe to delegate management of this group to non-Service admins?|Yes|
+|Default User Rights|[Log on as a batch job](/windows/device-security/security-policy-settings/log-on-as-a-batch-job): SeBatchLogonRight|
@@ -2537,56 +941,17 @@ The Performance Monitor Users group applies to versions of the Windows Server op
This security group has not changed since Windows Server 2008.
-
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-32-558|
+|Type|Builtin Local|
+|Default container|CN=Builtin, DC=<domain>, DC=|
+|Default members|None|
+|Default member of|None|
+|Protected by ADMINSDHOLDER?|No|
+|Safe to move out of default container?|Cannot be moved|
+|Safe to delegate management of this group to non-Service admins?|Yes|
+|Default User Rights|None|
### Pre–Windows 2000 Compatible Access
@@ -2601,57 +966,17 @@ The Pre–Windows 2000 Compatible Access group applies to versions of the Windo
This security group has not changed since Windows Server 2008.
-
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-32-554|
+|Type|Builtin Local|
+|Default container|CN=Builtin, DC=<domain>, DC=|
+|Default members|If you choose the Pre–Windows 2000 Compatible Permissions mode, Everyone and Anonymous are members, and if you choose the Windows 2000-only permissions mode, Authenticated Users are members.|
+|Default member of|None|
+|Protected by ADMINSDHOLDER?|No|
+|Safe to move out of default container?|Cannot be moved|
+|Safe to delegate management of this group to non-Service admins?|No|
+|Default User Rights|[Access this computer from the network](/windows/device-security/security-policy-settings/access-this-computer-from-the-network): SeNetworkLogonRight
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-32-550|
+|Type|Builtin Local|
+|Default container|CN=Builtin, DC=<domain>, DC=|
+|Default members|None|
+|Default member of|None|
+|Protected by ADMINSDHOLDER?|Yes|
+|Safe to move out of default container?|Cannot be moved|
+|Safe to delegate management of this group to non-Service admins?|No|
+|Default User Rights|[Allow log on locally](/windows/device-security/security-policy-settings/allow-log-on-locally): SeInteractiveLogonRight
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-known SID/RID|S-1-5-21-<domain>-525|
+|Type|Global|
+|Default container|CN=Users, DC=<domain>, DC=|
+|Default members|None|
+|Default member of|None|
+|Protected by ADMINSDHOLDER?|No|
+|Safe to move out of default container?|Yes|
+|Safe to delegate management of this group to non-service admins?|No|
+|Default user rights|None|
### RAS and IAS Servers
@@ -2805,58 +1046,17 @@ The RAS and IAS Servers group applies to versions of the Windows Server operatin
This security group has not changed since Windows Server 2008.
-
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-21-<domain>-553|
+|Type|Builtin Local|
+|Default container|CN=Users, DC=<domain>, DC=|
+|Default members|None|
+|Default member of|None|
+|Protected by ADMINSDHOLDER?|No|
+|Safe to move out of default container?|Yes|
+|Safe to delegate management of this group to non-Service admins?|Yes|
+|Default User Rights|None|
### RDS Endpoint Servers
@@ -2866,58 +1066,18 @@ For information about Remote Desktop Services, see [Host desktops and apps in Re
This security group was introduced in Windows Server 2012, and it has not changed in subsequent versions.
-
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-32-576|
+|Type|Builtin Local|
+|Default container|CN=Builtin, DC=<domain>, DC=|
+|Default members|None|
+|Default member of|None|
+|Protected by ADMINSDHOLDER?|No|
+|Safe to move out of default container?|Cannot be moved|
+|Safe to delegate management of this group to non-Service admins?||
+|Default User Rights|None|
-
### RDS Management Servers
@@ -2925,58 +1085,17 @@ Servers that are members in the RDS Management Servers group can be used to perf
This security group was introduced in Windows Server 2012, and it has not changed in subsequent versions.
-
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-32-577|
+|Type|Builtin Local|
+|Default container|CN=Builtin, DC=<domain>, DC=|
+|Default members|None|
+|Default member of|None|
+|Protected by ADMINSDHOLDER?|No|
+|Safe to move out of default container?|Cannot be moved|
+|Safe to delegate management of this group to non-Service admins?||
+|Default User Rights|None|
### RDS Remote Access Servers
@@ -2986,59 +1105,18 @@ For more information, see [Host desktops and apps in Remote Desktop Services](/w
This security group was introduced in Windows Server 2012, and it has not changed in subsequent versions.
-
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-32-575|
+|Type|Builtin Local|
+|Default container|CN=Builtin, DC=<domain>, DC=|
+|Default members|None|
+|Default member of|None|
+|Protected by ADMINSDHOLDER?|No|
+|Safe to move out of default container?|Cannot be moved|
+|Safe to delegate management of this group to non-Service admins?||
+|Default User Rights|None|
-
### Read-Only Domain Controllers
This group is comprised of the Read-only domain controllers in the domain. A Read-only domain controller makes it possible for organizations to easily deploy a domain controller in scenarios where physical security cannot be guaranteed, such as branch office locations, or in scenarios where local storage of all domain passwords is considered a primary threat, such as in an extranet or in an application-facing role.
@@ -3059,57 +1137,17 @@ For information about deploying a Read-only domain controller, see [Understandin
This security group was introduced in Windows Server 2008, and it has not changed in subsequent versions.
-
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-21-<domain>-521|
+|Type|Global|
+|Default container|CN=Users, DC=<domain>, DC=|
+|Default members|None|
+|Default member of|[Denied RODC Password Replication Group](#bkmk-deniedrodcpwdrepl)|
+|Protected by ADMINSDHOLDER?|Yes|
+|Safe to move out of default container?|Yes|
+|Safe to delegate management of this group to non-Service admins?||
+|Default User Rights|See [Denied RODC Password Replication Group](#bkmk-deniedrodcpwdrepl)|
### Remote Desktop Users
@@ -3119,56 +1157,17 @@ The Remote Desktop Users group applies to versions of the Windows Server operati
This security group has not changed since Windows Server 2008.
-
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-32-555|
+|Type|Builtin Local|
+|Default container|CN=Builtin, DC=<domain>, DC=|
+|Default members|None|
+|Default member of|None|
+|Protected by ADMINSDHOLDER?|No|
+|Safe to move out of default container?|Cannot be moved|
+|Safe to delegate management of this group to non-Service admins?|Yes|
+|Default User Rights|None|
@@ -3183,58 +1182,17 @@ For more information, see [What's New in MI?](/previous-versions/windows/desktop
This security group was introduced in Windows Server 2012, and it has not changed in subsequent versions.
-
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-32-580|
+|Type|Builtin Local|
+|Default container|CN=Builtin, DC=<domain>, DC=|
+|Default members|None|
+|Default member of|None|
+|Protected by ADMINSDHOLDER?|No|
+|Safe to move out of default container?|Cannot be moved|
+|Safe to delegate management of this group to non-Service admins?||
+|Default User Rights|None|
### Replicator
@@ -3250,58 +1208,17 @@ However, Windows Server 2008 R2 servers cannot use FRS to replicate the conten
This security group has not changed since Windows Server 2008.
-
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-32-552|
+|Type|Builtin Local|
+|Default container|CN=Builtin, DC=<domain>, DC=|
+|Default members|None|
+|Default member of|None|
+|Protected by ADMINSDHOLDER?|Yes|
+|Safe to move out of default container?|Cannot be moved|
+|Safe to delegate management of this group to non-Service admins?||
+|Default User Rights|None|
### Schema Admins
@@ -3317,58 +1234,17 @@ The Schema Admins group applies to versions of the Windows Server operating syst
This security group has not changed since Windows Server 2008.
-
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-21-<root domain>-518|
+|Type|Universal (if Domain is in Native-Mode) else Global|
+|Default container|CN=Users, DC=<domain>, DC=|
+|Default members|Administrator|
+|Default member of|[Denied RODC Password Replication Group](#bkmk-deniedrodcpwdrepl)|
+|Protected by ADMINSDHOLDER?|Yes|
+|Safe to move out of default container?|Yes|
+|Safe to delegate management of this group to non-Service admins?|No|
+|Default User Rights|See [Denied RODC Password Replication Group](#bkmk-deniedrodcpwdrepl)|
### Server Operators
@@ -3380,62 +1256,17 @@ The Server Operators group applies to versions of the Windows Server operating s
This security group has not changed since Windows Server 2008.
-
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-32-549|
+|Type|Builtin Local|
+|Default container|CN=Builtin, DC=<domain>, DC=|
+|Default members|None|
+|Default member of|None|
+|Protected by ADMINSDHOLDER?|Yes|
+|Safe to move out of default container?|Cannot be moved|
+|Safe to delegate management of this group to non-Service admins?|No|
+|Default User Rights|[Allow log on locally](/windows/device-security/security-policy-settings/allow-log-on-locally): SeInteractiveLogonRight
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-32-561|
+|Type|Builtin Local|
+|Default container|CN=Builtin, DC=<domain>, DC=|
+|Default members|None|
+|Default member of|None|
+|Safe to move out of default container?|Cannot be moved|
+|Protected by ADMINSDHOLDER?|No|
+|Safe to delegate management of this group to non-Service admins?|Yes|
+|Default User Rights|None|
### Users
@@ -3560,60 +1350,17 @@ This security group includes the following changes since Windows Server 2008:
- In Windows Server 2012, the default **Member Of** list changed from Domain Users to none.
-
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-32-545|
+|Type|Builtin Local|
+|Default container|CN=Builtin, DC=<domain>, DC=|
+|Default members|Authenticated Users
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-32-560|
+|Type|Builtin Local|
+|Default container|CN=Builtin, DC=<domain>, DC=|
+|Default members|Enterprise Domain Controllers|
+|Default member of|None|
+|Protected by ADMINSDHOLDER?|No|
+|Safe to move out of default container?|Cannot be moved|
+|Safe to delegate management of this group to non-Service admins?|Yes|
+|Default user rights|None|
-
### WinRMRemoteWMIUsers\_
In Windows 8 and in Windows Server 2012, a **Share** tab was added to the Advanced Security Settings user interface. This tab displays the security properties of a remote file share. To view this information, you must have the following permissions and memberships, as appropriate for the version of Windows Server that the file server is running.
@@ -3707,56 +1413,17 @@ In Windows Server 2012, the Access Denied Assistance functionality adds the Aut
This security group was introduced in Windows Server 2012, and it has not changed in subsequent versions.
-
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Attribute|Value|
+|--- |--- |
+|Well-Known SID/RID|S-1-5-21-<domain>-<variable RI>|
+|Type|Domain local|
+|Default container|CN=Users, DC=<domain>, DC=|
+|Default members|None|
+|Default member of|None|
+|Protected by ADMINSDHOLDER?|No|
+|Safe to move out of default container?|Yes|
+|Safe to delegate management of this group to non-Service admins?||
+|Default User Rights|None|
## See also
diff --git a/windows/security/threat-protection/fips-140-validation.md b/windows/security/threat-protection/fips-140-validation.md
index 5c8dd1358e..778a829c8b 100644
--- a/windows/security/threat-protection/fips-140-validation.md
+++ b/windows/security/threat-protection/fips-140-validation.md
@@ -100,285 +100,60 @@ The following tables identify the cryptographic modules used in an operating sys
Validated Editions: Home, Pro, Enterprise, Education
-
-
-
-
-Attribute
-Value
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Cryptographic Primitives Library|[10.0.17763](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3197.pdf)|[#3197](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3197)|See Security Policy and Certificate page for algorithm information|
+|Kernel Mode Cryptographic Primitives Library|[10.0.17763](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3196.pdf)|[#3196](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3196)|See Security Policy and Certificate page for algorithm information|
+|Code Integrity|[10.0.17763](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3644.pdf)|[#3644](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3644)|See Security Policy and Certificate page for algorithm information|
+|Windows OS Loader|[10.0.17763](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3615.pdf)|[#3615](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3615)|See Security Policy and Certificate page for algorithm information|
+|Secure Kernel Code Integrity|[10.0.17763](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3651.pdf)|[#3651](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3651)|See Security Policy and Certificate page for algorithm information|
+|BitLocker Dump Filter|[10.0.17763](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3092.pdf)|[#3092](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3092)|See Security Policy and Certificate page for algorithm information|
+|Boot Manager|[10.0.17763](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3089.pdf)|[#3089](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3089)|See Security Policy and Certificate page for algorithm information|
+|Virtual TPM|[10.0.17763](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3690.pdf)|[#3690](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3690)|See Security Policy and Certificate page for algorithm information|
##### Windows 10 Spring 2018 Update (Version 1803)
Validated Editions: Home, Pro, Enterprise, Education
-
-
-Cryptographic Module
-Version (link to Security Policy)
-FIPS Certificate #
-Algorithms
-
-
-Cryptographic Primitives Library
-10.0.17763
-#3197
-See Security Policy and Certificate page for algorithm information
-
-
-Kernel Mode Cryptographic Primitives Library
-10.0.17763
-#3196
-See Security Policy and Certificate page for algorithm information
-
-
-Code Integrity
-10.0.17763
-#3644
-See Security Policy and Certificate page for algorithm information
-
-
-Windows OS Loader
-10.0.17763
-#3615
-See Security Policy and Certificate page for algorithm information
-
-
-Secure Kernel Code Integrity
-10.0.17763
-#3651
-See Security Policy and Certificate page for algorithm information
-
-
-BitLocker Dump Filter
-10.0.17763
-#3092
-See Security Policy and Certificate page for algorithm information
-
-
-Boot Manager
-10.0.17763
-#3089
-See Security Policy and Certificate page for algorithm information
-
-
-
-
-Virtual TPM
-10.0.17763
-#3690
-See Security Policy and Certificate page for algorithm information
-
-
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Cryptographic Primitives Library|[10.0.17134](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3197.pdf)|[#3197](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3197)|See Security Policy and Certificate page for algorithm information|
+|Kernel Mode Cryptographic Primitives Library|[10.0.17134](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3196.pdf)|[#3196](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3196)|See Security Policy and Certificate page for algorithm information|
+|Code Integrity|[10.0.17134](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3195.pdf)|[#3195](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3195)|See Security Policy and Certificate page for algorithm information|
+|Windows OS Loader|[10.0.17134](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3480.pdf)|[#3480](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3480)|See Security Policy and Certificate page for algorithm information|
+|Secure Kernel Code Integrity|[10.0.17134](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3096.pdf)|[#3096](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3096)|See Security Policy and Certificate page for algorithm information|
+|BitLocker Dump Filter|[10.0.17134](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3092.pdf)|[#3092](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3092)|See Security Policy and Certificate page for algorithm information|
+|Boot Manager|[10.0.17134](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3089.pdf)|[#3089](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3089)|See Security Policy and Certificate page for algorithm information|
##### Windows 10 Fall Creators Update (Version 1709)
Validated Editions: Home, Pro, Enterprise, Education, S, Surface Hub, Mobile
-
-
-Cryptographic Module
-Version (link to Security Policy)
-FIPS Certificate #
-Algorithms
-
-
-Cryptographic Primitives Library
-10.0.17134
-#3197
-See Security Policy and Certificate page for algorithm information
-
-
-Kernel Mode Cryptographic Primitives Library
-10.0.17134
-#3196
-See Security Policy and Certificate page for algorithm information
-
-
-Code Integrity
-10.0.17134
-#3195
-See Security Policy and Certificate page for algorithm information
-
-
-Windows OS Loader
-10.0.17134
-#3480
-See Security Policy and Certificate page for algorithm information
-
-
-Secure Kernel Code Integrity
-10.0.17134
-#3096
-See Security Policy and Certificate page for algorithm information
-
-
-BitLocker Dump Filter
-10.0.17134
-#3092
-See Security Policy and Certificate page for algorithm information
-
-
-
-
-Boot Manager
-10.0.17134
-#3089
-See Security Policy and Certificate page for algorithm information
-
-
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Cryptographic Primitives Library|[10.0.16299](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3197.pdf)|[#3197](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3197)|See Security Policy and Certificate page for algorithm information|
+|Kernel Mode Cryptographic Primitives Library|[10.0.16299](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3196.pdf)|[#3196](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3196)|See Security Policy and Certificate page for algorithm information|
+|Code Integrity|[10.0.16299](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3195.pdf)|[#3195](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3195)|See Security Policy and Certificate page for algorithm information|
+|Windows OS Loader|[10.0.16299](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3194.pdf)|[#3194](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3194)|See Security Policy and Certificate page for algorithm information|
+|Secure Kernel Code Integrity|[10.0.16299](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3096.pdf)|[#3096](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3096)|See Security Policy and Certificate page for algorithm information|
+|BitLocker Dump Filter|[10.0.16299](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3092.pdf)|[#3092](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3092)|See Security Policy and Certificate page for algorithm information|
+|Windows Resume|[10.0.16299](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3091.pdf)|[#3091](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3091)|See Security Policy and Certificate page for algorithm information|
+|Boot Manager|[10.0.16299](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3089.pdf)|[#3089](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3089)|See Security Policy and Certificate page for algorithm information|
##### Windows 10 Creators Update (Version 1703)
Validated Editions: Home, Pro, Enterprise, Education, S, Surface Hub, Mobile
-
-
-Cryptographic Module
-Version (link to Security Policy)
-FIPS Certificate #
-Algorithms
-
-
-Cryptographic Primitives Library
-10.0.16299
-#3197
-See Security Policy and Certificate page for algorithm information
-
-
-Kernel Mode Cryptographic Primitives Library
-10.0.16299
-#3196
-See Security Policy and Certificate page for algorithm information
-
-
-Code Integrity
-10.0.16299
-#3195
-See Security Policy and Certificate page for algorithm information
-
-
-Windows OS Loader
-10.0.16299
-#3194
-See Security Policy and Certificate page for algorithm information
-
-
-Secure Kernel Code Integrity
-10.0.16299
-#3096
-See Security Policy and Certificate page for algorithm information
-
-
-BitLocker Dump Filter
-10.0.16299
-#3092
-See Security Policy and Certificate page for algorithm information
-
-
-Windows Resume
-10.0.16299
-#3091
-See Security Policy and Certificate page for algorithm information
-
-
-
-
-Boot Manager
-10.0.16299
-#3089
-See Security Policy and Certificate page for algorithm information
-
-
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)|[10.0.15063](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3095.pdf)|[#3095](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3095)|FIPS approved algorithms: AES (Cert. [#4624](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4624)); CKG (vendor affirmed); CVL (Certs
-
-Cryptographic Module
-Version (link to Security Policy)
-FIPS Certificate #
-Algorithms
-
-
-Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)
-10.0.15063
-#3095
-
-
-Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)
-
-Kernel Mode Cryptographic Primitives Library (cng.sys)
-10.0.15063
-#3094
-
-
-
-
-Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)
-
-Boot Manager
-10.0.15063
-#3089
-
-
-Windows OS Loader
-10.0.15063
-#3090
-
-
-Windows Resume[1]
-10.0.15063
-#3091
-FIPS approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2523); SHS (Cert. #3790)
-
-
-BitLocker® Dump Filter[2]
-10.0.15063
-#3092
-FIPS approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2522); SHS (Cert. #3790)
-
-
-Code Integrity (ci.dll)
-10.0.15063
-#3093
-
-
-
-Secure Kernel Code Integrity (skci.dll)[3]
-10.0.15063
-#3096
-
-
-
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)|[10.0.14393](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2937.pdf)|[#2937](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2937)|FIPS approved algorithms: AES (Cert. [#4064](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4064)); DRBG (Cert. [#1217](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1217)); DSA (Cert. [#1098](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1098)); ECDSA (Cert. [#911](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#911)); HMAC (Cert. [#2651](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2651)); KAS (Cert. [#92](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#92)); KBKDF (Cert. [#101](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#101)); KTS (AES Cert. [#4062](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4062); key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. [#2192](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2192), [#2193, and #2195](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2193)); SHS (Cert. [#3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347)); Triple-DES (Cert. [#2227](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2227))
-
-Cryptographic Module
-Version (link to Security Policy)
-FIPS Certificate #
-Algorithms
-
-
-Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)
-10.0.14393
-#2937
-
-
-Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)
-
-Kernel Mode Cryptographic Primitives Library (cng.sys)
-10.0.14393
-#2936
-
-
-Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)
-
-Boot Manager
-10.0.14393
-#2931
-
-
-BitLocker® Windows OS Loader (winload)
-10.0.14393
-#2932
-FIPS approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
-
-
-Other algorithms: NDRNG; MD5
-
-BitLocker® Windows Resume (winresume)[1]
-10.0.14393
-#2933
-FIPS approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
-
-
-Other algorithms: MD5
-
-BitLocker® Dump Filter (dumpfve.sys)[2]
-10.0.14393
-#2934
-FIPS approved algorithms: AES (Certs. #4061 and #4064)
-
-
-Code Integrity (ci.dll)
-10.0.14393
-#2935
-
-
-Other algorithms: AES (non-compliant); MD5
-
-
-Secure Kernel Code Integrity (skci.dll)[3]
-10.0.14393
-#2938
-
-
-Other algorithms: MD5
-
-
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)|[10.0.10586](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2605.pdf)|[#2606](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2606)|FIPS approved algorithms: AES (Certs. [#3629](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3629)); DRBG (Certs. [#955](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#955)); DSA (Certs. [#1024](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1024)); ECDSA (Certs. [#760](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#760)); HMAC (Certs. [#2381](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2381)); KAS (Certs. [#72](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#72); key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. [#72](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#72)); KTS (AES Certs. [#3653](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3653); key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. [#1887](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1887), [#1888, and #1889](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1888)); SHS (Certs. [#3047](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3047)); Triple-DES (Certs. [#2024](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2024))
-
-Cryptographic Module
-Version (link to Security Policy)
-FIPS Certificate #
-Algorithms
-
-
-Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)
-10.0.10586
-#2606
-
-
-Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)
-
-Kernel Mode Cryptographic Primitives Library (cng.sys)
-10.0.10586
-#2605
-
-
-Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)
-
-Boot Manager[4]
-10.0.10586
-#2700
-FIPS approved algorithms: AES (Certs. #3653); HMAC (Cert. #2381); PBKDF (vendor affirmed); RSA (Cert. #1871); SHS (Certs. #3047 and #3048)
-
-
-Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)
-
-BitLocker® Windows OS Loader (winload)[5]
-10.0.10586
-#2701
-FIPS approved algorithms: AES (Certs. #3629 and #3653); RSA (Cert. #1871); SHS (Cert. #3048)
-
-
-Other algorithms: MD5; NDRNG
-
-BitLocker® Windows Resume (winresume)[6]
-10.0.10586
-#2702
-FIPS approved algorithms: AES (Certs. #3653); RSA (Cert. #1871); SHS (Cert. #3048)
-
-
-Other algorithms: MD5
-
-BitLocker® Dump Filter (dumpfve.sys)[7]
-10.0.10586
-#2703
-FIPS approved algorithms: AES (Certs. #3653)
-
-
-Code Integrity (ci.dll)
-10.0.10586
-#2604
-
-
-Other algorithms: AES (non-compliant); MD5
-
-
-Secure Kernel Code Integrity (skci.dll)[8]
-10.0.10586
-#2607
-
-
-Other algorithms: MD5
-
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)|[10.0.10240](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2605.pdf)|#[2606](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2606)|FIPS approved algorithms: AES (Certs. [#3497](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3497)); DRBG (Certs. [#868](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#868)); DSA (Certs. [#983](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#983)); ECDSA (Certs. [#706](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#706)); HMAC (Certs. [#2233](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2233)); KAS (Certs. [#64](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#64); key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. [#66](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#66)); KTS (AES Certs. [#3507](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3507); key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. [#1783](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1783), [#1798](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1798), and [#1802](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1802)); SHS (Certs. [#2886](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2886)); Triple-DES (Certs. [#1969](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1969))
-
-Cryptographic Module
-Version (link to Security Policy)
-FIPS Certificate #
-Algorithms
-
-
-Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)
-10.0.10240
-#2606
-
-
-Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)
-
-Kernel Mode Cryptographic Primitives Library (cng.sys)
-10.0.10240
-#2605
-
-
-Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)
-
-Boot Manager[9]
-10.0.10240
-#2600
-FIPS approved algorithms: AES (Cert. #3497); HMAC (Cert. #2233); KTS (AES Cert. #3498); PBKDF (vendor affirmed); RSA (Cert. #1784); SHS (Certs. #2871 and #2886)
-
-
-Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)
-
-BitLocker® Windows OS Loader (winload)[10]
-10.0.10240
-#2601
-FIPS approved algorithms: AES (Certs. #3497 and #3498); RSA (Cert. #1784); SHS (Cert. #2871)
-
-
-Other algorithms: MD5; NDRNG
-
-BitLocker® Windows Resume (winresume)[11]
-10.0.10240
-#2602
-FIPS approved algorithms: AES (Certs. #3497 and #3498); RSA (Cert. #1784); SHS (Cert. #2871)
-
-
-Other algorithms: MD5
-
-BitLocker® Dump Filter (dumpfve.sys)[12]
-10.0.10240
-#2603
-FIPS approved algorithms: AES (Certs. #3497 and #3498)
-
-
-Code Integrity (ci.dll)
-10.0.10240
-#2604
-
-
-Other algorithms: AES (non-compliant); MD5
-
-
-Secure Kernel Code Integrity (skci.dll)[13]
-10.0.10240
-#2607
-
-
-Other algorithms: MD5
-
-
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)|[6.3.9600 6.3.9600.17031](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2357.pdf)|[#2357](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2357)|FIPS approved algorithms: AES (Cert. [#2832](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2832)); DRBG (Certs. [#489](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#489)); DSA (Cert. [#855](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#855)); ECDSA (Cert. [#505](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#505)); HMAC (Cert. [#1773](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1773)); KAS (Cert. [#47](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#47)); KBKDF (Cert. [#30](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#30)); PBKDF (vendor affirmed); RSA (Certs. [#1487](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1487), [#1493, and #1519](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1493)); SHS (Cert. [#2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373)); Triple-DES (Cert. [#1692](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1692))
-
-Cryptographic Module
-Version (link to Security Policy)
-FIPS Certificate #
-Algorithms
-
-
-Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)
-6.3.9600 6.3.9600.17031
-#2357
-
-
-Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)#2832, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)
-
-Kernel Mode Cryptographic Primitives Library (cng.sys)
-6.3.9600 6.3.9600.17042
-#2356
-
-
-Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)
-
-Boot Manager
-6.3.9600 6.3.9600.17031
-#2351
-FIPS approved algorithms: AES (Cert. #2832); HMAC (Cert. #1773); PBKDF (vendor affirmed); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
-
-
-Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)
-
-BitLocker® Windows OS Loader (winload)
-6.3.9600 6.3.9600.17031
-#2352
-FIPS approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Cert. #2396)
-
-
-Other algorithms: MD5; NDRNG
-
-BitLocker® Windows Resume (winresume)[14]
-6.3.9600 6.3.9600.17031
-#2353
-FIPS approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
-
-
-Other algorithms: MD5
-
-BitLocker® Dump Filter (dumpfve.sys)
-6.3.9600 6.3.9600.17031
-#2354
-FIPS approved algorithms: AES (Cert. #2832)
-
-
-Other algorithms: N/A
-
-
-Code Integrity (ci.dll)
-6.3.9600 6.3.9600.17031
-#2355#2355
-
-
-Other algorithms: MD5
-
-
-
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL)|[6.2.9200](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1892.pdf)|[#1892](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/1401val2013.htm#1892)|FIPS approved algorithms: AES (Certs. [#2197](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2197) and [#2216](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2216)); DRBG (Certs. [#258](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258)); DSA (Cert. [#687](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#687)); ECDSA (Cert. [#341](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#341)); HMAC (Cert. [#1345](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1345)); KAS (Cert. [#36](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#36)); KBKDF (Cert. [#3](http://csrc.nist.gov/groups/stm/cavp/documents/kbkdf800-108/kbkdfval.htm#3)); PBKDF (vendor affirmed); RSA (Certs. [#1133](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1133) and [#1134](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1134)); SHS (Cert. [#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903)); Triple-DES (Cert. [#1387](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1387))
-
-Cryptographic Module
-Version (link to Security Policy)
-FIPS Certificate #
-Algorithms
-
-
-Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL)
-6.2.9200
-#1892
-FIPS approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258); DSA (Cert. #687); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
-
-
-Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258); DSA (Cert.); ECDSA (Cert.); HMAC (Cert.); KAS (Cert); KBKDF (Cert.); PBKDF (vendor affirmed); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.)
-
-
-
-Kernel Mode Cryptographic Primitives Library (cng.sys)
-6.2.9200
-#1891
-FIPS approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RNG (Cert. #1110); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
-
-
-Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258 and); ECDSA (Cert.); HMAC (Cert.); KAS (Cert.); KBKDF (Cert.); PBKDF (vendor affirmed); RNG (Cert.); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.)
-
-Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)
-
-Boot Manager
-6.2.9200
-#1895
-FIPS approved algorithms: AES (Certs. #2196 and #2198); HMAC (Cert. #1347); RSA (Cert. #1132); SHS (Cert. #1903)
-
-
-Other algorithms: MD5
-
-BitLocker® Windows OS Loader (WINLOAD)
-6.2.9200
-#1896
-FIPS approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
-
-
-Other algorithms: AES (Cert. #2197; non-compliant); MD5; Non-Approved RNG
-
-BitLocker® Windows Resume (WINRESUME)[15]
-6.2.9200
-#1898
-FIPS approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
-
-
-Other algorithms: MD5
-
-BitLocker® Dump Filter (DUMPFVE.SYS)
-6.2.9200
-#1899
-FIPS approved algorithms: AES (Certs. #2196 and #2198)
-
-
-Other algorithms: N/A
-
-Code Integrity (CI.DLL)
-6.2.9200
-#1897
-FIPS approved algorithms: RSA (Cert. #1132); SHS (Cert. #1903)
-
-
-Other algorithms: MD5
-
-Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL)
-6.2.9200
-#1893
-FIPS approved algorithms: DSA (Cert. #686); SHS (Cert. #1902); Triple-DES (Cert. #1386); Triple-DES MAC (Triple-DES Cert. #1386, vendor affirmed)
-
-
-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#1902); Triple-DES (Cert.); Triple-DES MAC (Triple-DES Certificate, vendor affirmed)
-
-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Certificate, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
-
-
-Enhanced Cryptographic Provider (RSAENH.DLL)
-6.2.9200
-#1894
-FIPS approved algorithms: AES (Cert. #2196); HMAC (Cert. #1346); RSA (Cert. #1132); SHS (Cert. #1902); Triple-DES (Cert. #1386)
-
-
-Other algorithms: AES (Cert. #2196, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
-
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL)|[6.1.7600.16385](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1329.pdf)
-
-Cryptographic Module
-Version (link to Security Policy)
-FIPS Certificate #
-Algorithms
-
-
-Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL)
-
-
-1329
-FIPS approved algorithms: AES (Certs. #1168 and #1178); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #24); DSA (Cert. #386); ECDSA (Cert. #141); HMAC (Cert. #677); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 bits to 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #560); SHS (Cert. #1081); Triple-DES (Cert. #846)
-
-
-Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4#559 and); SHS (Cert.); Triple-DES (Cert.)
-
-Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4
-
-Kernel Mode Cryptographic Primitives Library (cng.sys)
-
-
-
-
-
-
-
-
-1328
-FIPS approved algorithms: AES (Certs. #1168 and #1178); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #24); ECDSA (Cert. #141); HMAC (Cert. #677); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 bits to 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #560); SHS (Cert. #1081); Triple-DES (Cert. #846)
-
-
-Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4
-
-Boot Manager
-
-
-1319
-FIPS approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); RSA (Cert. #557); SHS (Cert. #1081)
-
-
-Other algorithms: MD5#1168 and); HMAC (Cert.); RSA (Cert.); SHS (Cert.)
-
-Other algorithms: MD5
-
-Winload OS Loader (winload.exe)
-
-
-
-
-
-
-
-
-1326
-FIPS approved algorithms: AES (Certs. #1168 and #1177); RSA (Cert. #557); SHS (Cert. #1081)
-
-
-Other algorithms: MD5
-
-BitLocker™ Drive Encryption
-
-
-
-
-
-
-
-
-
-
-
-
-1332
-FIPS approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); SHS (Cert. #1081)
-
-
-Other algorithms: Elephant Diffuser
-
-Code Integrity (CI.DLL)
-
-
-
-
-
-
-1327
-FIPS approved algorithms: RSA (Cert. #557); SHS (Cert. #1081)
-
-
-Other algorithms: MD5
-
-Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL)
-6.1.7600.16385
-
-(no change in SP1)1331
-FIPS approved algorithms: DSA (Cert. #385); RNG (Cert. #649); SHS (Cert. #1081); Triple-DES (Cert. #846); Triple-DES MAC (Triple-DES Cert. #846, vendor affirmed)
-
-
-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4
-
-
-Enhanced Cryptographic Provider (RSAENH.DLL)
-6.1.7600.16385
-
-(no change in SP1)1330
-FIPS approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #673); SHS (Cert. #1081); RSA (Certs. #557 and #559); Triple-DES (Cert. #846)
-
-
-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
-
-
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Boot Manager (bootmgr)|[6.0.6001.18000 and 6.0.6002.18005](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp978.pdf)|[978](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/978)|FIPS approved algorithms: AES (Certs. [#739](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#739) and [#760](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#760)); HMAC (Cert. [#415](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#415)); RSA (Cert. [#354](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#354)); SHS (Cert. [#753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753))|
+|Winload OS Loader (winload.exe)|[6.0.6001.18000, 6.0.6001.18027, 6.0.6001.18606, 6.0.6001.22125, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411 and 6.0.6002.22596](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp979.pdf)|[979](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/979)|FIPS approved algorithms: AES (Certs. [#739](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#739) and [#760](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#760)); RSA (Cert. [#354](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#354)); SHS (Cert. [#753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753))
-
-Cryptographic Module
-Version (link to Security Policy)
-FIPS Certificate #
-Algorithms
-
-
-Boot Manager (bootmgr)
-6.0.6001.18000 and 6.0.6002.18005
-978
-FIPS approved algorithms: AES (Certs. #739 and #760); HMAC (Cert. #415); RSA (Cert. #354); SHS (Cert. #753)
-
-
-Winload OS Loader (winload.exe)
-6.0.6001.18000, 6.0.6001.18027, 6.0.6001.18606, 6.0.6001.22125, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411 and 6.0.6002.22596
-979
-FIPS approved algorithms: AES (Certs. #739 and #760); RSA (Cert. #354); SHS (Cert. #753)
-
-
-Other algorithms: MD5
-
-Code Integrity (ci.dll)
-6.0.6001.18000, 6.0.6001.18023, 6.0.6001.22120, and 6.0.6002.18005
-980
-FIPS approved algorithms: RSA (Cert. #354); SHS (Cert. #753)
-
-
-Other algorithms: MD5
-
-Kernel Mode Security Support Provider Interface (ksecdd.sys)
-6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742, and 6.0.6002.22869
-1000
-
-
-Cryptographic Primitives Library (bcrypt.dll)
-6.0.6001.22202, 6.0.6002.18005, and 6.0.6002.22872
-1001
-
-
-Enhanced Cryptographic Provider (RSAENH)
-6.0.6001.22202 and 6.0.6002.18005
-1002
-
-
-
-Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)
-6.0.6001.18000 and 6.0.6002.18005
-1003
-
-
-
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Enhanced Cryptographic Provider (RSAENH) | [6.0.6000.16386](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp893.pdf) | [893](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/893) | FIPS approved algorithms: AES (Cert. [#553](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#553)); HMAC (Cert. [#297](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#297)); RNG (Cert. [#321](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#321)); RSA (Certs. [#255](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#255) and [#258](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#258)); SHS (Cert. [#618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618)); Triple-DES (Cert. [#549](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#549))
-
-Cryptographic Module
-Version (link to Security Policy)
-FIPS Certificate #
-Algorithms
-
-
-Enhanced Cryptographic Provider (RSAENH)
-6.0.6000.16386
-893
-FIPS approved algorithms: AES (Cert. #553); HMAC (Cert. #297); RNG (Cert. #321); RSA (Certs. #255 and #258); SHS (Cert. #618); Triple-DES (Cert. #549)
-
-
-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
-
-Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)
-6.0.6000.16386
-894
-FIPS approved algorithms: DSA (Cert. #226); RNG (Cert. #321); SHS (Cert. #618); Triple-DES (Cert. #549); Triple-DES MAC (Triple-DES Cert. #549, vendor affirmed)
-
-
-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4
-
-BitLocker™ Drive Encryption
-6.0.6000.16386
-947
-FIPS approved algorithms: AES (Cert. #715); HMAC (Cert. #386); SHS (Cert. #737)
-
-
-Other algorithms: Elephant Diffuser
-
-
-Kernel Mode Security Support Provider Interface (ksecdd.sys)
-6.0.6000.16386, 6.0.6000.16870 and 6.0.6000.21067
-891
-FIPS approved algorithms: AES (Cert. #553); ECDSA (Cert. #60); HMAC (Cert. #298); RNG (Cert. #321); RSA (Certs. #257 and #258); SHS (Cert. #618); Triple-DES (Cert. #549)
-
-
-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits to 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; HMAC MD5
Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)|
+|Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)|[6.0.6000.16386](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp894.pdf)|[894](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/894)|FIPS approved algorithms: DSA (Cert. [#226](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#226)); RNG (Cert. [#321](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#321)); SHS (Cert. [#618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618)); Triple-DES (Cert. [#549](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#549)); Triple-DES MAC (Triple-DES Cert. [#549](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#549), vendor affirmed)
Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4|
+|BitLocker™ Drive Encryption|[6.0.6000.16386](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp947.pdf)|[947](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/947)|FIPS approved algorithms: AES (Cert. [#715](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#715)); HMAC (Cert. [#386](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#386)); SHS (Cert. [#737](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#737))
Other algorithms: Elephant Diffuser|
+|Kernel Mode Security Support Provider Interface (ksecdd.sys)|[6.0.6000.16386, 6.0.6000.16870 and 6.0.6000.21067](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp891.pdf)|[891](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/891)|FIPS approved algorithms: AES (Cert. #553); ECDSA (Cert. #60); HMAC (Cert. #298); RNG (Cert. #321); RSA (Certs. #257 and #258); SHS (Cert. #618); Triple-DES (Cert. #549)
Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits to 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; HMAC MD5|
##### Windows XP SP3
-
-
-
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Kernel Mode Cryptographic Module (FIPS.SYS)|[5.1.2600.5512](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp997.pdf)|[997](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/997)|FIPS approved algorithms: HMAC (Cert. [#429](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#429)); RNG (Cert. [#449](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#449)); SHS (Cert. [#785](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#785)); Triple-DES (Cert. [#677](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#677)); Triple-DES MAC (Triple-DES Cert. [#677](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#677), vendor affirmed)
-
-Cryptographic Module
-Version (link to Security Policy)
-FIPS Certificate #
-Algorithms
-
-
-Kernel Mode Cryptographic Module (FIPS.SYS)
-5.1.2600.5512
-997
-
-
-Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)
-5.1.2600.5507
-990
-
-
-
-Enhanced Cryptographic Provider (RSAENH)
-5.1.2600.5507
-989
-
-
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|DSS/Diffie-Hellman Enhanced Cryptographic Provider|[5.1.2600.2133](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp240.pdf)|[240](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/240)|FIPS approved algorithms: Triple-DES (Cert. [#16](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#16)); DSA/SHA-1 (Cert. [#29](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#29))
-
-Cryptographic Module
-Version (link to Security Policy)
-FIPS Certificate #
-Algorithms
-
-
-DSS/Diffie-Hellman Enhanced Cryptographic Provider
-5.1.2600.2133
-240
-
-
-
-Microsoft Enhanced Cryptographic Provider
-5.1.2600.2161
-238
-
-
-
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Microsoft Enhanced Cryptographic Provider|[5.1.2600.1029](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp238.pdf)|[238](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/238)|FIPS approved algorithms: Triple-DES (Cert. [#81](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#81)); AES (Cert. [#33](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#33)); SHA-1 (Cert. [#83](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#83)); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. [#83](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#83), vendor affirmed)
-
-Cryptographic Module
-Version (link to Security Policy)
-FIPS Certificate #
-Algorithms
-
-
-
-Microsoft Enhanced Cryptographic Provider
-5.1.2600.1029
-238
-
-
-
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Kernel Mode Cryptographic Module|[5.1.2600.0](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp241.pdf)|[241](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/241)|FIPS approved algorithms: Triple-DES (Cert. [#16](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#16)); DSA/SHA-1 (Cert. [#35](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#35)); HMAC-SHA-1 (Cert. [#35](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#35), vendor affirmed)
-
-Cryptographic Module
-Version (link to Security Policy)
-FIPS Certificate #
-Algorithms
-
-
-
-Kernel Mode Cryptographic Module
-5.1.2600.0
-241
-
-
-
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Kernel Mode Cryptographic Module (FIPS.SYS)|[5.0.2195.1569](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp106.pdf)|[106](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/106)|FIPS approved algorithms: Triple-DES (Cert. [#16](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#16)); SHA-1 (Certs. [#35](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#35))
-
-Cryptographic Module
-Version (link to Security Policy)
-FIPS Certificate #
-Algorithms
-
-
-Kernel Mode Cryptographic Module (FIPS.SYS)
-5.0.2195.1569
-106
-
-
-
-Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider
-103
-
-
-
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Kernel Mode Cryptographic Module (FIPS.SYS)|[5.0.2195.1569](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp106.pdf)|[106](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/106)|FIPS approved algorithms: Triple-DES (Cert. [#16](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#16)); SHA-1 (Certs. [#35](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#35))
-
-Cryptographic Module
-Version (link to Security Policy)
-FIPS Certificate #
-Algorithms
-
-
-Kernel Mode Cryptographic Module (FIPS.SYS)
-5.0.2195.1569
-106
-
-
-
-Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider
-
-
-
-
-
-
-
-
-103
-
-
-
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider|([Base DSS: 5.0.2150.1391 [SP1])](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp103.pdf)
-
-Cryptographic Module
-Version (link to Security Policy)
-FIPS Certificate #
-Algorithms
-
-
-
-Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider
-103
-
-
-
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider|[5.0.2150.1](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp76.pdf)|[76](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/76)|FIPS approved algorithms: Triple-DES (vendor affirmed); DSA/SHA-1 (Certs. [#28](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#28) and [29](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#29)); RSA (vendor affirmed)
-
-Cryptographic Module
-Version (link to Security Policy)
-FIPS Certificate #
-Algorithms
-
-
-
-Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider
-5.0.2150.1
-76
-
-
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider|[5.0.1877.6 and 5.0.1877.7](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp75.pdf)|[75](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/75)|FIPS approved algorithms: Triple-DES (vendor affirmed); SHA-1 (Certs. [#20](https://social.msdn.microsoft.com/forums/en-us/f93c9ee5-89b9-41a4-96c4-6eb9346625b9/msrai-msra-parsing-remote-assistance-packets-in-network-monitor?forum=os_windowsprotocolshttps://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#20) and [21](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#21)); DSA/SHA-1 (Certs. [#25](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#25) and [26](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#26)); RSA (vendor- affirmed)
-
-Cryptographic Module
-Version (link to Security Policy)
-FIPS Certificate #
-Algorithms
-
-
-
-Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider
-5.0.1877.6 and 5.0.1877.7
-75
-
-
-
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Base Cryptographic Provider|[5.0.1877.6 and 5.0.1877.7](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp68.pdf)|[68](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/68)|FIPS approved algorithms: SHA-1 (Certs. [#20](https://social.msdn.microsoft.com/forums/en-us/f93c9ee5-89b9-41a4-96c4-6eb9346625b9/msrai-msra-parsing-remote-assistance-packets-in-network-monitor?forum=os_windowsprotocolshttps://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#20) and [21](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#21)); DSA/SHA- 1 (Certs. [#25](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#25) and [26](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#26)); RSA (vendor affirmed)
-
-Cryptographic Module
-Version (link to Security Policy)
-FIPS Certificate #
-Algorithms
-
-
-
-Base Cryptographic Provider
-5.0.1877.6 and 5.0.1877.7
-68
-FIPS approved algorithms: SHA-1 (Certs. #20 and 21); DSA/SHA- 1 (Certs. #25 and 26); RSA (vendor affirmed)
-
-
-Other algorithms: DES (Certs. #61, 62, 63 and 64); Triple-DES (allowed for US and Canadian Government use); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)
-
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Cryptographic Primitives Library|[10.0.17763](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3197.pdf)|[#3197](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3197)|See Security Policy and Certificate page for algorithm information|
+|Kernel Mode Cryptographic Primitives Library|[10.0.17763](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3196.pdf)|[#3196](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3196)|See Security Policy and Certificate page for algorithm information|
+|Code Integrity|[10.0.17763](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3644.pdf)|[#3644](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3644)|See Security Policy and Certificate page for algorithm information|
+|Windows OS Loader|[10.0.17763](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3615.pdf)|[#3615](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3615)|See Security Policy and Certificate page for algorithm information|
+|Secure Kernel Code Integrity|[10.0.17763](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3651.pdf)|[#3651](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3651)|See Security Policy and Certificate page for algorithm information|
+|BitLocker Dump Filter|[10.0.17763](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3092.pdf)|[#3092](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3092)|See Security Policy and Certificate page for algorithm information|
+|Boot Manager|[10.0.17763](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3089.pdf)|[#3089](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3089)|See Security Policy and Certificate page for algorithm information|
+|Virtual TPM|[10.0.17763](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3690.pdf)|[#3690](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3690)|See Security Policy and Certificate page for algorithm information|
##### Windows Server (Version 1803)
Validated Editions: Standard, Datacenter
-
-
-Cryptographic Module
-Version (link to Security Policy)
-FIPS Certificate #
-Algorithms
-
-
-Cryptographic Primitives Library
-10.0.17763
-#3197
-See Security Policy and Certificate page for algorithm information
-
-
-Kernel Mode Cryptographic Primitives Library
-10.0.17763
-#3196
-See Security Policy and Certificate page for algorithm information
-
-
-Code Integrity
-10.0.17763
-#3644
-See Security Policy and Certificate page for algorithm information
-
-
-Windows OS Loader
-10.0.17763
-#3615
-See Security Policy and Certificate page for algorithm information
-
-
-Secure Kernel Code Integrity
-10.0.17763
-#3651
-See Security Policy and Certificate page for algorithm information
-
-
-BitLocker Dump Filter
-10.0.17763
-#3092
-See Security Policy and Certificate page for algorithm information
-
-
-Boot Manager
-10.0.17763
-#3089
-See Security Policy and Certificate page for algorithm information
-
-
-
-
-Virtual TPM
-10.0.17763
-#3690
-See Security Policy and Certificate page for algorithm information
-
-
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Cryptographic Primitives Library|[10.0.17134](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3197.pdf)|[#3197](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3197)|See Security Policy and Certificate page for algorithm information|
+|Kernel Mode Cryptographic Primitives Library|[10.0.17134](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3196.pdf)|[#3196](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3196)|See Security Policy and Certificate page for algorithm information|
+|Code Integrity|[10.0.17134](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3195.pdf)|[#3195](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3195)|See Security Policy and Certificate page for algorithm information|
+|Windows OS Loader|[10.0.17134](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3480.pdf)|[#3480](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3480)|See Security Policy and Certificate page for algorithm information|
+|Secure Kernel Code Integrity|[10.0.17134](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3096.pdf)|[#3096](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3096)|See Security Policy and Certificate page for algorithm information|
+|BitLocker Dump Filter|[10.0.17134](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3092.pdf)|[#3092](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3092)|See Security Policy and Certificate page for algorithm information|
+|Boot Manager|[10.0.17134](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3089.pdf)|[#3089](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3089)|See Security Policy and Certificate page for algorithm information|
##### Windows Server (Version 1709)
Validated Editions: Standard, Datacenter
-
-
-Cryptographic Module
-Version (link to Security Policy)
-FIPS Certificate #
-Algorithms
-
-
-Cryptographic Primitives Library
-10.0.17134
-#3197
-See Security Policy and Certificate page for algorithm information
-
-
-Kernel Mode Cryptographic Primitives Library
-10.0.17134
-#3196
-See Security Policy and Certificate page for algorithm information
-
-
-Code Integrity
-10.0.17134
-#3195
-See Security Policy and Certificate page for algorithm information
-
-
-Windows OS Loader
-10.0.17134
-#3480
-See Security Policy and Certificate page for algorithm information
-
-
-Secure Kernel Code Integrity
-10.0.17134
-#3096
-See Security Policy and Certificate page for algorithm information
-
-
-BitLocker Dump Filter
-10.0.17134
-#3092
-See Security Policy and Certificate page for algorithm information
-
-
-
-
-Boot Manager
-10.0.17134
-#3089
-See Security Policy and Certificate page for algorithm information
-
-
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Cryptographic Primitives Library|[10.0.16299](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3197.pdf)|[#3197](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3197)|See Security Policy and Certificate page for algorithm information|
+|Kernel Mode Cryptographic Primitives Library|[10.0.16299](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3196.pdf)|[#3196](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3196)|See Security Policy and Certificate page for algorithm information|
+|Code Integrity|[10.0.16299](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3195.pdf)|[#3195](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3195)|See Security Policy and Certificate page for algorithm information|
+|Windows OS Loader|[10.0.16299](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3194.pdf)|[#3194](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3194)|See Security Policy and Certificate page for algorithm information|
+|Secure Kernel Code Integrity|[10.0.16299](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3096.pdf)|[#3096](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3096)|See Security Policy and Certificate page for algorithm information|
+|BitLocker Dump Filter|[10.0.16299](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3092.pdf)|[#3092](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3092)|See Security Policy and Certificate page for algorithm information|
+|Windows Resume|[10.0.16299](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3091.pdf)|[#3091](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3091)|See Security Policy and Certificate page for algorithm information|
+|Boot Manager|[10.0.16299](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3089.pdf)|[#3089](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3089)|See Security Policy and Certificate page for algorithm information|
##### Windows Server 2016
Validated Editions: Standard, Datacenter, Storage Server
-
-
-Cryptographic Module
-Version (link to Security Policy)
-FIPS Certificate #
-Algorithms
-
-
-Cryptographic Primitives Library
-10.0.16299
-#3197
-See Security Policy and Certificate page for algorithm information
-
-
-Kernel Mode Cryptographic Primitives Library
-10.0.16299
-#3196
-See Security Policy and Certificate page for algorithm information
-
-
-Code Integrity
-10.0.16299
-#3195
-See Security Policy and Certificate page for algorithm information
-
-
-Windows OS Loader
-10.0.16299
-#3194
-See Security Policy and Certificate page for algorithm information
-
-
-Secure Kernel Code Integrity
-10.0.16299
-#3096
-See Security Policy and Certificate page for algorithm information
-
-
-BitLocker Dump Filter
-10.0.16299
-#3092
-See Security Policy and Certificate page for algorithm information
-
-
-Windows Resume
-10.0.16299
-#3091
-See Security Policy and Certificate page for algorithm information
-
-
-
-
-Boot Manager
-10.0.16299
-#3089
-See Security Policy and Certificate page for algorithm information
-
-
-
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)|[10.0.14393](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2937.pdf)|[2937](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2937)|FIPS approved algorithms: AES (Cert. [#4064](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4064)); DRBG (Cert. [#1217](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1217)); DSA (Cert. [#1098](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1098)); ECDSA (Cert. [#911](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#911)); HMAC (Cert. [#2651](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2651)); KAS (Cert. [#92](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#92)); KBKDF (Cert. [#101](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#101)); KTS (AES Cert. [#4062](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4062); key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. [#2192](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2192), [#2193, and #2195](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2193)); SHS (Cert. [#3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347)); Triple-DES (Cert. [#2227](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2227))
-
-Cryptographic Module
-Version (link to Security Policy)
-FIPS Certificate #
-Algorithms
-
-
-Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)
-10.0.14393
-2937
-FIPS approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193, and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)
-
-
-Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)
-
-Kernel Mode Cryptographic Primitives Library (cng.sys)
-10.0.14393
-2936
-FIPS approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193, and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)
-
-
-Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)
-
-Boot Manager
-10.0.14393
-2931
-
-
-BitLocker® Windows OS Loader (winload)
-10.0.14393
-2932
-FIPS approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
-
-
-Other algorithms: NDRNG; MD5
-
-BitLocker® Windows Resume (winresume)
-10.0.14393
-2933
-FIPS approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
-
-
-Other algorithms: MD5
-
-BitLocker® Dump Filter (dumpfve.sys)
-10.0.14393
-2934
-FIPS approved algorithms: AES (Certs. #4061 and #4064)
-
-
-Code Integrity (ci.dll)
-10.0.14393
-2935
-FIPS approved algorithms: RSA (Cert. #2193); SHS (Cert. #3347)
-
-
-Other algorithms: AES (non-compliant); MD5
-
-
-Secure Kernel Code Integrity (skci.dll)
-10.0.14393
-2938
-FIPS approved algorithms: RSA (Certs. #2193); SHS (Certs. #3347)
-
-
-Other algorithms: MD5
-
-
-
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)|[6.3.9600 6.3.9600.17031](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2357.pdf)|[2357](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2357)|FIPS approved algorithms: AES (Cert. [#2832](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2832)); DRBG (Certs. [#489](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#489)); DSA (Cert. [#855](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#855)); ECDSA (Cert. [#505](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#505)); HMAC (Cert. [#1773](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1773)); KAS (Cert. [#47](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#47)); KBKDF (Cert. [#30](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#30)); PBKDF (vendor affirmed); RSA (Certs. [#1487](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1487), [#1493, and #1519](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1493)); SHS (Cert. [#2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373)); Triple-DES (Cert. [#1692](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1692))
-
-Cryptographic Module
-Version (link to Security Policy)
-FIPS Certificate #
-Algorithms
-
-
-Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)
-6.3.9600 6.3.9600.17031
-2357
-FIPS approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); DSA (Cert. #855); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493, and #1519); SHS (Cert. #2373); Triple-DES (Cert. #1692)
-
-
-Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)
-
-Kernel Mode Cryptographic Primitives Library (cng.sys)
-6.3.9600 6.3.9600.17042
-2356
-FIPS approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493, and #1519); SHS (Cert. # 2373); Triple-DES (Cert. #1692)
-
-
-Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)
-
-Boot Manager
-6.3.9600 6.3.9600.17031
-2351
-FIPS approved algorithms: AES (Cert. #2832); HMAC (Cert. #1773); PBKDF (vendor affirmed); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
-
-
-Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)
-
-BitLocker® Windows OS Loader (winload)
-6.3.9600 6.3.9600.17031
-2352
-FIPS approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Cert. #2396)
-
-
-Other algorithms: MD5; NDRNG
-
-BitLocker® Windows Resume (winresume)[16]
-6.3.9600 6.3.9600.17031
-2353
-FIPS approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
-
-
-Other algorithms: MD5
-
-BitLocker® Dump Filter (dumpfve.sys)[17]
-6.3.9600 6.3.9600.17031
-2354
-FIPS approved algorithms: AES (Cert. #2832)
-
-
-Other algorithms: N/A
-
-
-Code Integrity (ci.dll)
-6.3.9600 6.3.9600.17031
-2355
-FIPS approved algorithms: RSA (Cert. #1494); SHS (Cert. # 2373)
-
-
-Other algorithms: MD5
-
-
-
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL)|[6.2.9200](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1892.pdf)|[1892](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/1401val2013.htm#1892)|FIPS approved algorithms: AES (Certs. [#2197](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2197) and [#2216](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2216)); DRBG (Certs. [#258](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258)); DSA (Cert. [#687](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#687)); ECDSA (Cert. [#341](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#341)); HMAC (Cert. #[1345](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1345)); KAS (Cert. [#36](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#36)); KBKDF (Cert. [#3](http://csrc.nist.gov/groups/stm/cavp/documents/kbkdf800-108/kbkdfval.htm#3)); PBKDF (vendor affirmed); RSA (Certs. [#1133](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1133) and [#1134](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1134)); SHS (Cert. [#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903)); Triple-DES (Cert. [#1387](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1387))
-
-Cryptographic Module
-Version (link to Security Policy)
-FIPS Certificate #
-Algorithms
-
-
-Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL)
-6.2.9200
-1892
-FIPS approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258); DSA (Cert. #687); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
-
-
-Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#687); ECDSA (Cert.); HMAC (Cert. #); KAS (Cert.); KBKDF (Cert.); PBKDF (vendor affirmed); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.)
-
-Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)
-
-Kernel Mode Cryptographic Primitives Library (cng.sys)
-6.2.9200
-1891
-FIPS approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RNG (Cert. #1110); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
-
-
-Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#1110); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.)
-
-Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)
-
-Boot Manager
-6.2.9200
-1895
-FIPS approved algorithms: AES (Certs. #2196 and #2198); HMAC (Cert. #1347); RSA (Cert. #1132); SHS (Cert. #1903)
-
-
-Other algorithms: MD5
-
-BitLocker® Windows OS Loader (WINLOAD)
-6.2.9200
-1896
-FIPS approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
-
-
-Other algorithms: AES (Cert. #2197; non-compliant); MD5; Non-Approved RNG
-
-BitLocker® Windows Resume (WINRESUME)
-6.2.9200
-1898
-FIPS approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
-
-
-Other algorithms: MD5
-
-BitLocker® Dump Filter (DUMPFVE.SYS)
-6.2.9200
-1899
-FIPS approved algorithms: AES (Certs. #2196 and #2198)
-
-
-Other algorithms: N/A
-
-Code Integrity (CI.DLL)
-6.2.9200
-1897
-FIPS approved algorithms: RSA (Cert. #1132); SHS (Cert. #1903)
-
-
-Other algorithms: MD5
-
-Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL)
-6.2.9200
-1893
-FIPS approved algorithms: DSA (Cert. #686); SHS (Cert. #1902); Triple-DES (Cert. #1386); Triple-DES MAC (Triple-DES Cert. #1386, vendor affirmed)
-
-
-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
-
-
-Enhanced Cryptographic Provider (RSAENH.DLL)
-6.2.9200
-1894
-FIPS approved algorithms: AES (Cert. #2196); HMAC (Cert. #1346); RSA (Cert. #1132); SHS (Cert. #1902); Triple-DES (Cert. #1386)
-
-
-Other algorithms: AES (Cert. #2196, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
-
-
-
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Boot Manager (bootmgr)|[6.1.7600.16385 or 6.1.7601.17514](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1321.pdf)|[1321](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1321)|FIPS approved algorithms: AES (Certs. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168) and [#1177](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1177)); HMAC (Cert. [#675](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#675)); RSA (Cert. [#568](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#568)); SHS (Cert. [#1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081))
-
-Cryptographic Module
-Version (link to Security Policy)
-FIPS Certificate #
-Algorithms
-
-
-Boot Manager (bootmgr)
-6.1.7600.16385 or 6.1.7601.17514
-1321
-FIPS approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); RSA (Cert. #568); SHS (Cert. #1081)
-
-
-Other algorithms: MD5
-
-Winload OS Loader (winload.exe)
-6.1.7600.16385, 6.1.7600.16757, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21655 and 6.1.7601.21675
-1333
-FIPS approved algorithms: AES (Certs. #1168 and #1177); RSA (Cert. #568); SHS (Cert. #1081)
-
-
-Other algorithms: MD5
-
-Code Integrity (ci.dll)
-6.1.7600.16385, 6.1.7600.17122, 6.1.7600.21320, 6.1.7601.17514, 6.1.7601.17950 and 6.1.7601.22108
-1334
-FIPS approved algorithms: RSA (Cert. #568); SHS (Cert. #1081)
-
-
-Other algorithms: MD5
-
-Kernel Mode Cryptographic Primitives Library (cng.sys)
-6.1.7600.16385, 6.1.7600.16915, 6.1.7600.21092, 6.1.7601.17514, 6.1.7601.17919, 6.1.7601.17725, 6.1.7601.21861 and 6.1.7601.22076
-1335
-FIPS approved algorithms: AES (Certs. #1168 and #1177); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #27); ECDSA (Cert. #142); HMAC (Cert. #686); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 bits and 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081); Triple-DES (Cert. #846)
-
-
--Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4
-
-Cryptographic Primitives Library (bcryptprimitives.dll)
-66.1.7600.16385 or 6.1.7601.17514
-1336
-FIPS approved algorithms: AES (Certs. #1168 and #1177); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #27); DSA (Cert. #391); ECDSA (Cert. #142); HMAC (Cert. #686); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 bits and 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081); Triple-DES (Cert. #846)
-
-
-Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; HMAC MD5; MD2; MD4; MD5; RC2; RC4
-
-Enhanced Cryptographic Provider (RSAENH)
-6.1.7600.16385
-1337
-FIPS approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #687); SHS (Cert. #1081); RSA (Certs. #559 and #568); Triple-DES (Cert. #846)
-
-
-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
-
-Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)
-6.1.7600.16385
-1338
-FIPS approved algorithms: DSA (Cert. #390); RNG (Cert. #649); SHS (Cert. #1081); Triple-DES (Cert. #846); Triple-DES MAC (Triple-DES Cert. #846, vendor affirmed)
-
-
-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4
-
-
-BitLocker™ Drive Encryption
-6.1.7600.16385, 6.1.7600.16429, 6.1.7600.16757, 6.1.7600.20536, 6.1.7600.20873, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21634, 6.1.7601.21655 or 6.1.7601.21675
-1339
-FIPS approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); SHS (Cert. #1081)
-
-
-Other algorithms: Elephant Diffuser
-
-
-
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Boot Manager (bootmgr)|[6.0.6001.18000, 6.0.6002.18005 and 6.0.6002.22497](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1004.pdf)|[1004](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1004)|FIPS approved algorithms: AES (Certs. [#739](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#739) and [#760](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#760)); HMAC (Cert. [#415](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#415)); RSA (Cert. [#355](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#355)); SHS (Cert. [#753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753))
-
-Cryptographic Module
-Version (link to Security Policy)
-FIPS Certificate #
-Algorithms
-
-
-Boot Manager (bootmgr)
-6.0.6001.18000, 6.0.6002.18005 and 6.0.6002.22497
-1004
-FIPS approved algorithms: AES (Certs. #739 and #760); HMAC (Cert. #415); RSA (Cert. #355); SHS (Cert. #753)
-
-
-Other algorithms: N/A
-
-Winload OS Loader (winload.exe)
-6.0.6001.18000, 6.0.6001.18606, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411, 6.0.6002.22497 and 6.0.6002.22596
-1005
-FIPS approved algorithms: AES (Certs. #739 and #760); RSA (Cert. #355); SHS (Cert. #753)
-
-
-Other algorithms: MD5
-
-Code Integrity (ci.dll)
-6.0.6001.18000 and 6.0.6002.18005
-1006
-FIPS approved algorithms: RSA (Cert. #355); SHS (Cert. #753)
-
-
-Other algorithms: MD5
-
-Kernel Mode Security Support Provider Interface (ksecdd.sys)
-6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742 and 6.0.6002.22869
-1007
-FIPS approved algorithms: AES (Certs. #739 and #757); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90 AES-CTR, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656)
-
-
-Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#83); HMAC (Cert.); RNG (Cert. and SP800-90 AES-CTR, vendor affirmed); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.)
-
-Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
-
-Cryptographic Primitives Library (bcrypt.dll)
-6.0.6001.22202, 6.0.6002.18005 and 6.0.6002.22872
-1008
-FIPS approved algorithms: AES (Certs. #739 and #757); DSA (Cert. #284); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656)
-
-
-Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength)
-
-Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)
-6.0.6001.18000 and 6.0.6002.18005
-1009
-FIPS approved algorithms: DSA (Cert. #282); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed)
-
-
--Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4
-
-
-Enhanced Cryptographic Provider (RSAENH)
-6.0.6001.22202 and 6.0.6002.18005
-1010
-FIPS approved algorithms: AES (Cert. #739); HMAC (Cert. #408); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #355); SHS (Cert. #753); Triple-DES (Cert. #656)
-
-
-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
-
-
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)|[5.2.3790.3959](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp875.pdf)|[875](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/875)|FIPS approved algorithms: DSA (Cert. [#221](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#221)); RNG (Cert. [#314](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#314)); RSA (Cert. [#245](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#245)); SHS (Cert. [#611](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#611)); Triple-DES (Cert. [#543](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#543))
-
-Cryptographic Module
-Version (link to Security Policy)
-FIPS Certificate #
-Algorithms
-
-
-Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)
-5.2.3790.3959
-875
-
-
-Kernel Mode Cryptographic Module (FIPS.SYS)
-5.2.3790.3959
-869
-
-
-
-Enhanced Cryptographic Provider (RSAENH)
-5.2.3790.3959
-868
-
-
-
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Kernel Mode Cryptographic Module (FIPS.SYS)|[5.2.3790.1830 [SP1]](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp405.pdf)|[405](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/405)|FIPS approved algorithms: Triple-DES (Certs. [#201](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#201)[1] and [#370](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#370)[1]); SHS (Certs. [#177](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#177)[1] and [#371](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#371)[2])
-
-Cryptographic Module
-Version (link to Security Policy)
-FIPS Certificate #
-Algorithms
-
-
-Kernel Mode Cryptographic Module (FIPS.SYS)
-5.2.3790.1830 [SP1]
-405
-
-[2] SP1 x86, x64, IA64
-
-Enhanced Cryptographic Provider (RSAENH)
-5.2.3790.1830 [Service Pack 1])
-382
-
-[2] SP1 x86, x64, IA64
-
-
-Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)
-5.2.3790.1830 [Service Pack 1]
-381
-
-[2] SP1 x86, x64, IA64
-
-
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Kernel Mode Cryptographic Module (FIPS.SYS)|[5.2.3790.0](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp405.pdf)|[405](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/405)|FIPS approved algorithms: Triple-DES (Certs. [#201](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#201)[1] and [#370](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#370)[1]); SHS (Certs. [#177](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#177)[1] and [#371](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#371)[2])
-
-Cryptographic Module
-Version (link to Security Policy)
-FIPS Certificate #
-Algorithms
-
-
-Kernel Mode Cryptographic Module (FIPS.SYS)
-5.2.3790.0
-405
-
-[2] SP1 x86, x64, IA64
-
-Enhanced Cryptographic Provider (RSAENH)
-5.2.3790.0
-382
-
-[2] SP1 x86, x64, IA64
-
-
-Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)
-5.2.3790.0
-381
-
-[2] SP1 x86, x64, IA64
-
-
-
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Enhanced Cryptographic Provider|[7.00.2872 [1] and 8.00.6246 [2]](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2957.pdf)|[2957](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2957)|FIPS approved algorithms: AES (Certs.[#4433](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4433)and[#4434](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4434)); CKG (vendor affirmed); DRBG (Certs.[#1432](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1432)and[#1433](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1433)); HMAC (Certs.[#2946](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2946)and[#2945](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2945)); RSA (Certs.[#2414](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2414)and[#2415](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2415)); SHS (Certs.[#3651](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3651)and[#3652](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3652)); Triple-DES (Certs.[#2383](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2383)and[#2384](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2384))
-
-Cryptographic Module
-Version (link to Security Policy)
-FIPS Certificate #
-Algorithms
-
-
-Enhanced Cryptographic Provider
-7.00.2872 [1] and 8.00.6246 [2]
-2957
-
-
-
-Cryptographic Primitives Library (bcrypt.dll)
-7.00.2872 [1] and 8.00.6246 [2]
-2956
-
-
-
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Enhanced Cryptographic Provider|[6.00.1937 [1] and 7.00.1687 [2]](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp825.pdf)|[825](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/825)|FIPS approved algorithms: AES (Certs. [#516](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#516) [1] and [#2024](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2024) [2]); HMAC (Certs. [#267](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#267) [1] and [#1227](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1227) [2]); RNG (Certs. [#292](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#292) [1] and [#1060](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#1060) [2]); RSA (Cert. [#230](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#230) [1] and [#1052](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1052) [2]); SHS (Certs. [#589](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#589) [1] and #1774 [2]); Triple-DES (Certs. [#526](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#526) [1] and [#1308](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1308) [2])
-
-Cryptographic Module
-Version (link to Security Policy)
-FIPS Certificate #
-Algorithms
-
-
-
-Enhanced Cryptographic Provider
-6.00.1937 [1] and 7.00.1687 [2]
-825
-
-
-
-
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Outlook Cryptographic Provider (EXCHCSP)|[SR-1A (3821)](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp110.pdf)|[110](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/110)|FIPS approved algorithms: Triple-DES (Cert. [#18](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#18)); SHA-1 (Certs. [#32](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#32)); RSA (vendor affirmed)
-
-Cryptographic Module
-Version (link to Security Policy)
-FIPS Certificate #
-Algorithms
-
-
-
-Outlook Cryptographic Provider (EXCHCSP)
-SR-1A (3821)
-110
-
-
-
+|**Modes / States / Key Sizes**|**Algorithm Implementation and Certificate #**|
+|--- |--- |
+|
-
-Modes / States / Key Sizes
-Algorithm Implementation and Certificate #
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-(KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
-IV Generated: (Externally); PT Lengths Tested: (0, 1024, 8, 1016); Additional authenticated data lengths tested: (0, 1024, 8, 1016); IV Lengths Tested: (0, 0); 96 bit IV supported
-GMAC supported
-
-Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations #4063
-
-Version 10.0.14393
-
-
-
-
-
-
-
-
-
-Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” RSA32 Algorithm Implementations #3630
-
-Version 10.0.10586
-
-
-(KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
-IV Generated: (Externally); PT Lengths Tested: (0, 1024, 8, 1016); Additional authenticated data lengths tested: (0, 1024, 8, 1016); IV Lengths Tested: (0, 0); 96 bit IV supported
-GMAC supported
-
-
-
-
-
-
-
-
-(KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
-IV Generated: (Externally); PT Lengths Tested: (0, 1024, 8, 1016); Additional authenticated data lengths tested: (0, 1024, 8, 1016); IV Lengths Tested: (0, 0); 96 bit IV supported
-GMAC supportedMicrosoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #3497
-
-Version 10.0.10240
-
-Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations #3476
-
-Version 10.0.10240
-
-
-
-
-
-
-OtherIVLen_Supported
-GMAC supported
-
-
-AES validation number 2197
-AES validation number 2197
-(KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
-IV Generated: (Externally); PT Lengths Tested: (0, 128, 1024, 8, 1016); Additional authenticated data lengths tested: (0, 128, 1024, 8, 1016); IV Lengths Tested: (8, 1024); 96 bit IV supported
-GMAC supportedWindows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #2216
-
-
-Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 BitLocker® Cryptographic Implementations #2198
-
-
-Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #2197
-
-
-Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) #2196
-
-
-CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0 – 0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)
-
-AES validation number 1168
-
-CCM (KS: 128, 256) (Assoc. Data Len Range: 0 - 8) (Payload Length Range: 4 - 32 (Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16)
-
-AES validation number 1168Windows 7 Ultimate and SP1 and Windows Server 2008 R2 and SP1 BitLocker Algorithm Implementations #1177
-
-
-Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #1168
-
-
-Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #1168, vendor-affirmed
-
-
-CCM (KS: 128, 256) (Assoc. Data Len Range: 0 - 8) (Payload Length Range: 4 - 32 (Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16)
-Windows Vista Ultimate SP1 and Windows Server 2008 BitLocker Algorithm Implementations #760
-
-
-CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0 - 0, 2^16) (Payload Length Range: 1 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)
-
-
-
-
-
-
-Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #2023
-
-
-
-
-
-
+|**Modes / States / Key Sizes**|**Algorithm Implementation and Certificate #**|
+|--- |--- |
+|
-
-Modes / States / Key Sizes
-Algorithm Implementation and Certificate #
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-CTR_DRBG: [Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 4627)]
-
-
-CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES validation number 4624)]
-
-
-CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 4434)]
-
-
-CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 4433)]
-
-
-CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 4431)]
-
-
-CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 4430)]
-
-
-CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 4074)]
-
-
-CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES validation number 4064)]
-
-
-CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES validation number 3629)]
-
-
-CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES validation number 3497)]
-
-
-CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES validation number 2832)]
-
-
-CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES validation number 2197)]
-Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #258
-
-
-CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 2023)]
-Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #193
-
-
-CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 1168)]
-Windows 7 Ultimate and SP1 and Windows Server 2008 R2 and SP1 RNG Library #23
-
-
-
-DRBG (SP 800–90)
-Windows Vista Ultimate SP1, vendor-affirmed
-
-
+
+|**Modes / States / Key Sizes**|**Algorithm Implementation and Certificate #**|
+|--- |--- |
+|DSA:
-
-Modes / States / Key Sizes
-Algorithm Implementation and Certificate #
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-FIPS186-4:
-
-PQG(ver)PARMS TESTED: [(1024,160) SHA(1)]
-SIG(ver)PARMS TESTED: [(1024,160) SHA(1)]
-SHS: validation number 3649
-
-FIPS186-4:
-
-PQG(ver)PARMS TESTED: [(1024,160) SHA(1)]
-SIG(ver)PARMS TESTED: [(1024,160) SHA(1)]
-SHS: validation number 3648
-
-
-PQG(gen)PARMS TESTED: [
-(2048,256)SHA(256); (3072,256) SHA(256)]
-PQG(ver)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
-KeyPairGen: [(2048,256); (3072,256)]
-SIG(gen)PARMS TESTED: [(2048,256)
-SHA(256); (3072,256) SHA(256)]
-SIG(ver)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
-DRBG: validation number 1217
-
-
-PQG(gen)PARMS TESTED: [(2048,256)SHA(256); (3072,256) SHA(256)] PQG(ver)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
-KeyPairGen: [(2048,256); (3072,256)] SIG(gen)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
-SIG(ver)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
-DRBG: validation number 955
-
-
-PQG(gen)PARMS TESTED: [(2048,256)SHA(256); (3072,256) SHA(256)]
-PQG(ver)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
-KeyPairGen: [(2048,256); (3072,256)]
-SIG(gen)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)] SIG(ver)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
-DRBG: validation number 868
-
-
-PQG(gen)PARMS TESTED: [
-(2048,256)SHA(256); (3072,256) SHA(256)]
-PQG(ver)PARMS TESTED: [(2048,256)
-SHA(256); (3072,256) SHA(256)]
-KeyPairGen: [(2048,256); (3072,256)]
-SIG(gen)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
-SIG(ver)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
-DRBG: validation number 489
-
-
-PQG(ver) MOD(1024);
-SIG(ver) MOD(1024);
-SHS: #1903
-DRBG: #258
-PQG(gen)PARMS TESTED: [(2048,256)SHA(256); (3072,256) SHA(256)]
-PQG(ver)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
-SIG(gen)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
-SIG(ver)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
-SHS: #1903
-DRBG: #258
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 687.Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #687
-
-
-FIPS186-2:
-
-PQG(ver) MOD(1024);
-SIG(ver) MOD(1024);
-SHS: #1902
-DRBG: #258
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 686.Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 DSS and Diffie-Hellman Enhanced Cryptographic Provider (DSSENH) #686
-
-
-FIPS186-2:
-
-SIG(ver) MOD(1024);
-SHS: validation number 1773
-DRBG: validation number 193
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 645.Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #645
-
-
-FIPS186-2:
-
-SIG(ver) MOD(1024);
-SHS: validation number 1081
-DRBG: validation number 23
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 391. See Historical DSA List validation number 386.
-
-FIPS186-2:
-
-SIG(ver) MOD(1024);
-SHS: validation number 1081
-RNG: validation number 649
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 390. See Historical DSA List validation number 385.
-
-FIPS186-2:
-
-SIG(ver) MOD(1024);
-SHS: validation number 753
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 284. See Historical DSA List validation number 283.
-
-FIPS186-2:
-
-SIG(ver) MOD(1024);
-SHS: validation number 753
-RNG: validation number 435
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 282. See Historical DSA List validation number 281.
-
-FIPS186-2:
-
-SIG(ver) MOD(1024);
-SHS: validation number 618
-RNG: validation number 321
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 227. See Historical DSA List validation number 226.
-
-FIPS186-2:
-
-SIG(ver) MOD(1024);
-SHS: validation number 784
-RNG: validation number 448
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 292.Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #292
-
-
-FIPS186-2:
-
-SIG(ver) MOD(1024);
-SHS: validation number 783
-RNG: validation number 447
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 291.Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #291
-
-
-FIPS186-2:
-
-PQG(gen) MOD(1024);
-PQG(ver) MOD(1024);
-KEYGEN(Y) MOD(1024);
-SIG(gen) MOD(1024);
-SIG(ver) MOD(1024);
-SHS: validation number 611
-RNG: validation number 314Windows 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #221
-
-
-FIPS186-2:
-
-PQG(gen) MOD(1024);
-PQG(ver) MOD(1024);
-KEYGEN(Y) MOD(1024);
-SIG(gen) MOD(1024);
-SIG(ver) MOD(1024);
-SHS: validation number 385Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #146
-
-
-FIPS186-2:
-
-PQG(ver) MOD(1024);
-KEYGEN(Y) MOD(1024);
-SIG(gen) MOD(1024);
-SIG(ver) MOD(1024);
-SHS: validation number 181
-
-Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #95
-
-
-FIPS186-2:
-
-PQG(gen) MOD(1024);
-PQG(ver) MOD(1024);
-KEYGEN(Y) MOD(1024);
-SIG(gen) MOD(1024);
-SHS: SHA-1 (BYTE)
-SIG(ver) MOD(1024);
-SHS: SHA-1 (BYTE)
-
-
-
-FIPS186-2:
-SHS: SHA-1 (BYTE)
-SIG(ver) MOD(1024);
-SHS: SHA-1 (BYTE)Windows NT 4.0 SP4 Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider #17
-
**PQG(gen)** PARMS TESTED: [(2048,256)SHA(256); (3072,256) SHA(256)]
**KeyPairGen**: [(2048,256); (3072,256)]
PQG(ver)PARMS TESTED:** [(1024,160) SHA(1)]
PQG(ver)PARMS TESTED:** [(1024,160) SHA(1)]
PQG(gen)** PARMS TESTED: [(2048,256)SHA(256); (3072,256) SHA(256)]
KeyPairGen: [(2048,256); (3072,256)]
PQG(gen)** PARMS TESTED: [(2048,256)SHA(256); (3072,256) SHA(256)]
KeyPairGen: [(2048,256); (3072,256)] **SIG(gen)**PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
PQG(gen)** PARMS TESTED: [(2048,256)SHA(256); (3072,256) SHA(256)]
KeyPairGen: [(2048,256); (3072,256)]
PQG(gen)** PARMS TESTED: [(2048,256)SHA(256); (3072,256) SHA(256)]
KeyPairGen: [(2048,256); (3072,256)]
PQG(ver)** MOD(1024);
SIG(ver)** MOD(1024);
SIG(ver)** MOD(1024);
SIG(ver)** MOD(1024);
SIG(ver)** MOD(1024);
SIG(ver)** MOD(1024);
SIG(ver)** MOD(1024);
SIG(ver)** MOD(1024);
SIG(ver)** MOD(1024);
PQG(gen)** MOD(1024);
PQG(gen)** MOD(1024);
PQG(ver)** MOD(1024);
PQG(gen)** MOD(1024);
FIPS186-2:**
-
+|**Modes / States / Key Sizes**|**Algorithm Implementation and Certificate #**|
+|--- |--- |
+|
-
-Modes / States / Key Sizes
-Algorithm Implementation and Certificate #
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-FIPS186-4:
-
-PKG: CURVES(P-256 P-384 TestingCandidates)
-SHS: validation number 3790
-DRBG: validation number 1555
-
-FIPS186-4:
-
-PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)
-PKV: CURVES(P-256 P-384 P-521)
-SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
-SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
-SHS: validation number 3790
-DRBG: validation number 1555
-
-FIPS186-4:
-
-PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)
-PKV: CURVES(P-256 P-384 P-521)
-SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
-SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
-SHS: validation number 3790
-DRBG: validation number 1555
-
-FIPS186-4:
-
-PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)
-PKV: CURVES(P-256 P-384 P-521)
-SigGen: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) SIG(gen) with SHA-1 affirmed for use with protocols only.
-SigVer: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512))
-SHS:validation number 3649
-DRBG:validation number 1430
-
-FIPS186-4:
-
-PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)
-PKV: CURVES(P-256 P-384 P-521)
-SigGen: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) SIG(gen) with SHA-1 affirmed for use with protocols only.
-SigVer: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512))
-SHS:validation number 3648
-DRBG:validation number 1429
-
-
-PKG: CURVES(P-256 P-384 TestingCandidates)
-PKV: CURVES(P-256 P-384)
-SigGen: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384) SIG(gen) with SHA-1 affirmed for use with protocols only.
-SigVer: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384))
-DRBG: validation number 1222
-
-
-PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)
-PKV: CURVES(P-256 P-384 P-521)
-SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
-SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
-DRBG: validation number 1217
-
-
-PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)
-SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
-SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
-DRBG: validation number 955
-
-
-PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)
-SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
-SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
-DRBG: validation number 868
-
-
-PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)
-SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
-SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
-DRBG: validation number 489
-
-
-PKG: CURVES(P-256 P-384 P-521)
-SHS: #1903
-DRBG: #258
-SIG(ver): CURVES(P-256 P-384 P-521)
-SHS: #1903
-DRBG: #258
-PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)
-SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
-SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
-SHS: #1903
-DRBG: #258
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List validation number 341.Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #341
-
-
-
-PKG: CURVES(P-256 P-384 P-521)
-SHS: validation number 1773
-DRBG: validation number 193
-SIG(ver): CURVES(P-256 P-384 P-521)
-SHS: validation number 1773
-DRBG: validation number 193
-PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)
-SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
-SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
-SHS: validation number 1773
-DRBG: validation number 193
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List validation number 295.Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #295
-
-
-FIPS186-2:
-
-PKG: CURVES(P-256 P-384 P-521)
-SHS: validation number 1081
-DRBG: validation number 23
-SIG(ver): CURVES(P-256 P-384 P-521)
-SHS: validation number 1081
-DRBG: validation number 23
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List validation number 142. See Historical ECDSA List validation number 141.
-
-FIPS186-2:
-
-PKG: CURVES(P-256 P-384 P-521)
-SHS: validation number 753
-SIG(ver): CURVES(P-256 P-384 P-521)
-SHS: validation number 753
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List validation number 83. See Historical ECDSA List validation number 82.
-
-
-FIPS186-2:
-
-PKG: CURVES(P-256 P-384 P-521)
-SHS: validation number 618
-RNG: validation number 321
-SIG(ver): CURVES(P-256 P-384 P-521)
-SHS: validation number 618
-RNG: validation number 321
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List validation number 60.Windows Vista CNG algorithms #60
-
PKG: CURVES**(P-256 P-384 TestingCandidates)
PKG: CURVES**(P-256 P-384 P-521 ExtraRandomBits)
PKG: CURVES**(P-256 P-384 P-521 ExtraRandomBits)
PKG: CURVES**(P-256 P-384 P-521 ExtraRandomBits)
PKG: CURVES**(P-256 P-384 P-521 ExtraRandomBits)
PKG: CURVES**(P-256 P-384 TestingCandidates)v**PKV: CURVES**(P-256 P-384)
PKG: CURVES**(P-256 P-384 P-521 ExtraRandomBits)
PKG: CURVES**(P-256 P-384 P-521 ExtraRandomBits)
PKG: CURVES**(P-256 P-384 P-521 ExtraRandomBits)
PKG: CURVES**(P-256 P-384 P-521 ExtraRandomBits)
PKG: CURVES**(P-256 P-384 P-521)
PKG: CURVES**(P-256 P-384 P-521 ExtraRandomBits)
PKG: CURVES**(P-256 P-384 P-521)
PKG: CURVES**(P-256 P-384 P-521 ExtraRandomBits)
PKG: CURVES**(P-256 P-384 P-521)
PKG: CURVES**(P-256 P-384 P-521)
PKG: CURVES**(P-256 P-384 P-521)
-
+
+|**Modes / States /
-
-Modes / States / Key Sizes
-Algorithm Implementation and Certificate #
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-SHS validation number 3347
-SHS validation number 3347
-SHS validation number 3347
-
-
-
-
-SHS validation number 3047
-SHS validation number 3047
-SHS validation number 3047
-SHS validation number 3047
-
-
-SHSvalidation number 2886
-SHSvalidation number 2886
- SHSvalidation number 2886
-SHSvalidation number 2886
-
-
-SHS validation number 2373
-SHS validation number 2373
-SHS validation number 2373
-SHS validation number 2373
-
-
-
-Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 BitLocker® Cryptographic Implementations #1347
-
-
-Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Enhanced Cryptographic Provider (RSAENH) #1346
-
-
-Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #1345
-
-
-Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #1364
-
-
-Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1227
-
-
-
-
-Windows 7 and SP1 and Windows Server 2008 R2 and SP1 BitLocker Algorithm Implementations #675
-
-
-Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #452
-
-
-Windows Vista Ultimate SP1 and Windows Server 2008 BitLocker Algorithm Implementations #415
-
-
-
-
-Windows Vista Enhanced Cryptographic Provider (RSAENH) #297
-
-
-HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 785
-
-
-Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #428
-
-
-Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #289
-
-
-HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 610
-Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #287
-
-
-
-
-Windows Vista Ultimate BitLocker Drive Encryption #386
-
-
-Windows Vista CNG algorithms #298
-
-
-Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #267
-
-
-Windows CE and Windows Mobile 6.0 and Windows Mobil 6.5 Enhanced Cryptographic Provider (RSAENH) #260
-
-
-Windows Vista BitLocker Drive Encryption #199
-
-
-HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 364
-
-
-
-Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #31
-
SHS [validation number 3047](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3047)
SHS [validation number 3047](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3047)
SHS [validation number 3047](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3047)
SHS [validation number 3047](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3047)|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” SymCrypt Cryptographic Implementations [#2381](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2381)
SHS[validation number 2886](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2886)
SHS[validation number 2886](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2886)
[ SHSvalidation number 2886](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2886)
SHS[validation number 2886](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2886)|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations [#2233](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2233)
SHS [validation number 2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373)
SHS [validation number 2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373)
SHS [validation number 2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373)
SHS [validation number 2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373)|Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations [#1773](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1773)
**SHS**[#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903)
**SHS**[#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903)
**SHS**[#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903)
**SHS**[#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903)|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #[1345](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1345)|
+|
**Tinker HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 1773](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773)
-
+|**Modes / States / Key Sizes**|**Algorithm Implementation and Certificate #**|
+|--- |--- |
+|KAS ECC:
-
-Modes / States / Key Sizes
-Algorithm Implementation and Certificate #
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-DSA validation number 1135
-DRBG validation number 1556
-
-
-(FB: SHA256) (FC: SHA256)]
-[dhOneFlow (FB: SHA256) (FC: SHA256)] [dhStatic (No_KC < KARole(s): Initiator / Responder>) (FB: SHA256 HMAC) (FC: SHA256 HMAC)]
-SHS validation number 3790
-DSA validation number 1223
-DRBG validation number 1555
-[OnePassDH (No_KC < KARole(s): Initiator / Responder>) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))]
-[StaticUnified (No_KC < KARole(s): Initiator / Responder>) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))]
-
-SHS validation number 3790
-ECDSA validation number 1133
-DRBG validation number 1555
-
-
-(FB: SHA256) (FC: SHA256)]
-[dhOneFlow (KARole(s): Initiator / Responder) (FB: SHA256) (FC: SHA256)] [dhStatic (No_KC < KARole(s): Initiator / Responder>) (FB: SHA256 HMAC) (FC: SHA256 HMAC)]
-SHS validation number 3649
-DSA validation number 1188
-DRBG validation number 1430
-[OnePassDH (No_KC < KARole(s): Initiator / Responder>) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))]
-[StaticUnified (No_KC < KARole(s): Initiator / Responder>) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))]
-
-
-(FB: SHA256) (FC: SHA256)]
-[dhHybridOneFlow (No_KC < KARole(s): Initiator / Responder>) (FB:SHA256 HMAC) (FC: SHA256 HMAC)]
-[dhStatic (No_KC < KARole(s): Initiator / Responder>) (FB:SHA256 HMAC) (FC: SHA256 HMAC)]
-SHS validation number 3648
-DSA validation number 1187
-DRBG validation number 1429
-[OnePassDH (No_KC < KARole(s): Initiator / Responder>) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))]
-[StaticUnified (No_KC < KARole(s): Initiator / Responder>) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))]
-
-SHS validation number 3648
-ECDSA validation number 1072
-DRBG validation number 1429
-
-
-SCHEMES [FullUnified (No_KC < KARole(s): Initiator / Responder > < KDF: CONCAT >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC)]
-
-
-SCHEMES [dhEphem (KARole(s): Initiator / Responder)
-(FB: SHA256) (FC: SHA256)]
-[dhOneFlow (KARole(s): Initiator / Responder) (FB: SHA256) (FC: SHA256)] [dhStatic (No_KC < KARole(s): Initiator / Responder >) (FB: SHA256 HMAC) (FC: SHA256 HMAC)]
-[OnePassDH (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))]
-[StaticUnified (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))]
-
-
-(FB: SHA256) (FC: SHA256)]
-[dhOneFlow (KARole(s): Initiator / Responder) (FB: SHA256) (FC: SHA256)] [dhStatic (No_KC < KARole(s): Initiator / Responder >) (FB: SHA256 HMAC) (FC: SHA256 HMAC)]
-[OnePassDH (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))]
-[StaticUnified (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))]
-
-
-(FB: SHA256) (FC: SHA256)]
-[dhOneFlow (KARole(s): Initiator / Responder) (FB: SHA256) (FC: SHA256)] [dhStatic (No_KC < KARole(s): Initiator / Responder >) (FB: SHA256 HMAC) (FC: SHA256 HMAC)]
-[OnePassDH (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))]
-[StaticUnified (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))]
-
-
-(FB: SHA256) (FC: SHA256)]
-[dhOneFlow (KARole(s): Initiator / Responder) (FB: SHA256) (FC: SHA256)] [dhStatic (No_KC < KARole(s): Initiator / Responder >) (FB: SHA256 HMAC) (FC: SHA256 HMAC)]
-[OnePassDH (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))]
-[StaticUnified (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))]
-
-
-(FA: SHA256) (FB: SHA256) (FC: SHA256)]
-[dhOneFlow (KARole(s): Initiator / Responder) (FA: SHA256) (FB: SHA256) (FC: SHA256)]
-[dhStatic (No_KC < KARole(s): Initiator / Responder>) (FA: SHA256 HMAC) (FB: SHA256 HMAC) (FC: SHA256 HMAC)]
-SHS #1903 DSA validation number 687 DRBG #258
-[OnePassDH(No_KC < KARole(s): Initiator / Responder>) (EC: P-256 SHA256) (ED: P-384 SHA384) (EE: P-521 (SHA512, HMAC_SHA512)))]
-[StaticUnified (No_KC < KARole(s): Initiator / Responder>) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))]
-
-SHS #1903 ECDSA validation number 341 DRBG #258Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #36
-
-
-
-
Functions: Domain Parameter Generation, Domain Parameter Validation, Full Public Key Validation, Key Pair Generation, Public Key Regeneration
Prerequisite: SHS [#4011](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4011), ECDSA [#1253](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1253), DRBG [#1734](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1734)|Microsoft Surface Hub Virtual TPM Implementations [#150](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#150)
Functions: Domain Parameter Generation, Domain Parameter Validation, Full Public Key Validation, Key Pair Generation, Public Key Regeneration
Prerequisite: SHS [#4009](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009), ECDSA [#1252](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1252), DRBG [#1733](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1733)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations [#149](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#149)
Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation, Public Key Regeneration
Prerequisite: SHS [#4011](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4011), ECDSA [#1250](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1250), DRBG [#1732](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1732)
Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation
Prerequisite: SHS [#4011](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4011), DSA [#1303](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1303), DRBG [#1732](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1732)|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#148](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#148)
Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation, Public Key Regeneration
Prerequisite: SHS [#4010](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4010), ECDSA [#1249](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1249), DRBG [#1731](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1731)
Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation
Prerequisite: SHS [#4010](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4010), DSA [#1302](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1302), DRBG [#1731](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1731)|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#147](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#147)
Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation, Public Key Regeneration
Prerequisite: SHS [#4009](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009), ECDSA [#1246](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1246), DRBG [#1730](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1730)
Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation
Prerequisite: SHS [#4009](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009), DSA [#1301](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1301), DRBG [#1730](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1730)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations [#146](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#146)
-
-
+|**Modes / States / Key Sizes**|**Algorithm Implementation and Certificate #**|
+|--- |--- |
+|Counter:
-
-Modes / States / Key Sizes
-Algorithm Implementation and Certificate #
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-CTR_Mode: (Llength(Min0 Max0) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA384]) LocationCounter([BeforeFixedData]) rlength([32]))
-
-
-KAS validation number 128
-DRBG validation number 1556
-MAC validation number 3062
-
-CTR_Mode: (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))
-
-
-KAS validation number 127
-AES validation number 4624
-DRBG validation number 1555
-MAC validation number 3061
-
-
-
-
-
-
-
-
-
-
-
-
-Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #3
-
-
-
+|**Modes / States / Key Sizes**|**Algorithm Implementation and Certificate #**|
+|--- |--- |
+|**FIPS 186-2 General Purpose**
-
-Modes / States / Key Sizes
-Algorithm Implementation and Certificate #
-
-
-Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #1110
-
-
-FIPS 186-2
-
-[(x-Original); (SHA-1)]
-
-
-[(x-Change Notice); (SHA-1)]
-[(x-Change Notice); (SHA-1)]
-
-FIPS 186-2 General Purpose
-
-[(x-Change Notice); (SHA-1)]
-
-
-FIPS 186-2
-
-[(x-Change Notice); (SHA-1)]
**[(x-Original); (SHA-1)]**|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #[1110](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#1110)|
+|**FIPS 186-2
[(x-Original); (SHA-1)]**|Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) [#1060](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#1060)
[(x-Change Notice); (SHA-1)]**; **FIPS 186-2 General Purpose
[(x-Change Notice); (SHA-1)]**|Windows 7 and SP1 and Windows Server 2008 R2 and SP1 RNG Library [#649](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#649)
[(x-Change Notice); (SHA-1)]**|Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) [#470](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#470)
[(x-Change Notice); (SHA-1)]**|Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) [#448](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#448)
-
-
+|**Modes / States / Key Sizes**|**Algorithm Implementation and Certificate #**|
+|--- |--- |
+|RSA:
-
-Modes / States / Key Sizes
-Algorithm Implementation and Certificate #
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-FIPS186-4:
-
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384)) SIG(gen) with SHA-1 affirmed for use with protocols only.
- SIG(Ver) (1024 SHA(1, 256, 384)) (2048 SHA(1, 256, 384))
-[RSASSA-PSS]: Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) SIG(gen) with SHA-1 affirmed for use with protocols only.
- Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48)))
-SHA validation number 3790
-
-FIPS186-4:
-
-ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
-SHA validation number 3790
-
-FIPS186-4:
-
-186-4KEY(gen): FIPS186-4_Fixed_e (10001);
-PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) SIG(gen) with SHA-1 affirmed for use with protocols only.
- SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
-[RSASSA-PSS]: Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) SIG(gen) with SHA-1 affirmed for use with protocols only.
- Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
-SHA validation number 3790
-DRBG: validation number 1555
-
-FIPS186-4:
-
-186-4KEY(gen):
-PGM(ProbRandom: (2048, 3072) PPTT:(C.2)
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) SIG(gen) with SHA-1 affirmed for use with protocols only.
- SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
-[RSASSA-PSS]: Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) SIG(gen) with SHA-1 affirmed for use with protocols only.
- Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
-SHA validation number 3790
-
-
-ALG[ANSIX9.31]:
-SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 3652
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096, SHS: SHA-256validation number 3652, SHA-384validation number 3652, SHA-512validation number 3652
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 3652, SHA-256validation number 3652, SHA-384validation number 3652, SHA-512validation number 3652
-ALG[ANSIX9.31] Sig(Gen): (2048 SHA(1)) (3072 SHA(1))
-SIG(gen) with SHA-1 affirmed for use with protocols only. Sig(Ver): (1024 SHA(1)) (2048 SHA(1)) (3072 SHA(1))
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) SIG(gen) with SHA-1 affirmed for use with protocols only.
- SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
-SHA validation number 3652
-
-
-ALG[ANSIX9.31]:
-SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 3651
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096, SHS: SHA-256validation number 3651, SHA-384validation number 3651, SHA-512validation number 3651
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 3651, SHA-256validation number 3651, SHA-384validation number 3651, SHA-512validation number 3651
-ALG[ANSIX9.31] Sig(Gen): (2048 SHA(1)) (3072 SHA(1))
-SIG(gen) with SHA-1 affirmed for use with protocols only. Sig(Ver): (1024 SHA(1)) (2048 SHA(1)) (3072 SHA(1))
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) SIG(gen) with SHA-1 affirmed for use with protocols only.
- SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
-SHA validation number 3651
-
-
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096, SHS: SHA-256validation number 3649, SHA-384validation number 3649, SHA-512validation number 3649
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 3649, SHA-256validation number 3649, SHA-384validation number 3649, SHA-512validation number 3649
-186-4KEY(gen): FIPS186-4_Fixed_e (10001);
-PGM(ProbRandom: (2048, 3072) PPTT:(C.2)
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) SIG(gen) with SHA-1 affirmed for use with protocols only.
- SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
-SHA validation number 3649
-DRBG: validation number 1430
-
-
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096, SHS: SHA-256validation number 3648, SHA-384validation number 3648, SHA-512validation number 3648
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 3648, SHA-256validation number 3648, SHA-384validation number 3648, SHA-512validation number 3648
-186-4KEY(gen): FIPS186-4_Fixed_e (10001);
-PGM(ProbRandom: (2048, 3072) PPTT:(C.2)
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) SIG(gen) with SHA-1 affirmed for use with protocols only.
- SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
-SHA validation number 3648
-DRBG: validation number 1429
-
-
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384)) SIG(gen) with SHA-1 affirmed for use with protocols only.
-SIG(Ver) (1024 SHA(1, 256, 384)) (2048 SHA(1, 256, 384))
-[RSASSA-PSS]: Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) SIG(gen) with SHA-1 affirmed for use with protocols only.
-Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48)))
-
-
-186-4KEY(gen): FIPS186-4_Fixed_e (10001);
-PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)
-
-
-ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
-
-
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512))
-SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
-
-
-[RSASSA-PSS]: Sig(Gen): (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
-
-
-186-4KEY(gen): FIPS186-4_Fixed_e (10001);
-PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)
-
-
-ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
-
-
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512))
-SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
-
-
-[RSASSA-PSS]: Sig(Gen): (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
-Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
-
-
-186-4KEY(gen): FIPS186-4_Fixed_e (10001);
-PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)
-
-
-ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
-
-
-ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
-
-
-[RSASSA-PSS]: Sig(Gen): (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
-Sig(Ver): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
-
-
-186-4KEY(gen): FIPS186-4_Fixed_e;
-PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)
-
-
-ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
-
-
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512))
-SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
-
-
-[RSASSA-PSS]: Sig(Gen): (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
- Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
-
-
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(256, 384, 512-256)) (3072 SHA(256, 384, 512-256))
-SIG(Ver) (1024 SHA(1, 256, 384, 512-256)) (2048 SHA(1, 256, 384, 512-256)) (3072 SHA(1, 256, 384, 512-256))
-[RSASSA-PSS]: Sig(Gen): (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512))
-Sig(Ver): (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512, 512))
-SHA #1903Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #1134
-
-
-FIPS186-4:
-
-186-4KEY(gen): FIPS186-4_Fixed_e, FIPS186-4_Fixed_e_Value
-PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)
-SHA #1903 DRBG: #258Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 RSA Key Generation Implementation #1133
-
-
-FIPS186-2:
-
-ALG[ANSIX9.31]: Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 DRBG: #258
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256#1902, SHA-384#1902, SHA-512#1902,
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1#1902, SHA-256#1902, SHA-#1902, SHA-512#1902,
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 1132.Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Enhanced Cryptographic Provider (RSAENH) #1132
-
-
-FIPS186-2:
-
-ALG[ANSIX9.31]:
-SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 1774
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 1774, SHA-384validation number 1774, SHA-512validation number 1774,
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 1774, SHA-256validation number 1774, SHA-384validation number 1774, SHA-512validation number 1774,
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 1052.Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1052
-
-
-FIPS186-2:
-
-ALG[ANSIX9.31]: Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 DRBG: validation number 193
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 1773, SHA-384validation number 1773, SHA-512validation number 1773,
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 1773, SHA-256validation number 1773, SHA-384validation number 1773, SHA-512validation number 1773,
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 1051.Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1051
-
-
-FIPS186-2:
-
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 1081, SHA-384validation number 1081, SHA-512validation number 1081,
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 1081, SHA-256validation number 1081, SHA-384validation number 1081, SHA-512validation number 1081,
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 568.Windows Server 2008 R2 and SP1 Enhanced Cryptographic Provider (RSAENH) #568
-
-
-FIPS186-2:
-
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 1081, SHA-384validation number 1081, SHA-512validation number 1081,
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 1081, SHA-256validation number 1081, SHA-384validation number 1081, SHA-512validation number 1081,
-ALG[RSASSA-PSS]: SIG(gen); 2048, 3072, 4096, SHS: SHA-256validation number 1081, SHA-384validation number 1081, SHA-512validation number 1081
-SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 1081, SHA-256validation number 1081, SHA-384validation number 1081, SHA-512validation number 1081
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 567. See Historical RSA List validation number 560.
-
-FIPS186-2:
-
-ALG[ANSIX9.31]: Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 DRBG: validation number 23
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 559.Windows 7 and SP1 and Server 2008 R2 and SP1 RSA Key Generation Implementation #559
-
-
-FIPS186-2:
-
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 1081, SHA-384validation number 1081, SHA-512validation number 1081,
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 1081, SHA-256validation number 1081, SHA-384validation number 1081, SHA-512validation number 1081,
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 557.Windows 7 and SP1 Enhanced Cryptographic Provider (RSAENH) #557
-
-
-FIPS186-2:
-
-ALG[ANSIX9.31]:
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 816, SHA-384validation number 816, SHA-512validation number 816,
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 816, SHA-256validation number 816, SHA-384validation number 816, SHA-512validation number 816,
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 395.Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #395
-
-
-FIPS186-2:
-
-ALG[ANSIX9.31]:
-SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 783
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 783, SHA-384validation number 783, SHA-512validation number 783,
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 371.Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #371
-
-
-FIPS186-2:
-
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 753, SHA-384validation number 753, SHA-512validation number 753,
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 753, SHA-256validation number 753, SHA-384validation number 753, SHA-512validation number 753,
-ALG[RSASSA-PSS]: SIG(gen); 2048, 3072, 4096, SHS: SHA-256validation number 753, SHA-384validation number 753, SHA-512validation number 753
-SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 753, SHA-256validation number 753, SHA-384validation number 753, SHA-512validation number 753
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 358. See Historical RSA List validation number 357.
-
-FIPS186-2:
-
-ALG[ANSIX9.31]:
-SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 753
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 753, SHA-384validation number 753, SHA-512validation number 753,
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 753, SHA-256validation number 753, SHA-384validation number 753, SHA-512validation number 753,
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 355. See Historical RSA List validation number 354.
-
-FIPS186-2:
-
-ALG[ANSIX9.31]: Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 353.Windows Vista SP1 and Windows Server 2008 RSA Key Generation Implementation #353
-
-
-FIPS186-2:
-
-ALG[ANSIX9.31]: Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 RNG: validation number 321
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 258.Windows Vista RSA key generation implementation #258
-
-
-FIPS186-2:
-
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 618, SHA-384validation number 618, SHA-512validation number 618,
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 618, SHA-256validation number 618, SHA-384validation number 618, SHA-512validation number 618,
-ALG[RSASSA-PSS]: SIG(gen); 2048, 3072, 4096, SHS: SHA-256validation number 618, SHA-384validation number 618, SHA-512validation number 618
-SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 618, SHA-256validation number 618, SHA-384validation number 618, SHA-512validation number 618
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 257.Windows Vista CNG algorithms #257
-
-
-FIPS186-2:
-
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 618, SHA-384validation number 618, SHA-512validation number 618,
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 618, SHA-256validation number 618, SHA-384validation number 618, SHA-512validation number 618,
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 255.Windows Vista Enhanced Cryptographic Provider (RSAENH) #255
-
-
-FIPS186-2:
-
-ALG[ANSIX9.31]:
-SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 613
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 613, SHA-384validation number 613, SHA-512validation number 613,
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 613, SHA-256validation number 613, SHA-384validation number 613, SHA-512validation number 613,
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 245.Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #245
-
-
-FIPS186-2:
-
-ALG[ANSIX9.31]:
-SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 589
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 589, SHA-384validation number 589, SHA-512validation number 589,
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 589, SHA-256validation number 589, SHA-384validation number 589, SHA-512validation number 589,
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 230.Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #230
-
-
-FIPS186-2:
-
-ALG[ANSIX9.31]:
-SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 578
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 578, SHA-384validation number 578, SHA-512validation number 578,
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 578, SHA-256validation number 578, SHA-384validation number 578, SHA-512validation number 578,
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 222.Windows CE and Windows Mobile 6 and Windows Mobile 6.1 Enhanced Cryptographic Provider (RSAENH) #222
-
-
-FIPS186-2:
-
-ALG[RSASSA-PKCS1_V1_5]:
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 364
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 81.Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #81
-
-
-FIPS186-2:
-
-ALG[ANSIX9.31]:
-SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 305
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 305, SHA-384validation number 305, SHA-512validation number 305,
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 305, SHA-256validation number 305, SHA-384validation number 305, SHA-512validation number 305,
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 52.Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #52
-
-
-
-
ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(1, 256, 384)) **SIG(gen) with SHA-1 affirmed for use with protocols only.
ALG[RSASSA-PKCS1_V1_5]** SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))**SIG(gen) with SHA-1 affirmed for use with protocols only.
ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) **SIG(gen) with SHA-1 affirmed for use with protocols only.
ALG[ANSIX9.31]:** SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 3652](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3652)**
ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 4096, SHS:
ALG[ANSIX9.31]** Sig(Gen): (2048 SHA(1)) (3072 SHA(1))**SIG(gen) with SHA-1 affirmed for use with protocols only.**SIG(ver): (1024 SHA(1)) (2048 SHA(1)) (3072 SHA(1))**
ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) **SIG(gen) with SHA-1 affirmed for use with protocols only
ALG[ANSIX9.31]:** SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 3651](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3651)**
ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 4096, SHS:
ALG[ANSIX9.31]** Sig(Gen): (2048 SHA(1)) (3072 SHA(1))**SIG(gen) with SHA-1 affirmed for use with protocols only.** SIG(ver): (1024 SHA(1)) (2048 SHA(1)) (3072 SHA(1))**
ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) **SIG(gen) with SHA-1 affirmed for use with protocols only.
ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 4096, SHS:
**ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) **SIG(gen) with SHA-1 affirmed for use with protocols only.
ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 4096, SHS:
ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) **SIG(gen) with SHA-1 affirmed for use with protocols only.
ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(1, 256, 384)) SIG(gen) with SHA-1 affirmed for use with protocols only.SIG(Ver) (1024 SHA(1, 256, 384)) (2048 SHA(1, 256, 384))
ALG[RSASSA-PKCS1_V1_5]** SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512))
[RSASSA-PSS]: Sig(Gen):** (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))
ALG[RSASSA-PKCS1_V1_5]** SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512))
[RSASSA-PSS]: Sig(Gen)**: (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
ALG[RSASSA-PKCS1_V1_5]** SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
ALG[RSASSA-PKCS1_V1_5]** SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
[RSASSA-PSS]:** Sig(Gen): (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))), Sig(Ver): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
ALG[RSASSA-PKCS1_V1_5]** SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512)), SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
[RSASSA-PSS]:** Sig(Gen): (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))), Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(256, 384, 512-256)) (3072 SHA(256, 384, 512-256)), SIG(Ver) (1024 SHA(1, 256, 384, 512-256)) (2048 SHA(1, 256, 384, 512-256)) (3072 SHA(1, 256, 384, 512-256))
ALG[ANSIX9.31]:** Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 DRBG: [#258](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258)
**ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS:
**ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS:
ALG[ANSIX9.31]:** Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 DRBG: [validation number 193](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#193)
**ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS:
ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS:
ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS:
**ALG[RSASSA-PSS]:** SIG(gen); 2048, 3072, 4096, SHS:
ALG[ANSIX9.31]:** Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 DRBG: [validation number 23](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#23)
ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS:
ALG[ANSIX9.31]:
ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS:
ALG[ANSIX9.31]:** SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 783](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#783)**
ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS:
ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS:
**ALG[RSASSA-PSS]:** SIG(gen); 2048, 3072, 4096, SHS:
ALG[ANSIX9.31]:** SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753)
**ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS:
ALG[ANSIX9.31]:** Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537
ALG[ANSIX9.31]:** Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 RNG: [validation number 321](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#321)
ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS:
**ALG[RSASSA-PSS]:** SIG(gen); 2048, 3072, 4096, SHS:
ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS:
ALG[ANSIX9.31]:** SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 613](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#613)
**ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS:
ALG[ANSIX9.31]:** SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 589](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#589)
**ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS:
ALG[ANSIX9.31]:** SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 578](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#578)
**ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS:
ALG[RSASSA-PKCS1_V1_5]:**
ALG[ANSIX9.31]:** SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 305](http://csrc.nist.gov/groups/stm/cavp/documents/shs/shaval.htm#305)
**ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS:
-
+|Modes / States / Key Sizes|Algorithm Implementation and Certificate #|
+|--- |--- |
+|
-
-Modes / States / Key Sizes
-Algorithm Implementation and Certificate #
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-SHA-1 (BYTE-only)
-
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only)
-
-SHA-1 (BYTE-only)
-
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only)
-
-SHA-1 (BYTE-only)
-
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only)
-
-SHA-1 (BYTE-only)
-
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only)
-
-SHA-1 (BYTE-only)
-
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only)
-
-SHA-1 (BYTE-only)
-
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only)Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #3347
-
-Version 10.0.14393
-
-SHA-1 (BYTE-only)
-
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only)Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations #3346
-
-Version 10.0.14393
-
-SHA-1 (BYTE-only)
-
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only)Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub RSA32 Algorithm Implementations #3048
-
-Version 10.0.10586
-
-SHA-1 (BYTE-only)
-
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only)Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations #3047
-
-Version 10.0.10586
-
-SHA-1 (BYTE-only)
-
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only)Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #2886
-
-Version 10.0.10240
-
-SHA-1 (BYTE-only)
-
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only)Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations #2871
-
-Version 10.0.10240
-
-SHA-1 (BYTE-only)
-
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only)Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations #2396
-
-Version 6.3.9600
-
-SHA-1 (BYTE-only)
-
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only)Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #2373
-
-Version 6.3.9600
-
-
-
-SHA-1 (BYTE-only)
-
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only)
-
-SHA-1 (BYTE-only)
-
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only)
-
-SHA-1 (BYTE-only)
-
-
-SHA-1 (BYTE-only)
-
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only)Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #783
-
-
-SHA-1 (BYTE-only)
-
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only)
-
-SHA-1 (BYTE-only)
-
-SHA-256 (BYTE-only)
-
-SHA-1 (BYTE-only)
-
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only)
-
-SHA-1 (BYTE-only)
-
-
-SHA-1 (BYTE-only)
-
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only)
-
-
-SHA-1 (BYTE-only)
-
Supports Empty Message
Supports Empty Message
Supports Empty Message
Supports Empty Message|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#4011](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4011)
Supports Empty Message
Supports Empty Message
Supports Empty Message
Supports Empty Message|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#4010](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4010)
Supports Empty Message
Supports Empty Message
Supports Empty Message
Supports Empty Message|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations [#4009](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009)
-
+|**Modes / States / Key Sizes**|**Algorithm Implementation and Certificate #**|
+|--- |--- |
+|
-
-Modes / States / Key Sizes
-Algorithm Implementation and Certificate #
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-TECB(KO 1 e/d); TCBC(KO 1 e/d); TCFB8(KO 1 e/d); TCFB64(KO 1 e/d)
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #1387
-
-
-Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) #1386
-
-
-Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #846
-
-
-Windows Vista SP1 and Windows Server 2008 Symmetric Algorithm Implementation #656
-
-
-Windows Vista Symmetric Algorithm Implementation #549
-
-
-Triple DES MAC
-
-
-
-
-
-
+| Modes / States / Key Sizes | Algorithm Implementation and Certificate # |
+| --- | --- |
+| PBKDF (vendor affirmed) | Kernel Mode Cryptographic Primitives Library (cng.sys) Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 [#2937](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2937)
-
-
- Modes / States / Key Sizes
-
-
- Algorithm Implementation and Certificate #
-
-
-
-
- PBKDF (vendor affirmed)
-
-
-
(Software Version: 10.0.14393)
(Software Version: 10.0.14393)
(Software Version: 10.0.14393)
(Software Version: 10.0.14393)
-
-
- PBKDF (vendor affirmed)
-
-
-
(Software Version: 10.0.14393)
(Software Version: 10.0.14393)
Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 [#2936](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2936)
(Software Version: 10.0.14393)
Code Integrity (ci.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 [#2935](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2935)
(Software Version: 10.0.14393) |
+| PBKDF (vendor affirmed) | Kernel Mode Cryptographic Primitives Library (cng.sys) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 [#2936](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2936)
(Software Version: 10.0.14393)
Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG), vendor-affirmed |
#### Component Validation List
-
-
+
+|**Publication / Component Validated / Description**|**Implementation and Certificate #**|
+|--- |--- |
+|
-
-Publication / Component Validated / Description
-Implementation and Certificate #
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Version 10.0. 15063
-Version 10.0. 15063
-Version 10.0.14393
-Version 10.0.14393icrosoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #666
-Version 10.0.10586
-Version 6.3.9600
-
-
-Version 10.0.15063
-Version 10.0.15063
-Version 10.0.15063
-Version 10.0.14393
-Version 10.0.14393
-Version 10.0.10586
-Version 10.0.10240
-Version 6.3.9600
-
-
-Version 10.0.15063
-Version 10.0.15063
-Version 10.0.14393
-Version 10.0.14393
-Version 10.0.10586
-Version 10.0.10240
-
-
-
-Version 10.0.15063
-Version 7.00.2872
-Version 8.00.6246
-Version 10.0.14393
-Version 10.0.10586
-Version 10.0.10240
-Version 6.3.9600
Padding Algorithms: PKCS 1.5|Microsoft Surface Hub Virtual TPM Implementations [#1519](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1519)
Padding Algorithms: PKCS 1.5|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations [#1518](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1518)
Padding Algorithms: PKCS 1.5|Microsoft Surface Hub MsBignum Cryptographic Implementations [#1516](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1516)
Padding Algorithms: PKCS 1.5|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#1512](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1512)
Padding Algorithms: PKCS 1.5|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#1508](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1508)
Padding Algorithms: PKCS 1.5|Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations [#1504](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1504)
Padding Algorithms: PKCS 1.5|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations [#1501](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1501)
Padding Algorithms: PKCS 1.5|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations [#1497](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1497)